summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2010-05-25 19:01:36 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2010-05-25 19:01:36 +0000
commit1ac70afcc1f7d6d2738a34308810719b0976d29f (patch)
tree805f6ce2a15d1a717781d7cbceac8408a74b6b0c
parented7d79f96177044949744da10f4431c1d6242241 (diff)
downloadvyos-strongswan-1ac70afcc1f7d6d2738a34308810719b0976d29f.tar.gz
vyos-strongswan-1ac70afcc1f7d6d2738a34308810719b0976d29f.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.4.0)
-rw-r--r--Android.mk64
-rw-r--r--Android.mk.in64
-rw-r--r--Doxyfile.in3
-rw-r--r--Makefile.am9
-rw-r--r--Makefile.in26
-rw-r--r--NEWS49
-rwxr-xr-xconfigure818
-rw-r--r--configure.in155
-rw-r--r--m4/macros/enable-disable.m412
-rw-r--r--scripts/Makefile.am4
-rw-r--r--scripts/Makefile.in5
-rw-r--r--scripts/dh_speed.c29
-rw-r--r--src/Makefile.am8
-rw-r--r--src/Makefile.in36
-rw-r--r--src/_copyright/Makefile.in1
-rw-r--r--src/_updown/Makefile.in1
-rw-r--r--src/_updown_espmark/Makefile.in1
-rw-r--r--src/charon/Android.mk27
-rw-r--r--src/charon/Makefile.am281
-rw-r--r--src/charon/Makefile.in2158
-rw-r--r--src/charon/charon.c417
-rw-r--r--src/charon/kernel/kernel_interface.c430
-rw-r--r--src/charon/network/packet.c159
-rw-r--r--src/charon/plugins/attr/Makefile.am9
-rw-r--r--src/charon/plugins/eap_aka/Makefile.am14
-rw-r--r--src/charon/plugins/eap_aka_3gpp2/Makefile.am15
-rw-r--r--src/charon/plugins/eap_gtc/Makefile.am10
-rw-r--r--src/charon/plugins/eap_md5/Makefile.am10
-rw-r--r--src/charon/plugins/eap_radius/Makefile.am14
-rw-r--r--src/charon/plugins/eap_sim/Makefile.am14
-rw-r--r--src/charon/plugins/eap_sim_file/Makefile.am14
-rw-r--r--src/charon/plugins/eap_simaka_pseudonym/Makefile.am13
-rw-r--r--src/charon/plugins/eap_simaka_reauth/Makefile.am13
-rw-r--r--src/charon/plugins/kernel_klips/Makefile.am10
-rw-r--r--src/charon/plugins/load_tester/Makefile.am17
-rw-r--r--src/charon/plugins/medcli/Makefile.am12
-rw-r--r--src/charon/plugins/medsrv/Makefile.am11
-rw-r--r--src/charon/plugins/nm/Makefile.am14
-rw-r--r--src/charon/plugins/stroke/Makefile.am22
-rw-r--r--src/charon/plugins/stroke/stroke_attribute.c546
-rw-r--r--src/charon/plugins/uci/Makefile.am14
-rw-r--r--src/charon/plugins/unit_tester/Makefile.am24
-rw-r--r--src/checksum/Makefile.am17
-rw-r--r--src/checksum/Makefile.in30
-rw-r--r--src/checksum/checksum_builder.c29
-rw-r--r--src/dumm/Makefile.in1
-rw-r--r--src/dumm/bridge.c22
-rw-r--r--src/dumm/cowfs.c16
-rw-r--r--src/dumm/dumm.c11
-rw-r--r--src/dumm/guest.c20
-rw-r--r--src/dumm/iface.c14
-rw-r--r--src/dumm/mconsole.c22
-rw-r--r--src/include/Makefile.am2
-rw-r--r--src/include/Makefile.in3
-rw-r--r--src/include/linux/jhash.h143
-rw-r--r--src/include/linux/pfkeyv2.h1
-rw-r--r--src/ipsec/Makefile.in1
-rwxr-xr-xsrc/ipsec/ipsec.in31
-rw-r--r--src/libcharon/Android.mk174
-rw-r--r--src/libcharon/Makefile.am418
-rw-r--r--src/libcharon/Makefile.in1994
-rw-r--r--src/libcharon/bus/bus.c (renamed from src/charon/bus/bus.c)26
-rw-r--r--src/libcharon/bus/bus.h (renamed from src/charon/bus/bus.h)68
-rw-r--r--src/libcharon/bus/listeners/file_logger.c (renamed from src/charon/bus/listeners/file_logger.c)0
-rw-r--r--src/libcharon/bus/listeners/file_logger.h (renamed from src/charon/bus/listeners/file_logger.h)0
-rw-r--r--src/libcharon/bus/listeners/listener.h (renamed from src/charon/bus/listeners/listener.h)4
-rw-r--r--src/libcharon/bus/listeners/sys_logger.c (renamed from src/charon/bus/listeners/sys_logger.c)0
-rw-r--r--src/libcharon/bus/listeners/sys_logger.h (renamed from src/charon/bus/listeners/sys_logger.h)0
-rw-r--r--src/libcharon/config/auth_cfg.c (renamed from src/charon/config/auth_cfg.c)0
-rw-r--r--src/libcharon/config/auth_cfg.h (renamed from src/charon/config/auth_cfg.h)0
-rw-r--r--src/libcharon/config/backend.h (renamed from src/charon/config/backend.h)0
-rw-r--r--src/libcharon/config/backend_manager.c (renamed from src/charon/config/backend_manager.c)0
-rw-r--r--src/libcharon/config/backend_manager.h (renamed from src/charon/config/backend_manager.h)0
-rw-r--r--src/libcharon/config/child_cfg.c (renamed from src/charon/config/child_cfg.c)0
-rw-r--r--src/libcharon/config/child_cfg.h (renamed from src/charon/config/child_cfg.h)0
-rw-r--r--src/libcharon/config/ike_cfg.c (renamed from src/charon/config/ike_cfg.c)158
-rw-r--r--src/libcharon/config/ike_cfg.h (renamed from src/charon/config/ike_cfg.h)18
-rw-r--r--src/libcharon/config/peer_cfg.c (renamed from src/charon/config/peer_cfg.c)0
-rw-r--r--src/libcharon/config/peer_cfg.h (renamed from src/charon/config/peer_cfg.h)0
-rw-r--r--src/libcharon/config/proposal.c (renamed from src/charon/config/proposal.c)4
-rw-r--r--src/libcharon/config/proposal.h (renamed from src/charon/config/proposal.h)0
-rw-r--r--src/libcharon/control/controller.c (renamed from src/charon/control/controller.c)0
-rw-r--r--src/libcharon/control/controller.h (renamed from src/charon/control/controller.h)0
-rw-r--r--src/libcharon/credentials/credential_manager.c (renamed from src/charon/credentials/credential_manager.c)0
-rw-r--r--src/libcharon/credentials/credential_manager.h (renamed from src/charon/credentials/credential_manager.h)0
-rw-r--r--src/libcharon/credentials/credential_set.h (renamed from src/charon/credentials/credential_set.h)0
-rw-r--r--src/libcharon/credentials/sets/auth_cfg_wrapper.c (renamed from src/charon/credentials/sets/auth_cfg_wrapper.c)0
-rw-r--r--src/libcharon/credentials/sets/auth_cfg_wrapper.h (renamed from src/charon/credentials/sets/auth_cfg_wrapper.h)0
-rw-r--r--src/libcharon/credentials/sets/cert_cache.c (renamed from src/charon/credentials/sets/cert_cache.c)0
-rw-r--r--src/libcharon/credentials/sets/cert_cache.h (renamed from src/charon/credentials/sets/cert_cache.h)0
-rw-r--r--src/libcharon/credentials/sets/ocsp_response_wrapper.c (renamed from src/charon/credentials/sets/ocsp_response_wrapper.c)0
-rw-r--r--src/libcharon/credentials/sets/ocsp_response_wrapper.h (renamed from src/charon/credentials/sets/ocsp_response_wrapper.h)0
-rw-r--r--src/libcharon/daemon.c (renamed from src/charon/daemon.c)486
-rw-r--r--src/libcharon/daemon.h (renamed from src/charon/daemon.h)81
-rw-r--r--src/libcharon/encoding/generator.c (renamed from src/charon/encoding/generator.c)0
-rw-r--r--src/libcharon/encoding/generator.h (renamed from src/charon/encoding/generator.h)0
-rw-r--r--src/libcharon/encoding/message.c (renamed from src/charon/encoding/message.c)7
-rw-r--r--src/libcharon/encoding/message.h (renamed from src/charon/encoding/message.h)0
-rw-r--r--src/libcharon/encoding/parser.c (renamed from src/charon/encoding/parser.c)0
-rw-r--r--src/libcharon/encoding/parser.h (renamed from src/charon/encoding/parser.h)0
-rw-r--r--src/libcharon/encoding/payloads/auth_payload.c (renamed from src/charon/encoding/payloads/auth_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/auth_payload.h (renamed from src/charon/encoding/payloads/auth_payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/cert_payload.c (renamed from src/charon/encoding/payloads/cert_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/cert_payload.h (renamed from src/charon/encoding/payloads/cert_payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/certreq_payload.c (renamed from src/charon/encoding/payloads/certreq_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/certreq_payload.h (renamed from src/charon/encoding/payloads/certreq_payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/configuration_attribute.c (renamed from src/charon/encoding/payloads/configuration_attribute.c)0
-rw-r--r--src/libcharon/encoding/payloads/configuration_attribute.h (renamed from src/charon/encoding/payloads/configuration_attribute.h)0
-rw-r--r--src/libcharon/encoding/payloads/cp_payload.c (renamed from src/charon/encoding/payloads/cp_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/cp_payload.h (renamed from src/charon/encoding/payloads/cp_payload.h)4
-rw-r--r--src/libcharon/encoding/payloads/delete_payload.c (renamed from src/charon/encoding/payloads/delete_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/delete_payload.h (renamed from src/charon/encoding/payloads/delete_payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/eap_payload.c (renamed from src/charon/encoding/payloads/eap_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/eap_payload.h (renamed from src/charon/encoding/payloads/eap_payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/encodings.c (renamed from src/charon/encoding/payloads/encodings.c)0
-rw-r--r--src/libcharon/encoding/payloads/encodings.h (renamed from src/charon/encoding/payloads/encodings.h)0
-rw-r--r--src/libcharon/encoding/payloads/encryption_payload.c (renamed from src/charon/encoding/payloads/encryption_payload.c)24
-rw-r--r--src/libcharon/encoding/payloads/encryption_payload.h (renamed from src/charon/encoding/payloads/encryption_payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/endpoint_notify.c (renamed from src/charon/encoding/payloads/endpoint_notify.c)0
-rw-r--r--src/libcharon/encoding/payloads/endpoint_notify.h (renamed from src/charon/encoding/payloads/endpoint_notify.h)0
-rw-r--r--src/libcharon/encoding/payloads/id_payload.c (renamed from src/charon/encoding/payloads/id_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/id_payload.h (renamed from src/charon/encoding/payloads/id_payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/ike_header.c (renamed from src/charon/encoding/payloads/ike_header.c)0
-rw-r--r--src/libcharon/encoding/payloads/ike_header.h (renamed from src/charon/encoding/payloads/ike_header.h)0
-rw-r--r--src/libcharon/encoding/payloads/ke_payload.c (renamed from src/charon/encoding/payloads/ke_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/ke_payload.h (renamed from src/charon/encoding/payloads/ke_payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/nonce_payload.c (renamed from src/charon/encoding/payloads/nonce_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/nonce_payload.h (renamed from src/charon/encoding/payloads/nonce_payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/notify_payload.c (renamed from src/charon/encoding/payloads/notify_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/notify_payload.h (renamed from src/charon/encoding/payloads/notify_payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/payload.c (renamed from src/charon/encoding/payloads/payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/payload.h (renamed from src/charon/encoding/payloads/payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/proposal_substructure.c (renamed from src/charon/encoding/payloads/proposal_substructure.c)0
-rw-r--r--src/libcharon/encoding/payloads/proposal_substructure.h (renamed from src/charon/encoding/payloads/proposal_substructure.h)0
-rw-r--r--src/libcharon/encoding/payloads/sa_payload.c (renamed from src/charon/encoding/payloads/sa_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/sa_payload.h (renamed from src/charon/encoding/payloads/sa_payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/traffic_selector_substructure.c (renamed from src/charon/encoding/payloads/traffic_selector_substructure.c)0
-rw-r--r--src/libcharon/encoding/payloads/traffic_selector_substructure.h (renamed from src/charon/encoding/payloads/traffic_selector_substructure.h)0
-rw-r--r--src/libcharon/encoding/payloads/transform_attribute.c (renamed from src/charon/encoding/payloads/transform_attribute.c)0
-rw-r--r--src/libcharon/encoding/payloads/transform_attribute.h (renamed from src/charon/encoding/payloads/transform_attribute.h)0
-rw-r--r--src/libcharon/encoding/payloads/transform_substructure.c (renamed from src/charon/encoding/payloads/transform_substructure.c)0
-rw-r--r--src/libcharon/encoding/payloads/transform_substructure.h (renamed from src/charon/encoding/payloads/transform_substructure.h)0
-rw-r--r--src/libcharon/encoding/payloads/ts_payload.c (renamed from src/charon/encoding/payloads/ts_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/ts_payload.h (renamed from src/charon/encoding/payloads/ts_payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/unknown_payload.c (renamed from src/charon/encoding/payloads/unknown_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/unknown_payload.h (renamed from src/charon/encoding/payloads/unknown_payload.h)0
-rw-r--r--src/libcharon/encoding/payloads/vendor_id_payload.c (renamed from src/charon/encoding/payloads/vendor_id_payload.c)0
-rw-r--r--src/libcharon/encoding/payloads/vendor_id_payload.h (renamed from src/charon/encoding/payloads/vendor_id_payload.h)0
-rw-r--r--src/libcharon/kernel/kernel_interface.c386
-rw-r--r--src/libcharon/kernel/kernel_interface.h (renamed from src/charon/kernel/kernel_interface.h)9
-rw-r--r--src/libcharon/kernel/kernel_ipsec.c (renamed from src/charon/kernel/kernel_ipsec.c)0
-rw-r--r--src/libcharon/kernel/kernel_ipsec.h (renamed from src/charon/kernel/kernel_ipsec.h)9
-rw-r--r--src/libcharon/kernel/kernel_net.h (renamed from src/charon/kernel/kernel_net.h)0
-rw-r--r--src/libcharon/network/packet.c138
-rw-r--r--src/libcharon/network/packet.h (renamed from src/charon/network/packet.h)0
-rw-r--r--src/libcharon/network/receiver.c (renamed from src/charon/network/receiver.c)53
-rw-r--r--src/libcharon/network/receiver.h (renamed from src/charon/network/receiver.h)0
-rw-r--r--src/libcharon/network/sender.c (renamed from src/charon/network/sender.c)52
-rw-r--r--src/libcharon/network/sender.h (renamed from src/charon/network/sender.h)0
-rw-r--r--src/libcharon/network/socket.h (renamed from src/charon/network/socket.h)42
-rw-r--r--src/libcharon/network/socket_manager.c129
-rw-r--r--src/libcharon/network/socket_manager.h74
-rw-r--r--src/libcharon/plugins/android/Makefile.am18
-rw-r--r--src/libcharon/plugins/android/Makefile.in590
-rw-r--r--src/libcharon/plugins/android/android_handler.c225
-rw-r--r--src/libcharon/plugins/android/android_handler.h50
-rw-r--r--src/libcharon/plugins/android/android_plugin.c66
-rw-r--r--src/libcharon/plugins/android/android_plugin.h42
-rw-r--r--src/libcharon/plugins/dhcp/Makefile.am18
-rw-r--r--src/libcharon/plugins/dhcp/Makefile.in590
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_plugin.c81
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_plugin.h42
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_provider.c194
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_provider.h54
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_socket.c758
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_socket.h60
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_transaction.c184
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_transaction.h109
-rw-r--r--src/libcharon/plugins/eap_aka/Makefile.am19
-rw-r--r--src/libcharon/plugins/eap_aka/Makefile.in (renamed from src/charon/plugins/eap_aka/Makefile.in)72
-rw-r--r--src/libcharon/plugins/eap_aka/eap_aka_peer.c (renamed from src/charon/plugins/eap_aka/eap_aka_peer.c)0
-rw-r--r--src/libcharon/plugins/eap_aka/eap_aka_peer.h (renamed from src/charon/plugins/eap_aka/eap_aka_peer.h)0
-rw-r--r--src/libcharon/plugins/eap_aka/eap_aka_plugin.c (renamed from src/charon/plugins/eap_aka/eap_aka_plugin.c)2
-rw-r--r--src/libcharon/plugins/eap_aka/eap_aka_plugin.h (renamed from src/charon/plugins/eap_aka/eap_aka_plugin.h)5
-rw-r--r--src/libcharon/plugins/eap_aka/eap_aka_server.c (renamed from src/charon/plugins/eap_aka/eap_aka_server.c)0
-rw-r--r--src/libcharon/plugins/eap_aka/eap_aka_server.h (renamed from src/charon/plugins/eap_aka/eap_aka_server.h)0
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/Makefile.am20
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/Makefile.in (renamed from src/charon/plugins/eap_aka_3gpp2/Makefile.in)67
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c (renamed from src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c)0
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h (renamed from src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h)0
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c (renamed from src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c)0
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h (renamed from src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h)0
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c (renamed from src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c)2
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h (renamed from src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h)5
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c (renamed from src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c)0
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h (renamed from src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h)0
-rw-r--r--src/libcharon/plugins/eap_gtc/Makefile.am16
-rw-r--r--src/libcharon/plugins/eap_gtc/Makefile.in (renamed from src/charon/plugins/eap_gtc/Makefile.in)63
-rw-r--r--src/libcharon/plugins/eap_gtc/eap_gtc.c (renamed from src/charon/plugins/eap_gtc/eap_gtc.c)0
-rw-r--r--src/libcharon/plugins/eap_gtc/eap_gtc.h (renamed from src/charon/plugins/eap_gtc/eap_gtc.h)0
-rw-r--r--src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c (renamed from src/charon/plugins/eap_gtc/eap_gtc_plugin.c)2
-rw-r--r--src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h (renamed from src/charon/plugins/eap_gtc/eap_gtc_plugin.h)5
-rw-r--r--src/libcharon/plugins/eap_identity/Makefile.am (renamed from src/charon/plugins/eap_identity/Makefile.am)12
-rw-r--r--src/libcharon/plugins/eap_identity/Makefile.in (renamed from src/charon/plugins/eap_identity/Makefile.in)61
-rw-r--r--src/libcharon/plugins/eap_identity/eap_identity.c (renamed from src/charon/plugins/eap_identity/eap_identity.c)0
-rw-r--r--src/libcharon/plugins/eap_identity/eap_identity.h (renamed from src/charon/plugins/eap_identity/eap_identity.h)0
-rw-r--r--src/libcharon/plugins/eap_identity/eap_identity_plugin.c (renamed from src/charon/plugins/eap_identity/eap_identity_plugin.c)2
-rw-r--r--src/libcharon/plugins/eap_identity/eap_identity_plugin.h (renamed from src/charon/plugins/eap_identity/eap_identity_plugin.h)5
-rw-r--r--src/libcharon/plugins/eap_md5/Makefile.am16
-rw-r--r--src/libcharon/plugins/eap_md5/Makefile.in (renamed from src/charon/plugins/eap_md5/Makefile.in)63
-rw-r--r--src/libcharon/plugins/eap_md5/eap_md5.c (renamed from src/charon/plugins/eap_md5/eap_md5.c)0
-rw-r--r--src/libcharon/plugins/eap_md5/eap_md5.h (renamed from src/charon/plugins/eap_md5/eap_md5.h)0
-rw-r--r--src/libcharon/plugins/eap_md5/eap_md5_plugin.c (renamed from src/charon/plugins/eap_md5/eap_md5_plugin.c)2
-rw-r--r--src/libcharon/plugins/eap_md5/eap_md5_plugin.h (renamed from src/charon/plugins/eap_md5/eap_md5_plugin.h)5
-rw-r--r--src/libcharon/plugins/eap_mschapv2/Makefile.am (renamed from src/charon/plugins/eap_mschapv2/Makefile.am)9
-rw-r--r--src/libcharon/plugins/eap_mschapv2/Makefile.in (renamed from src/charon/plugins/eap_mschapv2/Makefile.in)59
-rw-r--r--src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c (renamed from src/charon/plugins/eap_mschapv2/eap_mschapv2.c)97
-rw-r--r--src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h (renamed from src/charon/plugins/eap_mschapv2/eap_mschapv2.h)0
-rw-r--r--src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c (renamed from src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c)2
-rw-r--r--src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h (renamed from src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h)5
-rw-r--r--src/libcharon/plugins/eap_radius/Makefile.am19
-rw-r--r--src/libcharon/plugins/eap_radius/Makefile.in (renamed from src/charon/plugins/eap_radius/Makefile.in)67
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius.c (renamed from src/charon/plugins/eap_radius/eap_radius.c)0
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius.h (renamed from src/charon/plugins/eap_radius/eap_radius.h)0
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_plugin.c (renamed from src/charon/plugins/eap_radius/eap_radius_plugin.c)2
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_plugin.h (renamed from src/charon/plugins/eap_radius/eap_radius_plugin.h)5
-rw-r--r--src/libcharon/plugins/eap_radius/radius_client.c (renamed from src/charon/plugins/eap_radius/radius_client.c)0
-rw-r--r--src/libcharon/plugins/eap_radius/radius_client.h (renamed from src/charon/plugins/eap_radius/radius_client.h)0
-rw-r--r--src/libcharon/plugins/eap_radius/radius_message.c (renamed from src/charon/plugins/eap_radius/radius_message.c)0
-rw-r--r--src/libcharon/plugins/eap_radius/radius_message.h (renamed from src/charon/plugins/eap_radius/radius_message.h)0
-rw-r--r--src/libcharon/plugins/eap_sim/Makefile.am19
-rw-r--r--src/libcharon/plugins/eap_sim/Makefile.in (renamed from src/charon/plugins/eap_sim/Makefile.in)72
-rw-r--r--src/libcharon/plugins/eap_sim/eap_sim_peer.c (renamed from src/charon/plugins/eap_sim/eap_sim_peer.c)0
-rw-r--r--src/libcharon/plugins/eap_sim/eap_sim_peer.h (renamed from src/charon/plugins/eap_sim/eap_sim_peer.h)0
-rw-r--r--src/libcharon/plugins/eap_sim/eap_sim_plugin.c (renamed from src/charon/plugins/eap_sim/eap_sim_plugin.c)2
-rw-r--r--src/libcharon/plugins/eap_sim/eap_sim_plugin.h (renamed from src/charon/plugins/eap_sim/eap_sim_plugin.h)5
-rw-r--r--src/libcharon/plugins/eap_sim/eap_sim_server.c (renamed from src/charon/plugins/eap_sim/eap_sim_server.c)0
-rw-r--r--src/libcharon/plugins/eap_sim/eap_sim_server.h (renamed from src/charon/plugins/eap_sim/eap_sim_server.h)0
-rw-r--r--src/libcharon/plugins/eap_sim_file/Makefile.am19
-rw-r--r--src/libcharon/plugins/eap_sim_file/Makefile.in (renamed from src/charon/plugins/eap_sim_file/Makefile.in)67
-rw-r--r--src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c (renamed from src/charon/plugins/eap_sim_file/eap_sim_file_card.c)0
-rw-r--r--src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h (renamed from src/charon/plugins/eap_sim_file/eap_sim_file_card.h)0
-rw-r--r--src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c (renamed from src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c)4
-rw-r--r--src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h (renamed from src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h)5
-rw-r--r--src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c (renamed from src/charon/plugins/eap_sim_file/eap_sim_file_provider.c)0
-rw-r--r--src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h (renamed from src/charon/plugins/eap_sim_file/eap_sim_file_provider.h)0
-rw-r--r--src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c (renamed from src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c)0
-rw-r--r--src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h (renamed from src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h)0
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am18
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in (renamed from src/charon/plugins/eap_simaka_pseudonym/Makefile.in)65
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c (renamed from src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c)0
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h (renamed from src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h)0
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c (renamed from src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c)2
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h (renamed from src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h)5
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c (renamed from src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c)0
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h (renamed from src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h)0
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/Makefile.am18
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/Makefile.in (renamed from src/charon/plugins/eap_simaka_reauth/Makefile.in)65
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c (renamed from src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c)0
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h (renamed from src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h)0
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c (renamed from src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c)2
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h (renamed from src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h)5
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c (renamed from src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c)0
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h (renamed from src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h)0
-rw-r--r--src/libcharon/plugins/farp/Makefile.am16
-rw-r--r--src/libcharon/plugins/farp/Makefile.in587
-rw-r--r--src/libcharon/plugins/farp/farp_listener.c154
-rw-r--r--src/libcharon/plugins/farp/farp_listener.h58
-rw-r--r--src/libcharon/plugins/farp/farp_plugin.c77
-rw-r--r--src/libcharon/plugins/farp/farp_plugin.h42
-rw-r--r--src/libcharon/plugins/farp/farp_spoofer.c198
-rw-r--r--src/libcharon/plugins/farp/farp_spoofer.h47
-rw-r--r--src/libcharon/plugins/ha/Makefile.am25
-rw-r--r--src/libcharon/plugins/ha/Makefile.in604
-rw-r--r--src/libcharon/plugins/ha/ha_child.c170
-rw-r--r--src/libcharon/plugins/ha/ha_child.h57
-rw-r--r--src/libcharon/plugins/ha/ha_ctl.c132
-rw-r--r--src/libcharon/plugins/ha/ha_ctl.h47
-rw-r--r--src/libcharon/plugins/ha/ha_dispatcher.c737
-rw-r--r--src/libcharon/plugins/ha/ha_dispatcher.h50
-rw-r--r--src/libcharon/plugins/ha/ha_ike.c280
-rw-r--r--src/libcharon/plugins/ha/ha_ike.h57
-rw-r--r--src/libcharon/plugins/ha/ha_kernel.c229
-rw-r--r--src/libcharon/plugins/ha/ha_kernel.h70
-rw-r--r--src/libcharon/plugins/ha/ha_message.c663
-rw-r--r--src/libcharon/plugins/ha/ha_message.h205
-rw-r--r--src/libcharon/plugins/ha/ha_plugin.c163
-rw-r--r--src/libcharon/plugins/ha/ha_plugin.h47
-rw-r--r--src/libcharon/plugins/ha/ha_segments.c503
-rw-r--r--src/libcharon/plugins/ha/ha_segments.h111
-rw-r--r--src/libcharon/plugins/ha/ha_socket.c234
-rw-r--r--src/libcharon/plugins/ha/ha_socket.h60
-rw-r--r--src/libcharon/plugins/ha/ha_tunnel.c298
-rw-r--r--src/libcharon/plugins/ha/ha_tunnel.h57
-rw-r--r--src/libcharon/plugins/kernel_klips/Makefile.am17
-rw-r--r--src/libcharon/plugins/kernel_klips/Makefile.in (renamed from src/charon/plugins/kernel_klips/Makefile.in)62
-rw-r--r--src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c (renamed from src/charon/plugins/kernel_klips/kernel_klips_ipsec.c)194
-rw-r--r--src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.h (renamed from src/charon/plugins/kernel_klips/kernel_klips_ipsec.h)0
-rw-r--r--src/libcharon/plugins/kernel_klips/kernel_klips_plugin.c (renamed from src/charon/plugins/kernel_klips/kernel_klips_plugin.c)2
-rw-r--r--src/libcharon/plugins/kernel_klips/kernel_klips_plugin.h (renamed from src/charon/plugins/kernel_klips/kernel_klips_plugin.h)5
-rw-r--r--src/libcharon/plugins/kernel_klips/pfkeyv2.h (renamed from src/charon/plugins/kernel_klips/pfkeyv2.h)0
-rw-r--r--src/libcharon/plugins/kernel_netlink/Makefile.am (renamed from src/charon/plugins/kernel_netlink/Makefile.am)11
-rw-r--r--src/libcharon/plugins/kernel_netlink/Makefile.in (renamed from src/charon/plugins/kernel_netlink/Makefile.in)62
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c (renamed from src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c)283
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h (renamed from src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h)0
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c (renamed from src/charon/plugins/kernel_netlink/kernel_netlink_net.c)98
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h (renamed from src/charon/plugins/kernel_netlink/kernel_netlink_net.h)0
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c (renamed from src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c)2
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h (renamed from src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h)5
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c (renamed from src/charon/plugins/kernel_netlink/kernel_netlink_shared.c)18
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h (renamed from src/charon/plugins/kernel_netlink/kernel_netlink_shared.h)0
-rw-r--r--src/libcharon/plugins/kernel_pfkey/Makefile.am (renamed from src/charon/plugins/kernel_pfkey/Makefile.am)11
-rw-r--r--src/libcharon/plugins/kernel_pfkey/Makefile.in (renamed from src/charon/plugins/kernel_pfkey/Makefile.in)62
-rw-r--r--src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c (renamed from src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c)286
-rw-r--r--src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h (renamed from src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h)0
-rw-r--r--src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c (renamed from src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c)2
-rw-r--r--src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h (renamed from src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h)5
-rw-r--r--src/libcharon/plugins/kernel_pfroute/Makefile.am (renamed from src/charon/plugins/kernel_pfroute/Makefile.am)11
-rw-r--r--src/libcharon/plugins/kernel_pfroute/Makefile.in (renamed from src/charon/plugins/kernel_pfroute/Makefile.in)62
-rw-r--r--src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c (renamed from src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c)33
-rw-r--r--src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h (renamed from src/charon/plugins/kernel_pfroute/kernel_pfroute_net.h)0
-rw-r--r--src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c (renamed from src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c)2
-rw-r--r--src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h (renamed from src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.h)5
-rw-r--r--src/libcharon/plugins/load_tester/Makefile.am21
-rw-r--r--src/libcharon/plugins/load_tester/Makefile.in (renamed from src/charon/plugins/load_tester/Makefile.in)71
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_config.c (renamed from src/charon/plugins/load_tester/load_tester_config.c)19
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_config.h (renamed from src/charon/plugins/load_tester/load_tester_config.h)0
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_creds.c (renamed from src/charon/plugins/load_tester/load_tester_creds.c)0
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_creds.h (renamed from src/charon/plugins/load_tester/load_tester_creds.h)0
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c (renamed from src/charon/plugins/load_tester/load_tester_diffie_hellman.c)0
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h (renamed from src/charon/plugins/load_tester/load_tester_diffie_hellman.h)0
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_ipsec.c (renamed from src/charon/plugins/load_tester/load_tester_ipsec.c)0
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_ipsec.h (renamed from src/charon/plugins/load_tester/load_tester_ipsec.h)0
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_listener.c (renamed from src/charon/plugins/load_tester/load_tester_listener.c)0
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_listener.h (renamed from src/charon/plugins/load_tester/load_tester_listener.h)0
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_plugin.c (renamed from src/charon/plugins/load_tester/load_tester_plugin.c)2
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_plugin.h (renamed from src/charon/plugins/load_tester/load_tester_plugin.h)5
-rw-r--r--src/libcharon/plugins/medcli/Makefile.am19
-rw-r--r--src/libcharon/plugins/medcli/Makefile.in (renamed from src/charon/plugins/medcli/Makefile.in)68
-rw-r--r--src/libcharon/plugins/medcli/medcli_config.c (renamed from src/charon/plugins/medcli/medcli_config.c)6
-rw-r--r--src/libcharon/plugins/medcli/medcli_config.h (renamed from src/charon/plugins/medcli/medcli_config.h)0
-rw-r--r--src/libcharon/plugins/medcli/medcli_creds.c (renamed from src/charon/plugins/medcli/medcli_creds.c)0
-rw-r--r--src/libcharon/plugins/medcli/medcli_creds.h (renamed from src/charon/plugins/medcli/medcli_creds.h)0
-rw-r--r--src/libcharon/plugins/medcli/medcli_listener.c (renamed from src/charon/plugins/medcli/medcli_listener.c)0
-rw-r--r--src/libcharon/plugins/medcli/medcli_listener.h (renamed from src/charon/plugins/medcli/medcli_listener.h)0
-rw-r--r--src/libcharon/plugins/medcli/medcli_plugin.c (renamed from src/charon/plugins/medcli/medcli_plugin.c)2
-rw-r--r--src/libcharon/plugins/medcli/medcli_plugin.h (renamed from src/charon/plugins/medcli/medcli_plugin.h)5
-rw-r--r--src/libcharon/plugins/medsrv/Makefile.am18
-rw-r--r--src/libcharon/plugins/medsrv/Makefile.in (renamed from src/charon/plugins/medsrv/Makefile.in)66
-rw-r--r--src/libcharon/plugins/medsrv/medsrv_config.c (renamed from src/charon/plugins/medsrv/medsrv_config.c)3
-rw-r--r--src/libcharon/plugins/medsrv/medsrv_config.h (renamed from src/charon/plugins/medsrv/medsrv_config.h)0
-rw-r--r--src/libcharon/plugins/medsrv/medsrv_creds.c (renamed from src/charon/plugins/medsrv/medsrv_creds.c)0
-rw-r--r--src/libcharon/plugins/medsrv/medsrv_creds.h (renamed from src/charon/plugins/medsrv/medsrv_creds.h)0
-rw-r--r--src/libcharon/plugins/medsrv/medsrv_plugin.c (renamed from src/charon/plugins/medsrv/medsrv_plugin.c)2
-rw-r--r--src/libcharon/plugins/medsrv/medsrv_plugin.h (renamed from src/charon/plugins/medsrv/medsrv_plugin.h)5
-rw-r--r--src/libcharon/plugins/nm/Makefile.am21
-rw-r--r--src/libcharon/plugins/nm/Makefile.in (renamed from src/charon/plugins/nm/Makefile.in)66
-rw-r--r--src/libcharon/plugins/nm/nm_creds.c (renamed from src/charon/plugins/nm/nm_creds.c)0
-rw-r--r--src/libcharon/plugins/nm/nm_creds.h (renamed from src/charon/plugins/nm/nm_creds.h)0
-rw-r--r--src/libcharon/plugins/nm/nm_handler.c (renamed from src/charon/plugins/nm/nm_handler.c)0
-rw-r--r--src/libcharon/plugins/nm/nm_handler.h (renamed from src/charon/plugins/nm/nm_handler.h)0
-rw-r--r--src/libcharon/plugins/nm/nm_plugin.c (renamed from src/charon/plugins/nm/nm_plugin.c)7
-rw-r--r--src/libcharon/plugins/nm/nm_plugin.h (renamed from src/charon/plugins/nm/nm_plugin.h)5
-rw-r--r--src/libcharon/plugins/nm/nm_service.c (renamed from src/charon/plugins/nm/nm_service.c)3
-rw-r--r--src/libcharon/plugins/nm/nm_service.h (renamed from src/charon/plugins/nm/nm_service.h)0
-rw-r--r--src/libcharon/plugins/resolve/Makefile.am (renamed from src/charon/plugins/resolve/Makefile.am)17
-rw-r--r--src/libcharon/plugins/resolve/Makefile.in (renamed from src/charon/plugins/resolve/Makefile.in)65
-rw-r--r--src/libcharon/plugins/resolve/resolve_handler.c (renamed from src/charon/plugins/resolve/resolve_handler.c)0
-rw-r--r--src/libcharon/plugins/resolve/resolve_handler.h (renamed from src/charon/plugins/resolve/resolve_handler.h)0
-rw-r--r--src/libcharon/plugins/resolve/resolve_plugin.c (renamed from src/charon/plugins/resolve/resolve_plugin.c)8
-rw-r--r--src/libcharon/plugins/resolve/resolve_plugin.h (renamed from src/charon/plugins/resolve/resolve_plugin.h)5
-rw-r--r--src/libcharon/plugins/smp/Makefile.am (renamed from src/charon/plugins/smp/Makefile.am)15
-rw-r--r--src/libcharon/plugins/smp/Makefile.in (renamed from src/charon/plugins/smp/Makefile.in)62
-rw-r--r--src/libcharon/plugins/smp/smp.c (renamed from src/charon/plugins/smp/smp.c)2
-rw-r--r--src/libcharon/plugins/smp/smp.h (renamed from src/charon/plugins/smp/smp.h)5
-rw-r--r--src/libcharon/plugins/socket_default/Makefile.am17
-rw-r--r--src/libcharon/plugins/socket_default/Makefile.in590
-rw-r--r--src/libcharon/plugins/socket_default/socket_default_plugin.c69
-rw-r--r--src/libcharon/plugins/socket_default/socket_default_plugin.h42
-rw-r--r--src/libcharon/plugins/socket_default/socket_default_socket.c (renamed from src/charon/network/socket.c)130
-rw-r--r--src/libcharon/plugins/socket_default/socket_default_socket.h49
-rw-r--r--src/libcharon/plugins/socket_dynamic/Makefile.am17
-rw-r--r--src/libcharon/plugins/socket_dynamic/Makefile.in590
-rw-r--r--src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c69
-rw-r--r--src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.h42
-rw-r--r--src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c620
-rw-r--r--src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.h49
-rw-r--r--src/libcharon/plugins/socket_raw/Makefile.am17
-rw-r--r--src/libcharon/plugins/socket_raw/Makefile.in590
-rw-r--r--src/libcharon/plugins/socket_raw/socket_raw_plugin.c69
-rw-r--r--src/libcharon/plugins/socket_raw/socket_raw_plugin.h42
-rw-r--r--src/libcharon/plugins/socket_raw/socket_raw_socket.c (renamed from src/charon/network/socket-raw.c)218
-rw-r--r--src/libcharon/plugins/socket_raw/socket_raw_socket.h55
-rw-r--r--src/libcharon/plugins/sql/Makefile.am (renamed from src/charon/plugins/sql/Makefile.am)14
-rw-r--r--src/libcharon/plugins/sql/Makefile.in (renamed from src/charon/plugins/sql/Makefile.in)62
-rw-r--r--src/libcharon/plugins/sql/sql_config.c (renamed from src/charon/plugins/sql/sql_config.c)3
-rw-r--r--src/libcharon/plugins/sql/sql_config.h (renamed from src/charon/plugins/sql/sql_config.h)0
-rw-r--r--src/libcharon/plugins/sql/sql_cred.c (renamed from src/charon/plugins/sql/sql_cred.c)0
-rw-r--r--src/libcharon/plugins/sql/sql_cred.h (renamed from src/charon/plugins/sql/sql_cred.h)0
-rw-r--r--src/libcharon/plugins/sql/sql_logger.c (renamed from src/charon/plugins/sql/sql_logger.c)0
-rw-r--r--src/libcharon/plugins/sql/sql_logger.h (renamed from src/charon/plugins/sql/sql_logger.h)0
-rw-r--r--src/libcharon/plugins/sql/sql_plugin.c (renamed from src/charon/plugins/sql/sql_plugin.c)2
-rw-r--r--src/libcharon/plugins/sql/sql_plugin.h (renamed from src/charon/plugins/sql/sql_plugin.h)5
-rw-r--r--src/libcharon/plugins/stroke/Makefile.am27
-rw-r--r--src/libcharon/plugins/stroke/Makefile.in (renamed from src/charon/plugins/stroke/Makefile.in)78
-rw-r--r--src/libcharon/plugins/stroke/stroke_attribute.c226
-rw-r--r--src/libcharon/plugins/stroke/stroke_attribute.h (renamed from src/charon/plugins/stroke/stroke_attribute.h)8
-rw-r--r--src/libcharon/plugins/stroke/stroke_ca.c (renamed from src/charon/plugins/stroke/stroke_ca.c)0
-rw-r--r--src/libcharon/plugins/stroke/stroke_ca.h (renamed from src/charon/plugins/stroke/stroke_ca.h)0
-rw-r--r--src/libcharon/plugins/stroke/stroke_config.c (renamed from src/charon/plugins/stroke/stroke_config.c)10
-rw-r--r--src/libcharon/plugins/stroke/stroke_config.h (renamed from src/charon/plugins/stroke/stroke_config.h)0
-rw-r--r--src/libcharon/plugins/stroke/stroke_control.c (renamed from src/charon/plugins/stroke/stroke_control.c)0
-rw-r--r--src/libcharon/plugins/stroke/stroke_control.h (renamed from src/charon/plugins/stroke/stroke_control.h)0
-rw-r--r--src/libcharon/plugins/stroke/stroke_cred.c (renamed from src/charon/plugins/stroke/stroke_cred.c)1
-rw-r--r--src/libcharon/plugins/stroke/stroke_cred.h (renamed from src/charon/plugins/stroke/stroke_cred.h)0
-rw-r--r--src/libcharon/plugins/stroke/stroke_list.c (renamed from src/charon/plugins/stroke/stroke_list.c)0
-rw-r--r--src/libcharon/plugins/stroke/stroke_list.h (renamed from src/charon/plugins/stroke/stroke_list.h)0
-rw-r--r--src/libcharon/plugins/stroke/stroke_plugin.c (renamed from src/charon/plugins/stroke/stroke_plugin.c)2
-rw-r--r--src/libcharon/plugins/stroke/stroke_plugin.h (renamed from src/charon/plugins/stroke/stroke_plugin.h)5
-rw-r--r--src/libcharon/plugins/stroke/stroke_shared_key.c (renamed from src/charon/plugins/stroke/stroke_shared_key.c)0
-rw-r--r--src/libcharon/plugins/stroke/stroke_shared_key.h (renamed from src/charon/plugins/stroke/stroke_shared_key.h)0
-rw-r--r--src/libcharon/plugins/stroke/stroke_socket.c (renamed from src/charon/plugins/stroke/stroke_socket.c)5
-rw-r--r--src/libcharon/plugins/stroke/stroke_socket.h (renamed from src/charon/plugins/stroke/stroke_socket.h)0
-rw-r--r--src/libcharon/plugins/uci/Makefile.am19
-rw-r--r--src/libcharon/plugins/uci/Makefile.in (renamed from src/charon/plugins/uci/Makefile.in)64
-rw-r--r--src/libcharon/plugins/uci/uci_config.c (renamed from src/charon/plugins/uci/uci_config.c)6
-rw-r--r--src/libcharon/plugins/uci/uci_config.h (renamed from src/charon/plugins/uci/uci_config.h)0
-rw-r--r--src/libcharon/plugins/uci/uci_control.c (renamed from src/charon/plugins/uci/uci_control.c)0
-rw-r--r--src/libcharon/plugins/uci/uci_control.h (renamed from src/charon/plugins/uci/uci_control.h)0
-rw-r--r--src/libcharon/plugins/uci/uci_creds.c (renamed from src/charon/plugins/uci/uci_creds.c)0
-rw-r--r--src/libcharon/plugins/uci/uci_creds.h (renamed from src/charon/plugins/uci/uci_creds.h)0
-rw-r--r--src/libcharon/plugins/uci/uci_parser.c (renamed from src/charon/plugins/uci/uci_parser.c)0
-rw-r--r--src/libcharon/plugins/uci/uci_parser.h (renamed from src/charon/plugins/uci/uci_parser.h)0
-rw-r--r--src/libcharon/plugins/uci/uci_plugin.c (renamed from src/charon/plugins/uci/uci_plugin.c)2
-rw-r--r--src/libcharon/plugins/uci/uci_plugin.h (renamed from src/charon/plugins/uci/uci_plugin.h)5
-rw-r--r--src/libcharon/plugins/unit_tester/Makefile.am29
-rw-r--r--src/libcharon/plugins/unit_tester/Makefile.in (renamed from src/charon/plugins/unit_tester/Makefile.in)88
-rw-r--r--src/libcharon/plugins/unit_tester/tests.h (renamed from src/charon/plugins/unit_tester/tests.h)0
-rw-r--r--src/libcharon/plugins/unit_tester/tests/test_agent.c (renamed from src/charon/plugins/unit_tester/tests/test_agent.c)0
-rw-r--r--src/libcharon/plugins/unit_tester/tests/test_auth_info.c (renamed from src/charon/plugins/unit_tester/tests/test_auth_info.c)0
-rw-r--r--src/libcharon/plugins/unit_tester/tests/test_cert.c (renamed from src/charon/plugins/unit_tester/tests/test_cert.c)0
-rw-r--r--src/libcharon/plugins/unit_tester/tests/test_chunk.c (renamed from src/charon/plugins/unit_tester/tests/test_chunk.c)0
-rw-r--r--src/libcharon/plugins/unit_tester/tests/test_curl.c (renamed from src/charon/plugins/unit_tester/tests/test_curl.c)0
-rw-r--r--src/libcharon/plugins/unit_tester/tests/test_enumerator.c (renamed from src/charon/plugins/unit_tester/tests/test_enumerator.c)0
-rw-r--r--src/libcharon/plugins/unit_tester/tests/test_id.c (renamed from src/charon/plugins/unit_tester/tests/test_id.c)0
-rw-r--r--src/libcharon/plugins/unit_tester/tests/test_med_db.c (renamed from src/charon/plugins/unit_tester/tests/test_med_db.c)0
-rw-r--r--src/libcharon/plugins/unit_tester/tests/test_mutex.c (renamed from src/charon/plugins/unit_tester/tests/test_mutex.c)0
-rw-r--r--src/libcharon/plugins/unit_tester/tests/test_mysql.c (renamed from src/charon/plugins/unit_tester/tests/test_mysql.c)0
-rw-r--r--src/libcharon/plugins/unit_tester/tests/test_pool.c (renamed from src/charon/plugins/unit_tester/tests/test_pool.c)20
-rw-r--r--src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c (renamed from src/charon/plugins/unit_tester/tests/test_rsa_gen.c)0
-rw-r--r--src/libcharon/plugins/unit_tester/tests/test_sqlite.c (renamed from src/charon/plugins/unit_tester/tests/test_sqlite.c)0
-rw-r--r--src/libcharon/plugins/unit_tester/unit_tester.c (renamed from src/charon/plugins/unit_tester/unit_tester.c)2
-rw-r--r--src/libcharon/plugins/unit_tester/unit_tester.h (renamed from src/charon/plugins/unit_tester/unit_tester.h)5
-rw-r--r--src/libcharon/plugins/updown/Makefile.am (renamed from src/charon/plugins/updown/Makefile.am)15
-rw-r--r--src/libcharon/plugins/updown/Makefile.in (renamed from src/charon/plugins/updown/Makefile.in)63
-rw-r--r--src/libcharon/plugins/updown/updown_listener.c (renamed from src/charon/plugins/updown/updown_listener.c)0
-rw-r--r--src/libcharon/plugins/updown/updown_listener.h (renamed from src/charon/plugins/updown/updown_listener.h)0
-rw-r--r--src/libcharon/plugins/updown/updown_plugin.c (renamed from src/charon/plugins/updown/updown_plugin.c)2
-rw-r--r--src/libcharon/plugins/updown/updown_plugin.h (renamed from src/charon/plugins/updown/updown_plugin.h)5
-rw-r--r--src/libcharon/processing/jobs/acquire_job.c (renamed from src/charon/processing/jobs/acquire_job.c)0
-rw-r--r--src/libcharon/processing/jobs/acquire_job.h (renamed from src/charon/processing/jobs/acquire_job.h)0
-rw-r--r--src/libcharon/processing/jobs/callback_job.c (renamed from src/charon/processing/jobs/callback_job.c)10
-rw-r--r--src/libcharon/processing/jobs/callback_job.h (renamed from src/charon/processing/jobs/callback_job.h)0
-rw-r--r--src/libcharon/processing/jobs/delete_child_sa_job.c (renamed from src/charon/processing/jobs/delete_child_sa_job.c)0
-rw-r--r--src/libcharon/processing/jobs/delete_child_sa_job.h (renamed from src/charon/processing/jobs/delete_child_sa_job.h)0
-rw-r--r--src/libcharon/processing/jobs/delete_ike_sa_job.c (renamed from src/charon/processing/jobs/delete_ike_sa_job.c)0
-rw-r--r--src/libcharon/processing/jobs/delete_ike_sa_job.h (renamed from src/charon/processing/jobs/delete_ike_sa_job.h)0
-rw-r--r--src/libcharon/processing/jobs/inactivity_job.c (renamed from src/charon/processing/jobs/inactivity_job.c)0
-rw-r--r--src/libcharon/processing/jobs/inactivity_job.h (renamed from src/charon/processing/jobs/inactivity_job.h)0
-rw-r--r--src/libcharon/processing/jobs/initiate_mediation_job.c (renamed from src/charon/processing/jobs/initiate_mediation_job.c)0
-rw-r--r--src/libcharon/processing/jobs/initiate_mediation_job.h (renamed from src/charon/processing/jobs/initiate_mediation_job.h)0
-rw-r--r--src/libcharon/processing/jobs/job.h (renamed from src/charon/processing/jobs/job.h)0
-rw-r--r--src/libcharon/processing/jobs/mediation_job.c (renamed from src/charon/processing/jobs/mediation_job.c)0
-rw-r--r--src/libcharon/processing/jobs/mediation_job.h (renamed from src/charon/processing/jobs/mediation_job.h)0
-rw-r--r--src/libcharon/processing/jobs/migrate_job.c (renamed from src/charon/processing/jobs/migrate_job.c)0
-rw-r--r--src/libcharon/processing/jobs/migrate_job.h (renamed from src/charon/processing/jobs/migrate_job.h)0
-rw-r--r--src/libcharon/processing/jobs/process_message_job.c (renamed from src/charon/processing/jobs/process_message_job.c)0
-rw-r--r--src/libcharon/processing/jobs/process_message_job.h (renamed from src/charon/processing/jobs/process_message_job.h)0
-rw-r--r--src/libcharon/processing/jobs/rekey_child_sa_job.c (renamed from src/charon/processing/jobs/rekey_child_sa_job.c)0
-rw-r--r--src/libcharon/processing/jobs/rekey_child_sa_job.h (renamed from src/charon/processing/jobs/rekey_child_sa_job.h)0
-rw-r--r--src/libcharon/processing/jobs/rekey_ike_sa_job.c (renamed from src/charon/processing/jobs/rekey_ike_sa_job.c)0
-rw-r--r--src/libcharon/processing/jobs/rekey_ike_sa_job.h (renamed from src/charon/processing/jobs/rekey_ike_sa_job.h)0
-rw-r--r--src/libcharon/processing/jobs/retransmit_job.c (renamed from src/charon/processing/jobs/retransmit_job.c)0
-rw-r--r--src/libcharon/processing/jobs/retransmit_job.h (renamed from src/charon/processing/jobs/retransmit_job.h)0
-rw-r--r--src/libcharon/processing/jobs/roam_job.c (renamed from src/charon/processing/jobs/roam_job.c)0
-rw-r--r--src/libcharon/processing/jobs/roam_job.h (renamed from src/charon/processing/jobs/roam_job.h)0
-rw-r--r--src/libcharon/processing/jobs/send_dpd_job.c (renamed from src/charon/processing/jobs/send_dpd_job.c)0
-rw-r--r--src/libcharon/processing/jobs/send_dpd_job.h (renamed from src/charon/processing/jobs/send_dpd_job.h)0
-rw-r--r--src/libcharon/processing/jobs/send_keepalive_job.c (renamed from src/charon/processing/jobs/send_keepalive_job.c)0
-rw-r--r--src/libcharon/processing/jobs/send_keepalive_job.h (renamed from src/charon/processing/jobs/send_keepalive_job.h)0
-rw-r--r--src/libcharon/processing/jobs/update_sa_job.c (renamed from src/charon/processing/jobs/update_sa_job.c)0
-rw-r--r--src/libcharon/processing/jobs/update_sa_job.h (renamed from src/charon/processing/jobs/update_sa_job.h)0
-rw-r--r--src/libcharon/processing/processor.c (renamed from src/charon/processing/processor.c)0
-rw-r--r--src/libcharon/processing/processor.h (renamed from src/charon/processing/processor.h)0
-rw-r--r--src/libcharon/processing/scheduler.c (renamed from src/charon/processing/scheduler.c)0
-rw-r--r--src/libcharon/processing/scheduler.h (renamed from src/charon/processing/scheduler.h)0
-rw-r--r--src/libcharon/sa/authenticators/authenticator.c (renamed from src/charon/sa/authenticators/authenticator.c)0
-rw-r--r--src/libcharon/sa/authenticators/authenticator.h (renamed from src/charon/sa/authenticators/authenticator.h)0
-rw-r--r--src/libcharon/sa/authenticators/eap/eap_manager.c (renamed from src/charon/sa/authenticators/eap/eap_manager.c)0
-rw-r--r--src/libcharon/sa/authenticators/eap/eap_manager.h (renamed from src/charon/sa/authenticators/eap/eap_manager.h)0
-rw-r--r--src/libcharon/sa/authenticators/eap/eap_method.c (renamed from src/charon/sa/authenticators/eap/eap_method.c)0
-rw-r--r--src/libcharon/sa/authenticators/eap/eap_method.h (renamed from src/charon/sa/authenticators/eap/eap_method.h)0
-rw-r--r--src/libcharon/sa/authenticators/eap/sim_manager.c (renamed from src/charon/sa/authenticators/eap/sim_manager.c)17
-rw-r--r--src/libcharon/sa/authenticators/eap/sim_manager.h (renamed from src/charon/sa/authenticators/eap/sim_manager.h)37
-rw-r--r--src/libcharon/sa/authenticators/eap_authenticator.c (renamed from src/charon/sa/authenticators/eap_authenticator.c)2
-rw-r--r--src/libcharon/sa/authenticators/eap_authenticator.h (renamed from src/charon/sa/authenticators/eap_authenticator.h)0
-rw-r--r--src/libcharon/sa/authenticators/psk_authenticator.c (renamed from src/charon/sa/authenticators/psk_authenticator.c)0
-rw-r--r--src/libcharon/sa/authenticators/psk_authenticator.h (renamed from src/charon/sa/authenticators/psk_authenticator.h)0
-rw-r--r--src/libcharon/sa/authenticators/pubkey_authenticator.c (renamed from src/charon/sa/authenticators/pubkey_authenticator.c)0
-rw-r--r--src/libcharon/sa/authenticators/pubkey_authenticator.h (renamed from src/charon/sa/authenticators/pubkey_authenticator.h)0
-rw-r--r--src/libcharon/sa/child_sa.c (renamed from src/charon/sa/child_sa.c)0
-rw-r--r--src/libcharon/sa/child_sa.h (renamed from src/charon/sa/child_sa.h)2
-rw-r--r--src/libcharon/sa/connect_manager.c (renamed from src/charon/sa/connect_manager.c)0
-rw-r--r--src/libcharon/sa/connect_manager.h (renamed from src/charon/sa/connect_manager.h)0
-rw-r--r--src/libcharon/sa/ike_sa.c (renamed from src/charon/sa/ike_sa.c)61
-rw-r--r--src/libcharon/sa/ike_sa.h (renamed from src/charon/sa/ike_sa.h)8
-rw-r--r--src/libcharon/sa/ike_sa_id.c (renamed from src/charon/sa/ike_sa_id.c)0
-rw-r--r--src/libcharon/sa/ike_sa_id.h (renamed from src/charon/sa/ike_sa_id.h)0
-rw-r--r--src/libcharon/sa/ike_sa_manager.c (renamed from src/charon/sa/ike_sa_manager.c)0
-rw-r--r--src/libcharon/sa/ike_sa_manager.h (renamed from src/charon/sa/ike_sa_manager.h)0
-rw-r--r--src/libcharon/sa/keymat.c (renamed from src/charon/sa/keymat.c)9
-rw-r--r--src/libcharon/sa/keymat.h (renamed from src/charon/sa/keymat.h)0
-rw-r--r--src/libcharon/sa/mediation_manager.c (renamed from src/charon/sa/mediation_manager.c)0
-rw-r--r--src/libcharon/sa/mediation_manager.h (renamed from src/charon/sa/mediation_manager.h)0
-rw-r--r--src/libcharon/sa/task_manager.c (renamed from src/charon/sa/task_manager.c)7
-rw-r--r--src/libcharon/sa/task_manager.h (renamed from src/charon/sa/task_manager.h)0
-rw-r--r--src/libcharon/sa/tasks/child_create.c (renamed from src/charon/sa/tasks/child_create.c)10
-rw-r--r--src/libcharon/sa/tasks/child_create.h (renamed from src/charon/sa/tasks/child_create.h)0
-rw-r--r--src/libcharon/sa/tasks/child_delete.c (renamed from src/charon/sa/tasks/child_delete.c)0
-rw-r--r--src/libcharon/sa/tasks/child_delete.h (renamed from src/charon/sa/tasks/child_delete.h)0
-rw-r--r--src/libcharon/sa/tasks/child_rekey.c (renamed from src/charon/sa/tasks/child_rekey.c)0
-rw-r--r--src/libcharon/sa/tasks/child_rekey.h (renamed from src/charon/sa/tasks/child_rekey.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_auth.c (renamed from src/charon/sa/tasks/ike_auth.c)0
-rw-r--r--src/libcharon/sa/tasks/ike_auth.h (renamed from src/charon/sa/tasks/ike_auth.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_auth_lifetime.c (renamed from src/charon/sa/tasks/ike_auth_lifetime.c)0
-rw-r--r--src/libcharon/sa/tasks/ike_auth_lifetime.h (renamed from src/charon/sa/tasks/ike_auth_lifetime.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_cert_post.c (renamed from src/charon/sa/tasks/ike_cert_post.c)0
-rw-r--r--src/libcharon/sa/tasks/ike_cert_post.h (renamed from src/charon/sa/tasks/ike_cert_post.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_cert_pre.c (renamed from src/charon/sa/tasks/ike_cert_pre.c)0
-rw-r--r--src/libcharon/sa/tasks/ike_cert_pre.h (renamed from src/charon/sa/tasks/ike_cert_pre.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_config.c (renamed from src/charon/sa/tasks/ike_config.c)45
-rw-r--r--src/libcharon/sa/tasks/ike_config.h (renamed from src/charon/sa/tasks/ike_config.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_delete.c (renamed from src/charon/sa/tasks/ike_delete.c)0
-rw-r--r--src/libcharon/sa/tasks/ike_delete.h (renamed from src/charon/sa/tasks/ike_delete.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_dpd.c (renamed from src/charon/sa/tasks/ike_dpd.c)0
-rw-r--r--src/libcharon/sa/tasks/ike_dpd.h (renamed from src/charon/sa/tasks/ike_dpd.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_init.c (renamed from src/charon/sa/tasks/ike_init.c)0
-rw-r--r--src/libcharon/sa/tasks/ike_init.h (renamed from src/charon/sa/tasks/ike_init.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_me.c (renamed from src/charon/sa/tasks/ike_me.c)0
-rw-r--r--src/libcharon/sa/tasks/ike_me.h (renamed from src/charon/sa/tasks/ike_me.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_mobike.c (renamed from src/charon/sa/tasks/ike_mobike.c)34
-rw-r--r--src/libcharon/sa/tasks/ike_mobike.h (renamed from src/charon/sa/tasks/ike_mobike.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_natd.c (renamed from src/charon/sa/tasks/ike_natd.c)7
-rw-r--r--src/libcharon/sa/tasks/ike_natd.h (renamed from src/charon/sa/tasks/ike_natd.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_reauth.c (renamed from src/charon/sa/tasks/ike_reauth.c)0
-rw-r--r--src/libcharon/sa/tasks/ike_reauth.h (renamed from src/charon/sa/tasks/ike_reauth.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_rekey.c (renamed from src/charon/sa/tasks/ike_rekey.c)0
-rw-r--r--src/libcharon/sa/tasks/ike_rekey.h (renamed from src/charon/sa/tasks/ike_rekey.h)0
-rw-r--r--src/libcharon/sa/tasks/ike_vendor.c (renamed from src/charon/sa/tasks/ike_vendor.c)0
-rw-r--r--src/libcharon/sa/tasks/ike_vendor.h (renamed from src/charon/sa/tasks/ike_vendor.h)0
-rw-r--r--src/libcharon/sa/tasks/task.c (renamed from src/charon/sa/tasks/task.c)0
-rw-r--r--src/libcharon/sa/tasks/task.h (renamed from src/charon/sa/tasks/task.h)0
-rw-r--r--src/libcharon/sa/trap_manager.c (renamed from src/charon/sa/trap_manager.c)6
-rw-r--r--src/libcharon/sa/trap_manager.h (renamed from src/charon/sa/trap_manager.h)0
-rw-r--r--src/libfast/Makefile.am2
-rw-r--r--src/libfast/Makefile.in6
-rw-r--r--src/libfast/request.c41
-rw-r--r--src/libfast/request.h9
-rw-r--r--src/libfast/session.c4
-rw-r--r--src/libfast/smtp.c185
-rw-r--r--src/libfast/smtp.h56
-rw-r--r--src/libfreeswan/Makefile.in1
-rw-r--r--src/libfreeswan/pfkeyv2.h1
-rw-r--r--src/libhydra/Android.mk34
-rw-r--r--src/libhydra/Makefile.am42
-rw-r--r--src/libhydra/Makefile.in762
-rw-r--r--src/libhydra/attributes/attribute_handler.h (renamed from src/libstrongswan/attributes/attribute_handler.h)0
-rw-r--r--src/libhydra/attributes/attribute_manager.c (renamed from src/libstrongswan/attributes/attribute_manager.c)6
-rw-r--r--src/libhydra/attributes/attribute_manager.h (renamed from src/libstrongswan/attributes/attribute_manager.h)0
-rw-r--r--src/libhydra/attributes/attribute_provider.h (renamed from src/libstrongswan/attributes/attribute_provider.h)0
-rw-r--r--src/libhydra/attributes/attributes.c (renamed from src/libstrongswan/attributes/attributes.c)0
-rw-r--r--src/libhydra/attributes/attributes.h (renamed from src/libstrongswan/attributes/attributes.h)0
-rw-r--r--src/libhydra/attributes/mem_pool.c451
-rw-r--r--src/libhydra/attributes/mem_pool.h110
-rw-r--r--src/libhydra/hydra.c73
-rw-r--r--src/libhydra/hydra.h76
-rw-r--r--src/libhydra/plugins/attr/Makefile.am17
-rw-r--r--src/libhydra/plugins/attr/Makefile.in (renamed from src/charon/plugins/attr/Makefile.in)63
-rw-r--r--src/libhydra/plugins/attr/attr_plugin.c (renamed from src/charon/plugins/attr/attr_plugin.c)8
-rw-r--r--src/libhydra/plugins/attr/attr_plugin.h (renamed from src/charon/plugins/attr/attr_plugin.h)7
-rw-r--r--src/libhydra/plugins/attr/attr_provider.c (renamed from src/charon/plugins/attr/attr_provider.c)10
-rw-r--r--src/libhydra/plugins/attr/attr_provider.h (renamed from src/charon/plugins/attr/attr_provider.h)0
-rw-r--r--src/libhydra/plugins/attr_sql/Makefile.am23
-rw-r--r--src/libhydra/plugins/attr_sql/Makefile.in (renamed from src/libstrongswan/plugins/attr_sql/Makefile.in)66
-rw-r--r--src/libhydra/plugins/attr_sql/attr_sql_plugin.c (renamed from src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c)14
-rw-r--r--src/libhydra/plugins/attr_sql/attr_sql_plugin.h (renamed from src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h)7
-rw-r--r--src/libhydra/plugins/attr_sql/pool.c (renamed from src/libstrongswan/plugins/attr_sql/pool.c)604
-rw-r--r--src/libhydra/plugins/attr_sql/sql_attribute.c (renamed from src/libstrongswan/plugins/attr_sql/sql_attribute.c)10
-rw-r--r--src/libhydra/plugins/attr_sql/sql_attribute.h (renamed from src/libstrongswan/plugins/attr_sql/sql_attribute.h)0
-rw-r--r--src/libsimaka/Makefile.am2
-rw-r--r--src/libsimaka/Makefile.in3
-rw-r--r--src/libsimaka/simaka_message.c22
-rw-r--r--src/libsimaka/simaka_message.h1
-rw-r--r--src/libstrongswan/Android.mk121
-rw-r--r--src/libstrongswan/AndroidConfigLocal.h9
-rw-r--r--src/libstrongswan/Makefile.am99
-rw-r--r--src/libstrongswan/Makefile.in187
-rw-r--r--src/libstrongswan/asn1/asn1.c36
-rw-r--r--src/libstrongswan/asn1/asn1.h3
-rw-r--r--src/libstrongswan/asn1/asn1_parser.c19
-rw-r--r--src/libstrongswan/asn1/asn1_parser.h6
-rw-r--r--src/libstrongswan/asn1/oid.h1
-rw-r--r--src/libstrongswan/asn1/oid.txt2
-rw-r--r--src/libstrongswan/chunk.c14
-rw-r--r--src/libstrongswan/chunk.h2
-rw-r--r--src/libstrongswan/credentials/credential_factory.c2
-rw-r--r--src/libstrongswan/credentials/keys/key_encoding.h2
-rw-r--r--src/libstrongswan/credentials/keys/shared_key.h2
-rw-r--r--src/libstrongswan/crypto/crypto_factory.c2
-rw-r--r--src/libstrongswan/crypto/crypto_tester.c40
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.c407
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.h45
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.c263
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.txt184
-rw-r--r--src/libstrongswan/debug.c34
-rw-r--r--src/libstrongswan/debug.h83
-rw-r--r--src/libstrongswan/enum.h2
-rw-r--r--src/libstrongswan/fetcher/fetcher_manager.c2
-rw-r--r--src/libstrongswan/integrity_checker.c41
-rw-r--r--src/libstrongswan/integrity_checker.h4
-rw-r--r--src/libstrongswan/library.c18
-rw-r--r--src/libstrongswan/library.h28
-rw-r--r--src/libstrongswan/plugins/aes/Makefile.am9
-rw-r--r--src/libstrongswan/plugins/aes/Makefile.in52
-rw-r--r--src/libstrongswan/plugins/aes/aes_plugin.c2
-rw-r--r--src/libstrongswan/plugins/aes/aes_plugin.h5
-rw-r--r--src/libstrongswan/plugins/agent/Makefile.am10
-rw-r--r--src/libstrongswan/plugins/agent/Makefile.in54
-rw-r--r--src/libstrongswan/plugins/agent/agent_plugin.c2
-rw-r--r--src/libstrongswan/plugins/agent/agent_plugin.h5
-rw-r--r--src/libstrongswan/plugins/agent/agent_private_key.c26
-rw-r--r--src/libstrongswan/plugins/attr_sql/Makefile.am15
-rw-r--r--src/libstrongswan/plugins/blowfish/Makefile.am10
-rw-r--r--src/libstrongswan/plugins/blowfish/Makefile.in53
-rw-r--r--src/libstrongswan/plugins/blowfish/blowfish_plugin.c2
-rw-r--r--src/libstrongswan/plugins/blowfish/blowfish_plugin.h5
-rw-r--r--src/libstrongswan/plugins/curl/Makefile.am9
-rw-r--r--src/libstrongswan/plugins/curl/Makefile.in52
-rw-r--r--src/libstrongswan/plugins/curl/curl_fetcher.c4
-rw-r--r--src/libstrongswan/plugins/curl/curl_plugin.c4
-rw-r--r--src/libstrongswan/plugins/curl/curl_plugin.h5
-rw-r--r--src/libstrongswan/plugins/des/Makefile.am9
-rw-r--r--src/libstrongswan/plugins/des/Makefile.in52
-rw-r--r--src/libstrongswan/plugins/des/des_plugin.c2
-rw-r--r--src/libstrongswan/plugins/des/des_plugin.h5
-rw-r--r--src/libstrongswan/plugins/dnskey/Makefile.am10
-rw-r--r--src/libstrongswan/plugins/dnskey/Makefile.in54
-rw-r--r--src/libstrongswan/plugins/dnskey/dnskey_builder.c9
-rw-r--r--src/libstrongswan/plugins/dnskey/dnskey_plugin.c2
-rw-r--r--src/libstrongswan/plugins/dnskey/dnskey_plugin.h5
-rw-r--r--src/libstrongswan/plugins/fips_prf/Makefile.am9
-rw-r--r--src/libstrongswan/plugins/fips_prf/Makefile.in53
-rw-r--r--src/libstrongswan/plugins/fips_prf/fips_prf.c6
-rw-r--r--src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c2
-rw-r--r--src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h5
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.am7
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.in52
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c2
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_dh.c351
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c2
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c10
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h5
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c32
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c28
-rw-r--r--src/libstrongswan/plugins/gmp/Makefile.am16
-rw-r--r--src/libstrongswan/plugins/gmp/Makefile.in57
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c392
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_plugin.c8
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_plugin.h5
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c29
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c40
-rw-r--r--src/libstrongswan/plugins/hmac/Makefile.am9
-rw-r--r--src/libstrongswan/plugins/hmac/Makefile.in51
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_plugin.c2
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_plugin.h5
-rw-r--r--src/libstrongswan/plugins/ldap/Makefile.am9
-rw-r--r--src/libstrongswan/plugins/ldap/Makefile.in52
-rw-r--r--src/libstrongswan/plugins/ldap/ldap_fetcher.c17
-rw-r--r--src/libstrongswan/plugins/ldap/ldap_plugin.c2
-rw-r--r--src/libstrongswan/plugins/ldap/ldap_plugin.h5
-rw-r--r--src/libstrongswan/plugins/md4/Makefile.am9
-rw-r--r--src/libstrongswan/plugins/md4/Makefile.in52
-rw-r--r--src/libstrongswan/plugins/md4/md4_plugin.c2
-rw-r--r--src/libstrongswan/plugins/md4/md4_plugin.h5
-rw-r--r--src/libstrongswan/plugins/md5/Makefile.am9
-rw-r--r--src/libstrongswan/plugins/md5/Makefile.in52
-rw-r--r--src/libstrongswan/plugins/md5/md5_plugin.c2
-rw-r--r--src/libstrongswan/plugins/md5/md5_plugin.h5
-rw-r--r--src/libstrongswan/plugins/mysql/Makefile.am10
-rw-r--r--src/libstrongswan/plugins/mysql/Makefile.in52
-rw-r--r--src/libstrongswan/plugins/mysql/mysql_database.c28
-rw-r--r--src/libstrongswan/plugins/mysql/mysql_plugin.c4
-rw-r--r--src/libstrongswan/plugins/mysql/mysql_plugin.h5
-rw-r--r--src/libstrongswan/plugins/openssl/Makefile.am8
-rw-r--r--src/libstrongswan/plugins/openssl/Makefile.in61
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c78
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_private_key.c27
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_public_key.c25
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c15
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.h5
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c58
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c21
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_sha1_prf.c139
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_sha1_prf.h48
-rw-r--r--src/libstrongswan/plugins/padlock/Makefile.am9
-rw-r--r--src/libstrongswan/plugins/padlock/Makefile.in52
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_plugin.c6
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_plugin.h5
-rw-r--r--src/libstrongswan/plugins/pem/Makefile.am11
-rw-r--r--src/libstrongswan/plugins/pem/Makefile.in58
-rw-r--r--src/libstrongswan/plugins/pem/pem_builder.c35
-rw-r--r--src/libstrongswan/plugins/pem/pem_builder.h6
-rw-r--r--src/libstrongswan/plugins/pem/pem_encoder.c138
-rw-r--r--src/libstrongswan/plugins/pem/pem_encoder.h33
-rw-r--r--src/libstrongswan/plugins/pem/pem_plugin.c7
-rw-r--r--src/libstrongswan/plugins/pem/pem_plugin.h5
-rw-r--r--src/libstrongswan/plugins/pgp/Makefile.am16
-rw-r--r--src/libstrongswan/plugins/pgp/Makefile.in59
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_builder.c13
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_cert.c32
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_encoder.c3
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_plugin.c2
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_plugin.h5
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_utils.c18
-rw-r--r--src/libstrongswan/plugins/pkcs1/Makefile.am12
-rw-r--r--src/libstrongswan/plugins/pkcs1/Makefile.in56
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_builder.c6
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_builder.h2
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c3
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c2
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h5
-rw-r--r--src/libstrongswan/plugins/plugin.h4
-rw-r--r--src/libstrongswan/plugins/plugin_loader.c74
-rw-r--r--src/libstrongswan/plugins/pubkey/Makefile.am10
-rw-r--r--src/libstrongswan/plugins/pubkey/Makefile.in54
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_plugin.c2
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_plugin.h5
-rw-r--r--src/libstrongswan/plugins/random/Makefile.am11
-rw-r--r--src/libstrongswan/plugins/random/Makefile.in54
-rw-r--r--src/libstrongswan/plugins/random/random_plugin.c2
-rw-r--r--src/libstrongswan/plugins/random/random_plugin.h5
-rw-r--r--src/libstrongswan/plugins/random/random_rng.c4
-rw-r--r--src/libstrongswan/plugins/sha1/Makefile.am9
-rw-r--r--src/libstrongswan/plugins/sha1/Makefile.in51
-rw-r--r--src/libstrongswan/plugins/sha1/sha1_plugin.c2
-rw-r--r--src/libstrongswan/plugins/sha1/sha1_plugin.h5
-rw-r--r--src/libstrongswan/plugins/sha2/Makefile.am9
-rw-r--r--src/libstrongswan/plugins/sha2/Makefile.in52
-rw-r--r--src/libstrongswan/plugins/sha2/sha2_plugin.c2
-rw-r--r--src/libstrongswan/plugins/sha2/sha2_plugin.h5
-rw-r--r--src/libstrongswan/plugins/sqlite/Makefile.am10
-rw-r--r--src/libstrongswan/plugins/sqlite/Makefile.in52
-rw-r--r--src/libstrongswan/plugins/sqlite/sqlite_database.c15
-rw-r--r--src/libstrongswan/plugins/sqlite/sqlite_plugin.c2
-rw-r--r--src/libstrongswan/plugins/sqlite/sqlite_plugin.h5
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.am6
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.in49
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/rng.c6
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c2
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h5
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.am21
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.in63
-rw-r--r--src/libstrongswan/plugins/x509/x509_ac.c35
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c78
-rw-r--r--src/libstrongswan/plugins/x509/x509_crl.c15
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_request.c15
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_response.c20
-rw-r--r--src/libstrongswan/plugins/x509/x509_pkcs10.c27
-rw-r--r--src/libstrongswan/plugins/x509/x509_plugin.c2
-rw-r--r--src/libstrongswan/plugins/x509/x509_plugin.h5
-rw-r--r--src/libstrongswan/plugins/xcbc/Makefile.am9
-rw-r--r--src/libstrongswan/plugins/xcbc/Makefile.in51
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_plugin.c2
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_plugin.h5
-rw-r--r--src/libstrongswan/printf_hook.c12
-rw-r--r--src/libstrongswan/selectors/traffic_selector.h28
-rw-r--r--src/libstrongswan/settings.c14
-rw-r--r--src/libstrongswan/settings.h4
-rw-r--r--src/libstrongswan/threading/mutex.c4
-rw-r--r--src/libstrongswan/threading/rwlock.c6
-rw-r--r--src/libstrongswan/threading/thread.c14
-rw-r--r--src/libstrongswan/threading/thread.h6
-rw-r--r--src/libstrongswan/utils.c34
-rw-r--r--src/libstrongswan/utils.h18
-rw-r--r--src/libstrongswan/utils/enumerator.c15
-rw-r--r--src/libstrongswan/utils/enumerator.h2
-rw-r--r--src/libstrongswan/utils/host.c2
-rw-r--r--src/libstrongswan/utils/identification.c4
-rw-r--r--src/libstrongswan/utils/leak_detective.c1
-rw-r--r--src/libstrongswan/utils/optionsfrom.c7
-rw-r--r--src/manager/Makefile.am3
-rw-r--r--src/manager/Makefile.in9
-rw-r--r--src/manager/main.c3
-rw-r--r--src/medsrv/Makefile.am3
-rw-r--r--src/medsrv/Makefile.in8
-rw-r--r--src/openac/Makefile.am2
-rw-r--r--src/openac/Makefile.in2
-rwxr-xr-xsrc/openac/openac.c13
-rw-r--r--src/pki/Makefile.am4
-rw-r--r--src/pki/Makefile.in4
-rw-r--r--src/pki/commands/gen.c2
-rw-r--r--src/pki/commands/issue.c13
-rw-r--r--src/pki/commands/self.c5
-rw-r--r--src/pluto/Makefile.am6
-rw-r--r--src/pluto/Makefile.in20
-rw-r--r--src/pluto/ac.c27
-rw-r--r--src/pluto/alg_info.c3
-rw-r--r--src/pluto/ca.c4
-rw-r--r--src/pluto/connections.c55
-rw-r--r--src/pluto/connections.h1
-rw-r--r--src/pluto/constants.c10
-rw-r--r--src/pluto/constants.h7
-rw-r--r--src/pluto/crypto.c34
-rw-r--r--src/pluto/demux.h1
-rw-r--r--src/pluto/fetch.c11
-rw-r--r--src/pluto/ipsec_doi.c44
-rw-r--r--src/pluto/kernel.c1
-rw-r--r--src/pluto/kernel_alg.c4
-rw-r--r--src/pluto/kernel_netlink.c2
-rw-r--r--src/pluto/lex.c2
-rw-r--r--src/pluto/log.c6
-rw-r--r--src/pluto/modecfg.c69
-rw-r--r--src/pluto/pkcs7.c88
-rw-r--r--src/pluto/plutomain.c15
-rw-r--r--src/pluto/rcv_whack.c46
-rw-r--r--src/pluto/timer.c2
-rw-r--r--src/pluto/vendor.c131
-rw-r--r--src/pluto/vendor.h64
-rw-r--r--src/pluto/whack_attribute.c365
-rw-r--r--src/pluto/whack_attribute.h111
-rw-r--r--src/pluto/x509.c4
-rw-r--r--src/scepclient/Makefile.am4
-rw-r--r--src/scepclient/Makefile.in5
-rw-r--r--src/scepclient/loglite.c2
-rw-r--r--src/scepclient/scepclient.c2
-rw-r--r--src/starter/Makefile.am2
-rw-r--r--src/starter/Makefile.in3
-rw-r--r--src/starter/args.c3
-rw-r--r--src/starter/cmp.c1
-rw-r--r--src/starter/confread.c64
-rw-r--r--src/starter/confread.h1
-rw-r--r--src/starter/ipsec.conf.57
-rw-r--r--src/starter/keywords.c224
-rw-r--r--src/starter/keywords.h3
-rw-r--r--src/starter/keywords.txt2
-rw-r--r--src/starter/lex.yy.c44
-rw-r--r--src/starter/parser.l4
-rw-r--r--src/starter/parser.y16
-rw-r--r--src/starter/starter.c11
-rw-r--r--src/starter/starterstroke.c1
-rw-r--r--src/starter/starterwhack.c29
-rw-r--r--src/starter/y.tab.c325
-rw-r--r--src/starter/y.tab.h42
-rw-r--r--src/stroke/Makefile.in1
-rw-r--r--src/stroke/stroke.c9
-rw-r--r--src/stroke/stroke_msg.h1
-rw-r--r--src/whack/Makefile.in1
-rw-r--r--src/whack/whack.c41
-rw-r--r--src/whack/whack.h6
-rw-r--r--testing/Makefile.in1
-rwxr-xr-xtesting/do-tests.in2
-rw-r--r--testing/hosts/default/etc/hosts4
-rw-r--r--testing/hosts/default/etc/ipsec.d/tables.sql4
-rw-r--r--testing/hosts/winnetou/etc/openssl/index.txt9
-rw-r--r--testing/hosts/winnetou/etc/openssl/index.txt.old9
-rw-r--r--testing/hosts/winnetou/etc/openssl/newcerts/1F.pem25
-rw-r--r--testing/hosts/winnetou/etc/openssl/newcerts/20.pem84
-rw-r--r--testing/hosts/winnetou/etc/openssl/newcerts/21.pem83
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/index.txt3
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/index.txt.old3
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/newcerts/06.pem25
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/openssl.cnf4
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/researchCert.derbin965 -> 965 bytes
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/researchCert.pem18
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/serial2
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/serial.old2
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/index.txt3
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/index.txt.attr.old1
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/index.txt.old3
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/newcerts/05.pem24
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/openssl.cnf4
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/salesCert.derbin959 -> 959 bytes
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/salesCert.pem16
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/serial2
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/serial.old2
-rw-r--r--testing/hosts/winnetou/etc/openssl/serial2
-rw-r--r--testing/hosts/winnetou/etc/openssl/serial.old2
-rwxr-xr-xtesting/scripts/build-umlrootfs24
-rwxr-xr-xtesting/testing.conf16
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ike2/description.txt6
-rw-r--r--testing/tests/ike2/evaltest.dat8
-rw-r--r--testing/tests/ike2/hosts/bob/etc/hosts70
-rwxr-xr-xtesting/tests/ike2/hosts/moon/etc/ipsec.conf25
-rwxr-xr-xtesting/tests/ike2/hosts/moon/etc/nat_updown152
-rw-r--r--testing/tests/ike2/hosts/moon/etc/strongswan.conf6
-rwxr-xr-xtesting/tests/ike2/hosts/sun/etc/ipsec.conf25
-rw-r--r--testing/tests/ike2/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ike2/posttest.dat5
-rw-r--r--testing/tests/ike2/pretest.dat9
-rw-r--r--testing/tests/ike2/test.conf21
-rw-r--r--testing/tests/ikev1/alg-modp-subgroup/description.txt14
-rw-r--r--testing/tests/ikev1/alg-modp-subgroup/evaltest.dat13
-rwxr-xr-xtesting/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf25
-rwxr-xr-xtesting/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf25
-rwxr-xr-xtesting/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev1/alg-modp-subgroup/posttest.dat6
-rw-r--r--testing/tests/ikev1/alg-modp-subgroup/pretest.dat9
-rw-r--r--testing/tests/ikev1/alg-modp-subgroup/test.conf21
-rw-r--r--testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem34
-rw-r--r--testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem50
-rw-r--r--testing/tests/ikev1/esp-alg-aes-gmac/description.txt4
-rw-r--r--testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat7
-rwxr-xr-xtesting/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf26
-rwxr-xr-xtesting/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf25
-rw-r--r--testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat4
-rw-r--r--testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat6
-rw-r--r--testing/tests/ikev1/esp-alg-aes-gmac/test.conf21
-rw-r--r--testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev1/ip-pool/description.txt10
-rw-r--r--testing/tests/ikev1/ip-pool/evaltest.dat26
-rwxr-xr-xtesting/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf25
-rw-r--r--testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf25
-rw-r--r--testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/ip-pool/posttest.dat8
-rw-r--r--testing/tests/ikev1/ip-pool/pretest.dat10
-rw-r--r--testing/tests/ikev1/ip-pool/test.conf21
-rw-r--r--testing/tests/ikev1/ip-two-pools-mixed/description.txt9
-rw-r--r--testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat17
-rwxr-xr-xtesting/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables78
-rwxr-xr-xtesting/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables91
-rwxr-xr-xtesting/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf28
-rw-r--r--testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf17
-rw-r--r--testing/tests/ikev1/ip-two-pools-mixed/posttest.dat13
-rw-r--r--testing/tests/ikev1/ip-two-pools-mixed/pretest.dat15
-rw-r--r--testing/tests/ikev1/ip-two-pools-mixed/test.conf21
-rw-r--r--testing/tests/ikev1/ip-two-pools/description.txt9
-rw-r--r--testing/tests/ikev1/ip-two-pools/evaltest.dat18
-rwxr-xr-xtesting/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables78
-rwxr-xr-xtesting/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables91
-rwxr-xr-xtesting/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf28
-rw-r--r--testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/ip-two-pools/posttest.dat12
-rw-r--r--testing/tests/ikev1/ip-two-pools/pretest.dat12
-rw-r--r--testing/tests/ikev1/ip-two-pools/test.conf21
-rw-r--r--testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem38
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem50
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem34
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem50
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem18
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem16
-rw-r--r--testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem38
-rw-r--r--testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem50
-rw-r--r--testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem18
-rw-r--r--testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem38
-rw-r--r--testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem50
-rw-r--r--testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem38
-rw-r--r--testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem50
-rw-r--r--testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem34
-rw-r--r--testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem50
-rw-r--r--testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem18
-rw-r--r--testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem16
-rw-r--r--testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem38
-rw-r--r--testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem50
-rw-r--r--testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem34
-rw-r--r--testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem50
-rw-r--r--testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem18
-rw-r--r--testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem16
-rw-r--r--testing/tests/ikev1/protoport-route/pretest.dat6
-rw-r--r--testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-modp-subgroup/description.txt14
-rw-r--r--testing/tests/ikev2/alg-modp-subgroup/evaltest.dat15
-rwxr-xr-xtesting/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf23
-rw-r--r--testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/alg-modp-subgroup/posttest.dat6
-rw-r--r--testing/tests/ikev2/alg-modp-subgroup/pretest.dat9
-rw-r--r--testing/tests/ikev2/alg-modp-subgroup/test.conf21
-rw-r--r--testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/description.txt8
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/evaltest.dat22
-rwxr-xr-xtesting/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf9
-rwxr-xr-xtesting/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables91
-rwxr-xr-xtesting/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf23
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf14
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf7
-rwxr-xr-xtesting/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd24
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/posttest.dat10
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/pretest.dat12
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/test.conf21
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/description.txt11
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/evaltest.dat22
-rwxr-xr-xtesting/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf9
-rwxr-xr-xtesting/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables91
-rwxr-xr-xtesting/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf23
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf25
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf9
-rwxr-xr-xtesting/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd24
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/posttest.dat9
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/pretest.dat12
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/test.conf21
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/description.txt12
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/evaltest.dat22
-rwxr-xr-xtesting/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf9
-rwxr-xr-xtesting/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables91
-rwxr-xr-xtesting/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf23
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf25
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf9
-rwxr-xr-xtesting/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd24
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/posttest.dat9
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/pretest.dat12
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/test.conf21
-rw-r--r--testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/esp-alg-aes-gmac/description.txt4
-rw-r--r--testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat7
-rwxr-xr-xtesting/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf25
-rw-r--r--testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat4
-rw-r--r--testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat6
-rw-r--r--testing/tests/ikev2/esp-alg-aes-gmac/test.conf21
-rw-r--r--testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/farp/description.txt6
-rw-r--r--testing/tests/ikev2/farp/evaltest.dat22
-rwxr-xr-xtesting/tests/ikev2/farp/hosts/carol/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/farp/hosts/dave/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/farp/hosts/moon/etc/ipsec.conf30
-rw-r--r--testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ikev2/farp/posttest.dat6
-rw-r--r--testing/tests/ikev2/farp/pretest.dat12
-rw-r--r--testing/tests/ikev2/farp/test.conf21
-rw-r--r--testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf4
-rw-r--r--testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf4
-rw-r--r--testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf4
-rw-r--r--testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf4
-rw-r--r--testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem18
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem38
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem50
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem16
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem34
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem50
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem18
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem38
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem50
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem16
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem34
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem50
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem38
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem50
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem34
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem50
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem18
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem16
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem38
-rw-r--r--testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem50
-rw-r--r--testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem18
-rw-r--r--testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem38
-rw-r--r--testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem50
-rw-r--r--testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem38
-rw-r--r--testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem50
-rw-r--r--testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem34
-rw-r--r--testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem50
-rw-r--r--testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem18
-rw-r--r--testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem16
-rw-r--r--testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem38
-rw-r--r--testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem50
-rw-r--r--testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem34
-rw-r--r--testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem50
-rw-r--r--testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem18
-rw-r--r--testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem16
-rw-r--r--testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem38
-rw-r--r--testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem50
-rw-r--r--testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem34
-rw-r--r--testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem50
-rw-r--r--testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem18
-rw-r--r--testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem16
-rw-r--r--testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem18
-rw-r--r--testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem16
-rw-r--r--testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf2
-rw-r--r--testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf2
-rw-r--r--testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf4
-rw-r--r--testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf4
-rw-r--r--testing/tests/sql/ip-pool-db-restart/pretest.dat1
-rw-r--r--testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf4
-rw-r--r--testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf4
-rw-r--r--testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf4
-rw-r--r--testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf2
1459 files changed, 32095 insertions, 11258 deletions
diff --git a/Android.mk b/Android.mk
new file mode 100644
index 000000000..0cda18302
--- /dev/null
+++ b/Android.mk
@@ -0,0 +1,64 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# this is the list of plugins that are built into libstrongswan and charon
+# also these plugins are loaded by default (if not changed in strongswan.conf)
+strongswan_PLUGINS := openssl fips-prf random x509 pubkey pkcs1 \
+ pem xcbc hmac kernel-netlink socket-default android
+
+# helper macros to only add source files for plugins included in the list above
+# source files are relative to the android.mk that called the macro
+plugin_enabled = $(findstring $(1), $(strongswan_PLUGINS))
+add_plugin = $(if $(call plugin_enabled,$(1)), \
+ $(patsubst $(LOCAL_PATH)/%,%, \
+ $(wildcard \
+ $(LOCAL_PATH)/plugins/$(subst -,_,$(strip $(1)))/*.c \
+ ) \
+ ) \
+ )
+
+# includes
+strongswan_PATH := $(LOCAL_PATH)
+libvstr_PATH := external/strongswan-support/vstr/include
+libgmp_PATH := external/strongswan-support/gmp
+
+# CFLAGS (partially from a configure run using droid-gcc)
+strongswan_CFLAGS := \
+ -Wno-format \
+ -Wno-pointer-sign \
+ -Wno-pointer-arith \
+ -Wno-sign-compare \
+ -Wno-strict-aliasing \
+ -DHAVE___BOOL \
+ -DHAVE_STDBOOL_H \
+ -DHAVE_ALLOCA_H \
+ -DHAVE_ALLOCA \
+ -DHAVE_CLOCK_GETTIME \
+ -DHAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC \
+ -DHAVE_PRCTL \
+ -DHAVE_LINUX_UDP_H \
+ -DHAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY \
+ -DHAVE_IPSEC_MODE_BEET \
+ -DHAVE_IPSEC_DIR_FWD \
+ -DMONOLITHIC \
+ -DUSE_VSTR \
+ -DROUTING_TABLE=0 \
+ -DROUTING_TABLE_PRIO=220 \
+ -DVERSION=\"4.4.0\" \
+ -DPLUGINS='"$(strongswan_PLUGINS)"' \
+ -DIPSEC_DIR=\"/system/bin\" \
+ -DIPSEC_PIDDIR=\"/data/misc/vpn\" \
+ -DSTRONGSWAN_CONF=\"/system/etc/strongswan.conf\" \
+ -DDEV_RANDOM=\"/dev/random\" \
+ -DDEV_URANDOM=\"/dev/urandom\"
+
+# only for Android 2.0+
+strongswan_CFLAGS += \
+ -DHAVE_IN6ADDR_ANY
+
+include $(addprefix $(LOCAL_PATH)/src/,$(addsuffix /Android.mk, \
+ charon \
+ libcharon \
+ libhydra \
+ libstrongswan \
+ ))
diff --git a/Android.mk.in b/Android.mk.in
new file mode 100644
index 000000000..4a4b7df96
--- /dev/null
+++ b/Android.mk.in
@@ -0,0 +1,64 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# this is the list of plugins that are built into libstrongswan and charon
+# also these plugins are loaded by default (if not changed in strongswan.conf)
+strongswan_PLUGINS := openssl fips-prf random x509 pubkey pkcs1 \
+ pem xcbc hmac kernel-netlink socket-default android
+
+# helper macros to only add source files for plugins included in the list above
+# source files are relative to the android.mk that called the macro
+plugin_enabled = $(findstring $(1), $(strongswan_PLUGINS))
+add_plugin = $(if $(call plugin_enabled,$(1)), \
+ $(patsubst $(LOCAL_PATH)/%,%, \
+ $(wildcard \
+ $(LOCAL_PATH)/plugins/$(subst -,_,$(strip $(1)))/*.c \
+ ) \
+ ) \
+ )
+
+# includes
+strongswan_PATH := $(LOCAL_PATH)
+libvstr_PATH := external/strongswan-support/vstr/include
+libgmp_PATH := external/strongswan-support/gmp
+
+# CFLAGS (partially from a configure run using droid-gcc)
+strongswan_CFLAGS := \
+ -Wno-format \
+ -Wno-pointer-sign \
+ -Wno-pointer-arith \
+ -Wno-sign-compare \
+ -Wno-strict-aliasing \
+ -DHAVE___BOOL \
+ -DHAVE_STDBOOL_H \
+ -DHAVE_ALLOCA_H \
+ -DHAVE_ALLOCA \
+ -DHAVE_CLOCK_GETTIME \
+ -DHAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC \
+ -DHAVE_PRCTL \
+ -DHAVE_LINUX_UDP_H \
+ -DHAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY \
+ -DHAVE_IPSEC_MODE_BEET \
+ -DHAVE_IPSEC_DIR_FWD \
+ -DMONOLITHIC \
+ -DUSE_VSTR \
+ -DROUTING_TABLE=0 \
+ -DROUTING_TABLE_PRIO=220 \
+ -DVERSION=\"@PACKAGE_VERSION@\" \
+ -DPLUGINS='"$(strongswan_PLUGINS)"' \
+ -DIPSEC_DIR=\"/system/bin\" \
+ -DIPSEC_PIDDIR=\"/data/misc/vpn\" \
+ -DSTRONGSWAN_CONF=\"/system/etc/strongswan.conf\" \
+ -DDEV_RANDOM=\"/dev/random\" \
+ -DDEV_URANDOM=\"/dev/urandom\"
+
+# only for Android 2.0+
+strongswan_CFLAGS += \
+ -DHAVE_IN6ADDR_ANY
+
+include $(addprefix $(LOCAL_PATH)/src/,$(addsuffix /Android.mk, \
+ charon \
+ libcharon \
+ libhydra \
+ libstrongswan \
+ ))
diff --git a/Doxyfile.in b/Doxyfile.in
index 8cb6e50a5..b79c9909d 100644
--- a/Doxyfile.in
+++ b/Doxyfile.in
@@ -528,7 +528,8 @@ WARN_LOGFILE =
# with spaces.
INPUT = @SRC_DIR@/src/libstrongswan \
- @SRC_DIR@/src/charon \
+ @SRC_DIR@/src/libhydra \
+ @SRC_DIR@/src/libcharon \
@SRC_DIR@/src/libsimaka \
@SRC_DIR@/src/libfast \
@SRC_DIR@/src/manager
diff --git a/Makefile.am b/Makefile.am
index fcb2f2e7a..6ed121f67 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -6,8 +6,15 @@ endif
ACLOCAL_AMFLAGS = -I m4/config
-EXTRA_DIST = Doxyfile.in CREDITS
+EXTRA_DIST = Doxyfile.in CREDITS Android.mk.in Android.mk
CLEANFILES = apidoc Doxyfile
+BUILT_SOURCES = Android.mk
+MAINTAINERCLEANFILES = Android.mk
+
+Android.mk : Android.mk.in configure.in
+ sed \
+ -e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \
+ $(srcdir)/$@.in > $@
Doxyfile : Doxyfile.in
sed \
diff --git a/Makefile.in b/Makefile.in
index 6e97ac768..d4f18d054 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -229,6 +229,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -265,9 +266,12 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
SUBDIRS = src testing $(am__append_1)
ACLOCAL_AMFLAGS = -I m4/config
-EXTRA_DIST = Doxyfile.in CREDITS
+EXTRA_DIST = Doxyfile.in CREDITS Android.mk.in Android.mk
CLEANFILES = apidoc Doxyfile
-all: all-recursive
+BUILT_SOURCES = Android.mk
+MAINTAINERCLEANFILES = Android.mk
+all: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) all-recursive
.SUFFIXES:
am--refresh:
@@ -626,11 +630,13 @@ distcleancheck: distclean
$(distcleancheck_listfiles) ; \
exit 1; } >&2
check-am: all-am
-check: check-recursive
+check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-recursive
all-am: Makefile
installdirs: installdirs-recursive
installdirs-am:
-install: install-recursive
+install: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-recursive
install-exec: install-exec-recursive
install-data: install-data-recursive
uninstall: uninstall-recursive
@@ -656,6 +662,8 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+ -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-recursive
clean-am: clean-generic clean-libtool mostlyclean-am
@@ -726,8 +734,9 @@ ps-am:
uninstall-am:
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
- install-am install-strip tags-recursive
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all check \
+ ctags-recursive install install-am install-strip \
+ tags-recursive
.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
all all-am am--refresh check check-am clean clean-generic \
@@ -746,6 +755,11 @@ uninstall-am:
tags tags-recursive uninstall uninstall-am
+Android.mk : Android.mk.in configure.in
+ sed \
+ -e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \
+ $(srcdir)/$@.in > $@
+
Doxyfile : Doxyfile.in
sed \
-e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \
diff --git a/NEWS b/NEWS
index 1ba8b7c49..bd4e770cd 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,52 @@
+strongswan-4.4.0
+----------------
+
+- The IKEv2 High Availability plugin has been integrated. It provides
+ load sharing and failover capabilities in a cluster of currently two nodes,
+ based on an extend ClusterIP kernel module. More information is available at
+ http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability.
+ The development of the High Availability functionality was sponsored by
+ secunet Security Networks AG.
+
+- Added IKEv1 and IKEv2 configuration support for the AES-GMAC
+ authentication-only ESP cipher. Our aes_gmac kernel patch or a Linux
+ 2.6.34 kernel is required to make AES-GMAC available via the XFRM
+ kernel interface.
+
+- Added support for Diffie-Hellman groups 22, 23 and 24 to the gmp, gcrypt
+ and openssl plugins, usable by both pluto and charon. The new proposal
+ keywords are modp1024s160, modp2048s224 and modp2048s256. Thanks to Joy Latten
+ from IBM for his contribution.
+
+- The IKEv1 pluto daemon supports RAM-based virtual IP pools using
+ the rightsourceip directive with a subnet from which addresses
+ are allocated.
+
+- The ipsec pki --gen and --pub commands now allow the output of
+ private and public keys in PEM format using the --outform pem
+ command line option.
+
+- The new DHCP plugin queries virtual IP addresses for clients from a DHCP
+ server using broadcasts, or a defined server using the
+ charon.plugins.dhcp.server strongswan.conf option. DNS/WINS server information
+ is additionally served to clients if the DHCP server provides such
+ information. The plugin is used in ipsec.conf configurations having
+ rightsourceip set to %dhcp.
+
+- A new plugin called farp fakes ARP responses for virtual IP addresses
+ handed out to clients from the IKEv2 daemon charon. The plugin lets a
+ road-warrior act as a client on the local LAN if it uses a virtual IP
+ from the responders subnet, e.g. acquired using the DHCP plugin.
+
+- The existing IKEv2 socket implementations have been migrated to the
+ socket-default and the socket-raw plugins. The new socket-dynamic plugin
+ binds sockets dynamically to ports configured via the left-/rightikeport
+ ipsec.conf connection parameters.
+
+- The android charon plugin stores received DNS server information as "net.dns"
+ system properties, as used by the Android platform.
+
+
strongswan-4.3.6
----------------
diff --git a/configure b/configure
index e36ba904c..952734d15 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.64 for strongSwan 4.3.6.
+# Generated by GNU Autoconf 2.64 for strongSwan 4.4.0.
#
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software
@@ -695,8 +695,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='strongSwan'
PACKAGE_TARNAME='strongswan'
-PACKAGE_VERSION='4.3.6'
-PACKAGE_STRING='strongSwan 4.3.6'
+PACKAGE_VERSION='4.4.0'
+PACKAGE_STRING='strongSwan 4.4.0'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -740,12 +740,16 @@ ac_subst_vars='am__EXEEXT_FALSE
am__EXEEXT_TRUE
LTLIBOBJS
LIBOBJS
+MONOLITHIC_FALSE
+MONOLITHIC_TRUE
USE_SIMAKA_FALSE
USE_SIMAKA_TRUE
USE_VSTR_FALSE
USE_VSTR_TRUE
USE_FILE_CONFIG_FALSE
USE_FILE_CONFIG_TRUE
+USE_LIBHYDRA_FALSE
+USE_LIBHYDRA_TRUE
USE_LIBSTRONGSWAN_FALSE
USE_LIBSTRONGSWAN_TRUE
USE_SCRIPTS_FALSE
@@ -784,6 +788,14 @@ USE_CISCO_QUIRKS_FALSE
USE_CISCO_QUIRKS_TRUE
USE_SMARTCARD_FALSE
USE_SMARTCARD_TRUE
+USE_FARP_FALSE
+USE_FARP_TRUE
+USE_SOCKET_DYNAMIC_FALSE
+USE_SOCKET_DYNAMIC_TRUE
+USE_SOCKET_RAW_FALSE
+USE_SOCKET_RAW_TRUE
+USE_SOCKET_DEFAULT_FALSE
+USE_SOCKET_DEFAULT_TRUE
USE_KERNEL_KLIPS_FALSE
USE_KERNEL_KLIPS_TRUE
USE_KERNEL_PFROUTE_FALSE
@@ -814,12 +826,16 @@ USE_EAP_SIM_FILE_FALSE
USE_EAP_SIM_FILE_TRUE
USE_EAP_SIM_FALSE
USE_EAP_SIM_TRUE
+USE_HA_FALSE
+USE_HA_TRUE
USE_LOAD_TESTER_FALSE
USE_LOAD_TESTER_TRUE
USE_UNIT_TESTS_FALSE
USE_UNIT_TESTS_TRUE
USE_RESOLVE_FALSE
USE_RESOLVE_TRUE
+USE_DHCP_FALSE
+USE_DHCP_TRUE
USE_ATTR_FALSE
USE_ATTR_TRUE
USE_UPDOWN_FALSE
@@ -828,6 +844,8 @@ USE_SQL_FALSE
USE_SQL_TRUE
USE_SMP_FALSE
USE_SMP_TRUE
+USE_ANDROID_FALSE
+USE_ANDROID_TRUE
USE_UCI_FALSE
USE_UCI_TRUE
USE_NM_FALSE
@@ -895,6 +913,7 @@ USE_CURL_TRUE
USE_TEST_VECTORS_FALSE
USE_TEST_VECTORS_TRUE
pluto_plugins
+libhydra_plugins
libstrongswan_plugins
nm_LIBS
nm_CFLAGS
@@ -1058,6 +1077,7 @@ with_linux_headers
with_routing_table
with_routing_table_prio
with_capabilities
+with_mpz_powm_sec
with_xauth_module
with_user
with_group
@@ -1110,6 +1130,10 @@ enable_kernel_netlink
enable_kernel_pfkey
enable_kernel_pfroute
enable_kernel_klips
+enable_socket_default
+enable_socket_raw
+enable_socket_dynamic
+enable_farp
enable_nat_transport
enable_vendor_id
enable_xauth_vid
@@ -1126,14 +1150,18 @@ enable_scripts
enable_updown
enable_attr
enable_attr_sql
+enable_dhcp
enable_resolve
enable_padlock
enable_openssl
enable_gcrypt
enable_agent
enable_uci
+enable_android
enable_nm
+enable_ha
enable_vstr
+enable_monolithic
enable_dependency_tracking
with_lib_prefix
enable_shared
@@ -1702,7 +1730,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures strongSwan 4.3.6 to adapt to many kinds of systems.
+\`configure' configures strongSwan 4.4.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1772,7 +1800,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of strongSwan 4.3.6:";;
+ short | recursive ) echo "Configuration of strongSwan 4.4.0:";;
esac
cat <<\_ACEOF
@@ -1843,6 +1871,13 @@ Optional Features:
--enable-kernel-pfkey enable the PF_KEY kernel interface.
--enable-kernel-pfroute enable the PF_ROUTE kernel interface.
--enable-kernel-klips enable the KLIPS kernel interface.
+ --disable-socket-default
+ disable default socket implementation for charon.
+ --enable-socket-raw enable raw socket implementation of charon, enforced
+ if pluto is enabled
+ --enable-socket-dynamic enable dynamic socket implementation for charon
+ --enable-farp enable ARP faking plugin that responds to ARP
+ requests to peers virtual IP
--enable-nat-transport enable NAT traversal with IPsec transport mode in
pluto.
--disable-vendor-id disable the sending of the strongSwan vendor ID in
@@ -1867,15 +1902,21 @@ Optional Features:
--disable-attr disable strongswan.conf based configuration
attribute plugin.
--enable-attr-sql enable SQL based configuration attribute plugin.
+ --enable-dhcp enable DHCP based attribute provider plugin.
--disable-resolve disable resolve DNS handler plugin.
--enable-padlock enables VIA Padlock crypto plugin.
--enable-openssl enables the OpenSSL crypto plugin.
--enable-gcrypt enables the libgcrypt plugin.
--enable-agent enables the ssh-agent signing plugin.
--enable-uci enable OpenWRT UCI configuration plugin.
+ --enable-android enable Android specific plugin.
--enable-nm enable NetworkManager plugin.
+ --enable-ha enable high availability cluster plugin.
--enable-vstr enforce using the Vstr string library to replace
glibc-like printf hooks.
+ --enable-monolithic build monolithic version of libstrongswan that
+ includes all enabled plugins. Similarly, the plugins
+ of charon are assembled in libcharon.
--disable-dependency-tracking speeds up one-time build
--enable-dependency-tracking do not reject slow dependency extractors
--enable-shared[=PKGS] build shared libraries [default=yes]
@@ -1919,6 +1960,8 @@ Optional Packages:
set priority for IPsec routing table (default: 220).
--with-capabilities=arg set capability dropping library. Currently only the
value "libcap" is supported (default: no).
+ --with-mpz_powm_sec=arg use the more side-channel resistant mpz_powm_sec in
+ libgmp, if available (default: yes).
--with-xauth-module=lib set the path to the XAUTH module
--with-user=user change user of the daemons to "user" after startup
(default is "root").
@@ -2018,7 +2061,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-strongSwan configure 4.3.6
+strongSwan configure 4.4.0
generated by GNU Autoconf 2.64
Copyright (C) 2009 Free Software Foundation, Inc.
@@ -2494,7 +2537,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by strongSwan $as_me 4.3.6, which was
+It was created by strongSwan $as_me 4.4.0, which was
generated by GNU Autoconf 2.64. Invocation command line was
$ $0 $@
@@ -3302,7 +3345,7 @@ fi
# Define the identity of the package.
PACKAGE='strongswan'
- VERSION='4.3.6'
+ VERSION='4.4.0'
cat >>confdefs.h <<_ACEOF
@@ -3710,6 +3753,16 @@ fi
+# Check whether --with-mpz_powm_sec was given.
+if test "${with_mpz_powm_sec+set}" = set; then :
+ withval=$with_mpz_powm_sec; mpz_powm_sec="$withval"
+else
+ mpz_powm_sec=yes
+
+fi
+
+
+
# Check whether --with-xauth-module was given.
if test "${with_xauth_module+set}" = set; then :
@@ -3764,949 +3817,1215 @@ fi
# Check whether --enable-curl was given.
if test "${enable_curl+set}" = set; then :
- enableval=$enable_curl; if test x$enableval = xyes; then
+ enableval=$enable_curl; curl_given=true
+ if test x$enableval = xyes; then
curl=true
else
curl=false
fi
else
curl=false
+ curl_given=false
fi
# Check whether --enable-ldap was given.
if test "${enable_ldap+set}" = set; then :
- enableval=$enable_ldap; if test x$enableval = xyes; then
+ enableval=$enable_ldap; ldap_given=true
+ if test x$enableval = xyes; then
ldap=true
else
ldap=false
fi
else
ldap=false
+ ldap_given=false
fi
# Check whether --enable-aes was given.
if test "${enable_aes+set}" = set; then :
- enableval=$enable_aes; if test x$enableval = xyes; then
+ enableval=$enable_aes; aes_given=true
+ if test x$enableval = xyes; then
aes=true
else
aes=false
fi
else
aes=true
+ aes_given=false
fi
# Check whether --enable-des was given.
if test "${enable_des+set}" = set; then :
- enableval=$enable_des; if test x$enableval = xyes; then
+ enableval=$enable_des; des_given=true
+ if test x$enableval = xyes; then
des=true
else
des=false
fi
else
des=true
+ des_given=false
fi
# Check whether --enable-blowfish was given.
if test "${enable_blowfish+set}" = set; then :
- enableval=$enable_blowfish; if test x$enableval = xyes; then
+ enableval=$enable_blowfish; blowfish_given=true
+ if test x$enableval = xyes; then
blowfish=true
else
blowfish=false
fi
else
blowfish=false
+ blowfish_given=false
fi
# Check whether --enable-md4 was given.
if test "${enable_md4+set}" = set; then :
- enableval=$enable_md4; if test x$enableval = xyes; then
+ enableval=$enable_md4; md4_given=true
+ if test x$enableval = xyes; then
md4=true
else
md4=false
fi
else
md4=false
+ md4_given=false
fi
# Check whether --enable-md5 was given.
if test "${enable_md5+set}" = set; then :
- enableval=$enable_md5; if test x$enableval = xyes; then
+ enableval=$enable_md5; md5_given=true
+ if test x$enableval = xyes; then
md5=true
else
md5=false
fi
else
md5=true
+ md5_given=false
fi
# Check whether --enable-sha1 was given.
if test "${enable_sha1+set}" = set; then :
- enableval=$enable_sha1; if test x$enableval = xyes; then
+ enableval=$enable_sha1; sha1_given=true
+ if test x$enableval = xyes; then
sha1=true
else
sha1=false
fi
else
sha1=true
+ sha1_given=false
fi
# Check whether --enable-sha2 was given.
if test "${enable_sha2+set}" = set; then :
- enableval=$enable_sha2; if test x$enableval = xyes; then
+ enableval=$enable_sha2; sha2_given=true
+ if test x$enableval = xyes; then
sha2=true
else
sha2=false
fi
else
sha2=true
+ sha2_given=false
fi
# Check whether --enable-fips-prf was given.
if test "${enable_fips_prf+set}" = set; then :
- enableval=$enable_fips_prf; if test x$enableval = xyes; then
+ enableval=$enable_fips_prf; fips_prf_given=true
+ if test x$enableval = xyes; then
fips_prf=true
else
fips_prf=false
fi
else
fips_prf=true
+ fips_prf_given=false
fi
# Check whether --enable-gmp was given.
if test "${enable_gmp+set}" = set; then :
- enableval=$enable_gmp; if test x$enableval = xyes; then
+ enableval=$enable_gmp; gmp_given=true
+ if test x$enableval = xyes; then
gmp=true
else
gmp=false
fi
else
gmp=true
+ gmp_given=false
fi
# Check whether --enable-random was given.
if test "${enable_random+set}" = set; then :
- enableval=$enable_random; if test x$enableval = xyes; then
+ enableval=$enable_random; random_given=true
+ if test x$enableval = xyes; then
random=true
else
random=false
fi
else
random=true
+ random_given=false
fi
# Check whether --enable-x509 was given.
if test "${enable_x509+set}" = set; then :
- enableval=$enable_x509; if test x$enableval = xyes; then
+ enableval=$enable_x509; x509_given=true
+ if test x$enableval = xyes; then
x509=true
else
x509=false
fi
else
x509=true
+ x509_given=false
fi
# Check whether --enable-pubkey was given.
if test "${enable_pubkey+set}" = set; then :
- enableval=$enable_pubkey; if test x$enableval = xyes; then
+ enableval=$enable_pubkey; pubkey_given=true
+ if test x$enableval = xyes; then
pubkey=true
else
pubkey=false
fi
else
pubkey=true
+ pubkey_given=false
fi
# Check whether --enable-pkcs1 was given.
if test "${enable_pkcs1+set}" = set; then :
- enableval=$enable_pkcs1; if test x$enableval = xyes; then
+ enableval=$enable_pkcs1; pkcs1_given=true
+ if test x$enableval = xyes; then
pkcs1=true
else
pkcs1=false
fi
else
pkcs1=true
+ pkcs1_given=false
fi
# Check whether --enable-pgp was given.
if test "${enable_pgp+set}" = set; then :
- enableval=$enable_pgp; if test x$enableval = xyes; then
+ enableval=$enable_pgp; pgp_given=true
+ if test x$enableval = xyes; then
pgp=true
else
pgp=false
fi
else
pgp=true
+ pgp_given=false
fi
# Check whether --enable-dnskey was given.
if test "${enable_dnskey+set}" = set; then :
- enableval=$enable_dnskey; if test x$enableval = xyes; then
+ enableval=$enable_dnskey; dnskey_given=true
+ if test x$enableval = xyes; then
dnskey=true
else
dnskey=false
fi
else
dnskey=true
+ dnskey_given=false
fi
# Check whether --enable-pem was given.
if test "${enable_pem+set}" = set; then :
- enableval=$enable_pem; if test x$enableval = xyes; then
+ enableval=$enable_pem; pem_given=true
+ if test x$enableval = xyes; then
pem=true
else
pem=false
fi
else
pem=true
+ pem_given=false
fi
# Check whether --enable-hmac was given.
if test "${enable_hmac+set}" = set; then :
- enableval=$enable_hmac; if test x$enableval = xyes; then
+ enableval=$enable_hmac; hmac_given=true
+ if test x$enableval = xyes; then
hmac=true
else
hmac=false
fi
else
hmac=true
+ hmac_given=false
fi
# Check whether --enable-xcbc was given.
if test "${enable_xcbc+set}" = set; then :
- enableval=$enable_xcbc; if test x$enableval = xyes; then
+ enableval=$enable_xcbc; xcbc_given=true
+ if test x$enableval = xyes; then
xcbc=true
else
xcbc=false
fi
else
xcbc=true
+ xcbc_given=false
fi
# Check whether --enable-test-vectors was given.
if test "${enable_test_vectors+set}" = set; then :
- enableval=$enable_test_vectors; if test x$enableval = xyes; then
+ enableval=$enable_test_vectors; test_vectors_given=true
+ if test x$enableval = xyes; then
test_vectors=true
else
test_vectors=false
fi
else
test_vectors=false
+ test_vectors_given=false
fi
# Check whether --enable-mysql was given.
if test "${enable_mysql+set}" = set; then :
- enableval=$enable_mysql; if test x$enableval = xyes; then
+ enableval=$enable_mysql; mysql_given=true
+ if test x$enableval = xyes; then
mysql=true
else
mysql=false
fi
else
mysql=false
+ mysql_given=false
fi
# Check whether --enable-sqlite was given.
if test "${enable_sqlite+set}" = set; then :
- enableval=$enable_sqlite; if test x$enableval = xyes; then
+ enableval=$enable_sqlite; sqlite_given=true
+ if test x$enableval = xyes; then
sqlite=true
else
sqlite=false
fi
else
sqlite=false
+ sqlite_given=false
fi
# Check whether --enable-stroke was given.
if test "${enable_stroke+set}" = set; then :
- enableval=$enable_stroke; if test x$enableval = xyes; then
+ enableval=$enable_stroke; stroke_given=true
+ if test x$enableval = xyes; then
stroke=true
else
stroke=false
fi
else
stroke=true
+ stroke_given=false
fi
# Check whether --enable-medsrv was given.
if test "${enable_medsrv+set}" = set; then :
- enableval=$enable_medsrv; if test x$enableval = xyes; then
+ enableval=$enable_medsrv; medsrv_given=true
+ if test x$enableval = xyes; then
medsrv=true
else
medsrv=false
fi
else
medsrv=false
+ medsrv_given=false
fi
# Check whether --enable-medcli was given.
if test "${enable_medcli+set}" = set; then :
- enableval=$enable_medcli; if test x$enableval = xyes; then
+ enableval=$enable_medcli; medcli_given=true
+ if test x$enableval = xyes; then
medcli=true
else
medcli=false
fi
else
medcli=false
+ medcli_given=false
fi
# Check whether --enable-smp was given.
if test "${enable_smp+set}" = set; then :
- enableval=$enable_smp; if test x$enableval = xyes; then
+ enableval=$enable_smp; smp_given=true
+ if test x$enableval = xyes; then
smp=true
else
smp=false
fi
else
smp=false
+ smp_given=false
fi
# Check whether --enable-sql was given.
if test "${enable_sql+set}" = set; then :
- enableval=$enable_sql; if test x$enableval = xyes; then
+ enableval=$enable_sql; sql_given=true
+ if test x$enableval = xyes; then
sql=true
else
sql=false
fi
else
sql=false
+ sql_given=false
fi
# Check whether --enable-smartcard was given.
if test "${enable_smartcard+set}" = set; then :
- enableval=$enable_smartcard; if test x$enableval = xyes; then
+ enableval=$enable_smartcard; smartcard_given=true
+ if test x$enableval = xyes; then
smartcard=true
else
smartcard=false
fi
else
smartcard=false
+ smartcard_given=false
fi
# Check whether --enable-cisco-quirks was given.
if test "${enable_cisco_quirks+set}" = set; then :
- enableval=$enable_cisco_quirks; if test x$enableval = xyes; then
+ enableval=$enable_cisco_quirks; cisco_quirks_given=true
+ if test x$enableval = xyes; then
cisco_quirks=true
else
cisco_quirks=false
fi
else
cisco_quirks=false
+ cisco_quirks_given=false
fi
# Check whether --enable-leak-detective was given.
if test "${enable_leak_detective+set}" = set; then :
- enableval=$enable_leak_detective; if test x$enableval = xyes; then
+ enableval=$enable_leak_detective; leak_detective_given=true
+ if test x$enableval = xyes; then
leak_detective=true
else
leak_detective=false
fi
else
leak_detective=false
+ leak_detective_given=false
fi
# Check whether --enable-lock-profiler was given.
if test "${enable_lock_profiler+set}" = set; then :
- enableval=$enable_lock_profiler; if test x$enableval = xyes; then
+ enableval=$enable_lock_profiler; lock_profiler_given=true
+ if test x$enableval = xyes; then
lock_profiler=true
else
lock_profiler=false
fi
else
lock_profiler=false
+ lock_profiler_given=false
fi
# Check whether --enable-unit-tests was given.
if test "${enable_unit_tests+set}" = set; then :
- enableval=$enable_unit_tests; if test x$enableval = xyes; then
+ enableval=$enable_unit_tests; unit_tests_given=true
+ if test x$enableval = xyes; then
unit_tests=true
else
unit_tests=false
fi
else
unit_tests=false
+ unit_tests_given=false
fi
# Check whether --enable-load-tester was given.
if test "${enable_load_tester+set}" = set; then :
- enableval=$enable_load_tester; if test x$enableval = xyes; then
+ enableval=$enable_load_tester; load_tester_given=true
+ if test x$enableval = xyes; then
load_tester=true
else
load_tester=false
fi
else
load_tester=false
+ load_tester_given=false
fi
# Check whether --enable-eap-sim was given.
if test "${enable_eap_sim+set}" = set; then :
- enableval=$enable_eap_sim; if test x$enableval = xyes; then
+ enableval=$enable_eap_sim; eap_sim_given=true
+ if test x$enableval = xyes; then
eap_sim=true
else
eap_sim=false
fi
else
eap_sim=false
+ eap_sim_given=false
fi
# Check whether --enable-eap-sim-file was given.
if test "${enable_eap_sim_file+set}" = set; then :
- enableval=$enable_eap_sim_file; if test x$enableval = xyes; then
+ enableval=$enable_eap_sim_file; eap_sim_file_given=true
+ if test x$enableval = xyes; then
eap_sim_file=true
else
eap_sim_file=false
fi
else
eap_sim_file=false
+ eap_sim_file_given=false
fi
# Check whether --enable-eap-simaka-pseudonym was given.
if test "${enable_eap_simaka_pseudonym+set}" = set; then :
- enableval=$enable_eap_simaka_pseudonym; if test x$enableval = xyes; then
+ enableval=$enable_eap_simaka_pseudonym; eap_simaka_pseudonym_given=true
+ if test x$enableval = xyes; then
eap_simaka_pseudonym=true
else
eap_simaka_pseudonym=false
fi
else
eap_simaka_pseudonym=false
+ eap_simaka_pseudonym_given=false
fi
# Check whether --enable-eap-simaka-reauth was given.
if test "${enable_eap_simaka_reauth+set}" = set; then :
- enableval=$enable_eap_simaka_reauth; if test x$enableval = xyes; then
+ enableval=$enable_eap_simaka_reauth; eap_simaka_reauth_given=true
+ if test x$enableval = xyes; then
eap_simaka_reauth=true
else
eap_simaka_reauth=false
fi
else
eap_simaka_reauth=false
+ eap_simaka_reauth_given=false
fi
# Check whether --enable-eap-identity was given.
if test "${enable_eap_identity+set}" = set; then :
- enableval=$enable_eap_identity; if test x$enableval = xyes; then
+ enableval=$enable_eap_identity; eap_identity_given=true
+ if test x$enableval = xyes; then
eap_identity=true
else
eap_identity=false
fi
else
eap_identity=false
+ eap_identity_given=false
fi
# Check whether --enable-eap-md5 was given.
if test "${enable_eap_md5+set}" = set; then :
- enableval=$enable_eap_md5; if test x$enableval = xyes; then
+ enableval=$enable_eap_md5; eap_md5_given=true
+ if test x$enableval = xyes; then
eap_md5=true
else
eap_md5=false
fi
else
eap_md5=false
+ eap_md5_given=false
fi
# Check whether --enable-eap-gtc was given.
if test "${enable_eap_gtc+set}" = set; then :
- enableval=$enable_eap_gtc; if test x$enableval = xyes; then
+ enableval=$enable_eap_gtc; eap_gtc_given=true
+ if test x$enableval = xyes; then
eap_gtc=true
else
eap_gtc=false
fi
else
eap_gtc=false
+ eap_gtc_given=false
fi
# Check whether --enable-eap-aka was given.
if test "${enable_eap_aka+set}" = set; then :
- enableval=$enable_eap_aka; if test x$enableval = xyes; then
+ enableval=$enable_eap_aka; eap_aka_given=true
+ if test x$enableval = xyes; then
eap_aka=true
else
eap_aka=false
fi
else
eap_aka=false
+ eap_aka_given=false
fi
# Check whether --enable-eap-aka-3gpp2 was given.
if test "${enable_eap_aka_3gpp2+set}" = set; then :
- enableval=$enable_eap_aka_3gpp2; if test x$enableval = xyes; then
+ enableval=$enable_eap_aka_3gpp2; eap_aka_3gpp2_given=true
+ if test x$enableval = xyes; then
eap_aka_3gpp2=true
else
eap_aka_3gpp2=false
fi
else
eap_aka_3gpp2=false
+ eap_aka_3gpp2_given=false
fi
# Check whether --enable-eap-mschapv2 was given.
if test "${enable_eap_mschapv2+set}" = set; then :
- enableval=$enable_eap_mschapv2; if test x$enableval = xyes; then
+ enableval=$enable_eap_mschapv2; eap_mschapv2_given=true
+ if test x$enableval = xyes; then
eap_mschapv2=true
else
eap_mschapv2=false
fi
else
eap_mschapv2=false
+ eap_mschapv2_given=false
fi
# Check whether --enable-eap-radius was given.
if test "${enable_eap_radius+set}" = set; then :
- enableval=$enable_eap_radius; if test x$enableval = xyes; then
+ enableval=$enable_eap_radius; eap_radius_given=true
+ if test x$enableval = xyes; then
eap_radius=true
else
eap_radius=false
fi
else
eap_radius=false
+ eap_radius_given=false
fi
# Check whether --enable-kernel-netlink was given.
if test "${enable_kernel_netlink+set}" = set; then :
- enableval=$enable_kernel_netlink; if test x$enableval = xyes; then
+ enableval=$enable_kernel_netlink; kernel_netlink_given=true
+ if test x$enableval = xyes; then
kernel_netlink=true
else
kernel_netlink=false
fi
else
kernel_netlink=true
+ kernel_netlink_given=false
fi
# Check whether --enable-kernel-pfkey was given.
if test "${enable_kernel_pfkey+set}" = set; then :
- enableval=$enable_kernel_pfkey; if test x$enableval = xyes; then
+ enableval=$enable_kernel_pfkey; kernel_pfkey_given=true
+ if test x$enableval = xyes; then
kernel_pfkey=true
else
kernel_pfkey=false
fi
else
kernel_pfkey=false
+ kernel_pfkey_given=false
fi
# Check whether --enable-kernel-pfroute was given.
if test "${enable_kernel_pfroute+set}" = set; then :
- enableval=$enable_kernel_pfroute; if test x$enableval = xyes; then
+ enableval=$enable_kernel_pfroute; kernel_pfroute_given=true
+ if test x$enableval = xyes; then
kernel_pfroute=true
else
kernel_pfroute=false
fi
else
kernel_pfroute=false
+ kernel_pfroute_given=false
fi
# Check whether --enable-kernel-klips was given.
if test "${enable_kernel_klips+set}" = set; then :
- enableval=$enable_kernel_klips; if test x$enableval = xyes; then
+ enableval=$enable_kernel_klips; kernel_klips_given=true
+ if test x$enableval = xyes; then
kernel_klips=true
else
kernel_klips=false
fi
else
kernel_klips=false
+ kernel_klips_given=false
+
+fi
+
+
+# Check whether --enable-socket-default was given.
+if test "${enable_socket_default+set}" = set; then :
+ enableval=$enable_socket_default; socket_default_given=true
+ if test x$enableval = xyes; then
+ socket_default=true
+ else
+ socket_default=false
+ fi
+else
+ socket_default=true
+ socket_default_given=false
+
+fi
+
+
+# Check whether --enable-socket-raw was given.
+if test "${enable_socket_raw+set}" = set; then :
+ enableval=$enable_socket_raw; socket_raw_given=true
+ if test x$enableval = xyes; then
+ socket_raw=true
+ else
+ socket_raw=false
+ fi
+else
+ socket_raw=false
+ socket_raw_given=false
+
+fi
+
+
+# Check whether --enable-socket-dynamic was given.
+if test "${enable_socket_dynamic+set}" = set; then :
+ enableval=$enable_socket_dynamic; socket_dynamic_given=true
+ if test x$enableval = xyes; then
+ socket_dynamic=true
+ else
+ socket_dynamic=false
+ fi
+else
+ socket_dynamic=false
+ socket_dynamic_given=false
+
+fi
+
+
+# Check whether --enable-farp was given.
+if test "${enable_farp+set}" = set; then :
+ enableval=$enable_farp; farp_given=true
+ if test x$enableval = xyes; then
+ farp=true
+ else
+ farp=false
+ fi
+else
+ farp=false
+ farp_given=false
fi
# Check whether --enable-nat-transport was given.
if test "${enable_nat_transport+set}" = set; then :
- enableval=$enable_nat_transport; if test x$enableval = xyes; then
+ enableval=$enable_nat_transport; nat_transport_given=true
+ if test x$enableval = xyes; then
nat_transport=true
else
nat_transport=false
fi
else
nat_transport=false
+ nat_transport_given=false
fi
# Check whether --enable-vendor-id was given.
if test "${enable_vendor_id+set}" = set; then :
- enableval=$enable_vendor_id; if test x$enableval = xyes; then
+ enableval=$enable_vendor_id; vendor_id_given=true
+ if test x$enableval = xyes; then
vendor_id=true
else
vendor_id=false
fi
else
vendor_id=true
+ vendor_id_given=false
fi
# Check whether --enable-xauth-vid was given.
if test "${enable_xauth_vid+set}" = set; then :
- enableval=$enable_xauth_vid; if test x$enableval = xyes; then
+ enableval=$enable_xauth_vid; xauth_vid_given=true
+ if test x$enableval = xyes; then
xauth_vid=true
else
xauth_vid=false
fi
else
xauth_vid=true
+ xauth_vid_given=false
fi
# Check whether --enable-dumm was given.
if test "${enable_dumm+set}" = set; then :
- enableval=$enable_dumm; if test x$enableval = xyes; then
+ enableval=$enable_dumm; dumm_given=true
+ if test x$enableval = xyes; then
dumm=true
else
dumm=false
fi
else
dumm=false
+ dumm_given=false
fi
# Check whether --enable-fast was given.
if test "${enable_fast+set}" = set; then :
- enableval=$enable_fast; if test x$enableval = xyes; then
+ enableval=$enable_fast; fast_given=true
+ if test x$enableval = xyes; then
fast=true
else
fast=false
fi
else
fast=false
+ fast_given=false
fi
# Check whether --enable-manager was given.
if test "${enable_manager+set}" = set; then :
- enableval=$enable_manager; if test x$enableval = xyes; then
+ enableval=$enable_manager; manager_given=true
+ if test x$enableval = xyes; then
manager=true
else
manager=false
fi
else
manager=false
+ manager_given=false
fi
# Check whether --enable-mediation was given.
if test "${enable_mediation+set}" = set; then :
- enableval=$enable_mediation; if test x$enableval = xyes; then
+ enableval=$enable_mediation; mediation_given=true
+ if test x$enableval = xyes; then
mediation=true
else
mediation=false
fi
else
mediation=false
+ mediation_given=false
fi
# Check whether --enable-integrity-test was given.
if test "${enable_integrity_test+set}" = set; then :
- enableval=$enable_integrity_test; if test x$enableval = xyes; then
+ enableval=$enable_integrity_test; integrity_test_given=true
+ if test x$enableval = xyes; then
integrity_test=true
else
integrity_test=false
fi
else
integrity_test=false
+ integrity_test_given=false
fi
# Check whether --enable-pluto was given.
if test "${enable_pluto+set}" = set; then :
- enableval=$enable_pluto; if test x$enableval = xyes; then
+ enableval=$enable_pluto; pluto_given=true
+ if test x$enableval = xyes; then
pluto=true
else
pluto=false
fi
else
pluto=true
+ pluto_given=false
fi
# Check whether --enable-threads was given.
if test "${enable_threads+set}" = set; then :
- enableval=$enable_threads; if test x$enableval = xyes; then
+ enableval=$enable_threads; threads_given=true
+ if test x$enableval = xyes; then
threads=true
else
threads=false
fi
else
threads=true
+ threads_given=false
fi
# Check whether --enable-charon was given.
if test "${enable_charon+set}" = set; then :
- enableval=$enable_charon; if test x$enableval = xyes; then
+ enableval=$enable_charon; charon_given=true
+ if test x$enableval = xyes; then
charon=true
else
charon=false
fi
else
charon=true
+ charon_given=false
fi
# Check whether --enable-tools was given.
if test "${enable_tools+set}" = set; then :
- enableval=$enable_tools; if test x$enableval = xyes; then
+ enableval=$enable_tools; tools_given=true
+ if test x$enableval = xyes; then
tools=true
else
tools=false
fi
else
tools=true
+ tools_given=false
fi
# Check whether --enable-scripts was given.
if test "${enable_scripts+set}" = set; then :
- enableval=$enable_scripts; if test x$enableval = xyes; then
+ enableval=$enable_scripts; scripts_given=true
+ if test x$enableval = xyes; then
scripts=true
else
scripts=false
fi
else
scripts=true
+ scripts_given=false
fi
# Check whether --enable-updown was given.
if test "${enable_updown+set}" = set; then :
- enableval=$enable_updown; if test x$enableval = xyes; then
+ enableval=$enable_updown; updown_given=true
+ if test x$enableval = xyes; then
updown=true
else
updown=false
fi
else
updown=true
+ updown_given=false
fi
# Check whether --enable-attr was given.
if test "${enable_attr+set}" = set; then :
- enableval=$enable_attr; if test x$enableval = xyes; then
+ enableval=$enable_attr; attr_given=true
+ if test x$enableval = xyes; then
attr=true
else
attr=false
fi
else
attr=true
+ attr_given=false
fi
# Check whether --enable-attr-sql was given.
if test "${enable_attr_sql+set}" = set; then :
- enableval=$enable_attr_sql; if test x$enableval = xyes; then
+ enableval=$enable_attr_sql; attr_sql_given=true
+ if test x$enableval = xyes; then
attr_sql=true
else
attr_sql=false
fi
else
attr_sql=false
+ attr_sql_given=false
+
+fi
+
+
+# Check whether --enable-dhcp was given.
+if test "${enable_dhcp+set}" = set; then :
+ enableval=$enable_dhcp; dhcp_given=true
+ if test x$enableval = xyes; then
+ dhcp=true
+ else
+ dhcp=false
+ fi
+else
+ dhcp=false
+ dhcp_given=false
fi
# Check whether --enable-resolve was given.
if test "${enable_resolve+set}" = set; then :
- enableval=$enable_resolve; if test x$enableval = xyes; then
+ enableval=$enable_resolve; resolve_given=true
+ if test x$enableval = xyes; then
resolve=true
else
resolve=false
fi
else
resolve=true
+ resolve_given=false
fi
# Check whether --enable-padlock was given.
if test "${enable_padlock+set}" = set; then :
- enableval=$enable_padlock; if test x$enableval = xyes; then
+ enableval=$enable_padlock; padlock_given=true
+ if test x$enableval = xyes; then
padlock=true
else
padlock=false
fi
else
padlock=false
+ padlock_given=false
fi
# Check whether --enable-openssl was given.
if test "${enable_openssl+set}" = set; then :
- enableval=$enable_openssl; if test x$enableval = xyes; then
+ enableval=$enable_openssl; openssl_given=true
+ if test x$enableval = xyes; then
openssl=true
else
openssl=false
fi
else
openssl=false
+ openssl_given=false
fi
# Check whether --enable-gcrypt was given.
if test "${enable_gcrypt+set}" = set; then :
- enableval=$enable_gcrypt; if test x$enableval = xyes; then
+ enableval=$enable_gcrypt; gcrypt_given=true
+ if test x$enableval = xyes; then
gcrypt=true
else
gcrypt=false
fi
else
gcrypt=false
+ gcrypt_given=false
fi
# Check whether --enable-agent was given.
if test "${enable_agent+set}" = set; then :
- enableval=$enable_agent; if test x$enableval = xyes; then
+ enableval=$enable_agent; agent_given=true
+ if test x$enableval = xyes; then
agent=true
else
agent=false
fi
else
agent=false
+ agent_given=false
fi
# Check whether --enable-uci was given.
if test "${enable_uci+set}" = set; then :
- enableval=$enable_uci; if test x$enableval = xyes; then
+ enableval=$enable_uci; uci_given=true
+ if test x$enableval = xyes; then
uci=true
else
uci=false
fi
else
uci=false
+ uci_given=false
+
+fi
+
+
+# Check whether --enable-android was given.
+if test "${enable_android+set}" = set; then :
+ enableval=$enable_android; android_given=true
+ if test x$enableval = xyes; then
+ android=true
+ else
+ android=false
+ fi
+else
+ android=false
+ android_given=false
fi
# Check whether --enable-nm was given.
if test "${enable_nm+set}" = set; then :
- enableval=$enable_nm; if test x$enableval = xyes; then
+ enableval=$enable_nm; nm_given=true
+ if test x$enableval = xyes; then
nm=true
else
nm=false
fi
else
nm=false
+ nm_given=false
+
+fi
+
+
+# Check whether --enable-ha was given.
+if test "${enable_ha+set}" = set; then :
+ enableval=$enable_ha; ha_given=true
+ if test x$enableval = xyes; then
+ ha=true
+ else
+ ha=false
+ fi
+else
+ ha=false
+ ha_given=false
fi
# Check whether --enable-vstr was given.
if test "${enable_vstr+set}" = set; then :
- enableval=$enable_vstr; if test x$enableval = xyes; then
+ enableval=$enable_vstr; vstr_given=true
+ if test x$enableval = xyes; then
vstr=true
else
vstr=false
fi
else
vstr=false
+ vstr_given=false
+
+fi
+
+
+# Check whether --enable-monolithic was given.
+if test "${enable_monolithic+set}" = set; then :
+ enableval=$enable_monolithic; monolithic_given=true
+ if test x$enableval = xyes; then
+ monolithic=true
+ else
+ monolithic=false
+ fi
+else
+ monolithic=false
+ monolithic_given=false
fi
@@ -6997,13 +7316,13 @@ if test "${lt_cv_nm_interface+set}" = set; then :
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:7000: $ac_compile\"" >&5)
+ (eval echo "\"\$as_me:7319: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
- (eval echo "\"\$as_me:7003: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval echo "\"\$as_me:7322: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
- (eval echo "\"\$as_me:7006: output\"" >&5)
+ (eval echo "\"\$as_me:7325: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
@@ -8208,7 +8527,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 8211 "configure"' > conftest.$ac_ext
+ echo '#line 8530 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -9470,11 +9789,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9473: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9792: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9477: \$? = $ac_status" >&5
+ echo "$as_me:9796: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -9809,11 +10128,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9812: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:10131: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9816: \$? = $ac_status" >&5
+ echo "$as_me:10135: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -9914,11 +10233,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9917: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:10236: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9921: \$? = $ac_status" >&5
+ echo "$as_me:10240: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -9969,11 +10288,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9972: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:10291: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9976: \$? = $ac_status" >&5
+ echo "$as_me:10295: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -12352,7 +12671,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12355 "configure"
+#line 12674 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -12448,7 +12767,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12451 "configure"
+#line 12770 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -13110,7 +13429,6 @@ fi
if test x$eap_aka = xtrue; then
fips_prf=true;
- sha1=true;
simaka=true;
fi
@@ -13120,7 +13438,9 @@ if test x$eap_sim = xtrue; then
fi
if test x$fips_prf = xtrue; then
- sha1=true;
+ if test x$openssl = xfalse; then
+ sha1=true;
+ fi
fi
if test x$smp = xtrue; then
@@ -13140,6 +13460,17 @@ if test x$medcli = xtrue; then
mediation=true
fi
+if test x$pluto = xtrue; then
+ if test x$socket_raw = xfalse; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: Enforcing --enable-socket-raw, as pluto is enabled" >&5
+$as_echo "$as_me: Enforcing --enable-socket-raw, as pluto is enabled" >&6;}
+ socket_raw=true
+ if test x$socket_default_given = xfalse; then
+ socket_default=false
+ fi
+ fi
+fi
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5
$as_echo_n "checking for stdbool.h that conforms to C99... " >&6; }
@@ -14213,6 +14544,7 @@ ac_cv_lib_vstr=ac_cv_lib_vstr_main
fi
if test x$gmp = xtrue; then
+ saved_LIBS=$LIBS
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lgmp" >&5
$as_echo_n "checking for main in -lgmp... " >&6; }
if test "${ac_cv_lib_gmp_main+set}" = set; then :
@@ -14244,12 +14576,48 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gmp_main" >&5
$as_echo "$ac_cv_lib_gmp_main" >&6; }
if test "x$ac_cv_lib_gmp_main" = x""yes; then :
- LIBS="$LIBS"
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBGMP 1
+_ACEOF
+
+ LIBS="-lgmp $LIBS"
+
else
as_fn_error "GNU Multi Precision library gmp not found" "$LINENO" 5
fi
ac_cv_lib_gmp=ac_cv_lib_gmp_main
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking mpz_powm_sec" >&5
+$as_echo_n "checking mpz_powm_sec... " >&6; }
+ if test x$mpz_powm_sec = xyes; then
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include "gmp.h"
+int
+main ()
+{
+
+ void *x = mpz_powm_sec;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }; $as_echo "#define HAVE_MPZ_POWM_SEC 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5
+$as_echo "disabled" >&6; }
+ fi
+ LIBS=$saved_LIBS
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking gmp.h version >= 4.1.4" >&5
$as_echo_n "checking gmp.h version >= 4.1.4... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -15145,6 +15513,56 @@ fi
fi
+if test x$android = xtrue; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lcutils" >&5
+$as_echo_n "checking for main in -lcutils... " >&6; }
+if test "${ac_cv_lib_cutils_main+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcutils $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+return main ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_cutils_main=yes
+else
+ ac_cv_lib_cutils_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cutils_main" >&5
+$as_echo "$ac_cv_lib_cutils_main" >&6; }
+if test "x$ac_cv_lib_cutils_main" = x""yes; then :
+ LIBS="$LIBS"
+else
+ as_fn_error "Android library libcutils not found" "$LINENO" 5
+fi
+ac_cv_lib_cutils=ac_cv_lib_cutils_main
+
+ ac_fn_c_check_header_mongrel "$LINENO" "cutils/properties.h" "ac_cv_header_cutils_properties_h" "$ac_includes_default"
+if test "x$ac_cv_header_cutils_properties_h" = x""yes; then :
+
+else
+ as_fn_error "Android header cutils/properties.h not found!" "$LINENO" 5
+fi
+
+
+ DLLIB="-ldl"
+
+fi
+
if test x$nm = xtrue; then
if test -n "$PKG_CONFIG" && \
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnm-glib\""; } >&5
@@ -15488,6 +15906,7 @@ fi
libstrongswan_plugins=
+libhydra_plugins=
pluto_plugins=
if test x$test_vectors = xtrue; then
@@ -15529,9 +15948,6 @@ if test x$md5 = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" md5"
pluto_plugins=${pluto_plugins}" md5"
fi
-if test x$fips_prf = xtrue; then
- libstrongswan_plugins=${libstrongswan_plugins}" fips-prf"
-fi
if test x$random = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" random"
pluto_plugins=${pluto_plugins}" random"
@@ -15568,10 +15984,6 @@ if test x$sqlite = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" sqlite"
pluto_plugins=${pluto_plugins}" sqlite"
fi
-if test x$attr_sql = xtrue -o x$sql = xtrue; then
- libstrongswan_plugins=${libstrongswan_plugins}" attr-sql"
- pluto_plugins=${pluto_plugins}" attr-sql"
-fi
if test x$padlock = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" padlock"
fi
@@ -15583,6 +15995,9 @@ if test x$gcrypt = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" gcrypt"
pluto_plugins=${pluto_plugins}" gcrypt"
fi
+if test x$fips_prf = xtrue; then
+ libstrongswan_plugins=${libstrongswan_plugins}" fips-prf"
+fi
if test x$xcbc = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" xcbc"
fi
@@ -15597,6 +16012,15 @@ if test x$gmp = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" gmp"
pluto_plugins=${pluto_plugins}" gmp"
fi
+if test x$attr = xtrue; then
+ libhydra_plugins=${libhydra_plugins}" attr"
+ pluto_plugins=${pluto_plugins}" attr"
+fi
+if test x$attr_sql = xtrue -o x$sql = xtrue; then
+ libhydra_plugins=${libhydra_plugins}" attr-sql"
+ pluto_plugins=${pluto_plugins}" attr-sql"
+fi
+
@@ -15867,6 +16291,14 @@ else
USE_UCI_FALSE=
fi
+ if test x$android = xtrue; then
+ USE_ANDROID_TRUE=
+ USE_ANDROID_FALSE='#'
+else
+ USE_ANDROID_TRUE='#'
+ USE_ANDROID_FALSE=
+fi
+
if test x$smp = xtrue; then
USE_SMP_TRUE=
USE_SMP_FALSE='#'
@@ -15899,6 +16331,14 @@ else
USE_ATTR_FALSE=
fi
+ if test x$dhcp = xtrue; then
+ USE_DHCP_TRUE=
+ USE_DHCP_FALSE='#'
+else
+ USE_DHCP_TRUE='#'
+ USE_DHCP_FALSE=
+fi
+
if test x$resolve = xtrue; then
USE_RESOLVE_TRUE=
USE_RESOLVE_FALSE='#'
@@ -15923,6 +16363,14 @@ else
USE_LOAD_TESTER_FALSE=
fi
+ if test x$ha = xtrue; then
+ USE_HA_TRUE=
+ USE_HA_FALSE='#'
+else
+ USE_HA_TRUE='#'
+ USE_HA_FALSE=
+fi
+
if test x$eap_sim = xtrue; then
USE_EAP_SIM_TRUE=
USE_EAP_SIM_FALSE='#'
@@ -16043,6 +16491,38 @@ else
USE_KERNEL_KLIPS_FALSE=
fi
+ if test x$socket_default = xtrue; then
+ USE_SOCKET_DEFAULT_TRUE=
+ USE_SOCKET_DEFAULT_FALSE='#'
+else
+ USE_SOCKET_DEFAULT_TRUE='#'
+ USE_SOCKET_DEFAULT_FALSE=
+fi
+
+ if test x$socket_raw = xtrue; then
+ USE_SOCKET_RAW_TRUE=
+ USE_SOCKET_RAW_FALSE='#'
+else
+ USE_SOCKET_RAW_TRUE='#'
+ USE_SOCKET_RAW_FALSE=
+fi
+
+ if test x$socket_dynamic = xtrue; then
+ USE_SOCKET_DYNAMIC_TRUE=
+ USE_SOCKET_DYNAMIC_FALSE='#'
+else
+ USE_SOCKET_DYNAMIC_TRUE='#'
+ USE_SOCKET_DYNAMIC_FALSE=
+fi
+
+ if test x$farp = xtrue; then
+ USE_FARP_TRUE=
+ USE_FARP_FALSE='#'
+else
+ USE_FARP_TRUE='#'
+ USE_FARP_FALSE=
+fi
+
if test x$smartcard = xtrue; then
USE_SMARTCARD_TRUE=
@@ -16196,6 +16676,14 @@ else
USE_LIBSTRONGSWAN_FALSE=
fi
+ if test x$charon = xtrue -o x$pluto = xtrue; then
+ USE_LIBHYDRA_TRUE=
+ USE_LIBHYDRA_FALSE='#'
+else
+ USE_LIBHYDRA_TRUE='#'
+ USE_LIBHYDRA_FALSE=
+fi
+
if test x$pluto = xtrue -o x$stroke = xtrue; then
USE_FILE_CONFIG_TRUE=
USE_FILE_CONFIG_FALSE='#'
@@ -16220,6 +16708,14 @@ else
USE_SIMAKA_FALSE=
fi
+ if test x$monolithic = xtrue; then
+ MONOLITHIC_TRUE=
+ MONOLITHIC_FALSE='#'
+else
+ MONOLITHIC_TRUE='#'
+ MONOLITHIC_FALSE=
+fi
+
if test x$mediation = xtrue; then
@@ -16230,9 +16726,14 @@ if test x$capabilities = xlibcap; then
$as_echo "#define CAPABILITIES 1" >>confdefs.h
fi
+if test x$monolithic = xtrue; then
+ $as_echo "#define MONOLITHIC 1" >>confdefs.h
+
+fi
+
-ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/attr_sql/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/charon/plugins/eap_aka/Makefile src/charon/plugins/eap_aka_3gpp2/Makefile src/charon/plugins/eap_identity/Makefile src/charon/plugins/eap_md5/Makefile src/charon/plugins/eap_gtc/Makefile src/charon/plugins/eap_sim/Makefile src/charon/plugins/eap_sim_file/Makefile src/charon/plugins/eap_simaka_pseudonym/Makefile src/charon/plugins/eap_simaka_reauth/Makefile src/charon/plugins/eap_mschapv2/Makefile src/charon/plugins/eap_radius/Makefile src/charon/plugins/kernel_netlink/Makefile src/charon/plugins/kernel_pfkey/Makefile src/charon/plugins/kernel_pfroute/Makefile src/charon/plugins/kernel_klips/Makefile src/charon/plugins/smp/Makefile src/charon/plugins/sql/Makefile src/charon/plugins/medsrv/Makefile src/charon/plugins/medcli/Makefile src/charon/plugins/nm/Makefile src/charon/plugins/uci/Makefile src/charon/plugins/stroke/Makefile src/charon/plugins/updown/Makefile src/charon/plugins/attr/Makefile src/charon/plugins/resolve/Makefile src/charon/plugins/unit_tester/Makefile src/charon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile scripts/Makefile testing/Makefile"
+ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libhydra/Makefile src/libhydra/plugins/attr/Makefile src/libhydra/plugins/attr_sql/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_klips/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_raw/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/nm/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/android/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/unit_tester/Makefile src/libcharon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile scripts/Makefile testing/Makefile"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
@@ -16516,6 +17017,10 @@ if test -z "${USE_UCI_TRUE}" && test -z "${USE_UCI_FALSE}"; then
as_fn_error "conditional \"USE_UCI\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${USE_ANDROID_TRUE}" && test -z "${USE_ANDROID_FALSE}"; then
+ as_fn_error "conditional \"USE_ANDROID\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
if test -z "${USE_SMP_TRUE}" && test -z "${USE_SMP_FALSE}"; then
as_fn_error "conditional \"USE_SMP\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16532,6 +17037,10 @@ if test -z "${USE_ATTR_TRUE}" && test -z "${USE_ATTR_FALSE}"; then
as_fn_error "conditional \"USE_ATTR\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${USE_DHCP_TRUE}" && test -z "${USE_DHCP_FALSE}"; then
+ as_fn_error "conditional \"USE_DHCP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
if test -z "${USE_RESOLVE_TRUE}" && test -z "${USE_RESOLVE_FALSE}"; then
as_fn_error "conditional \"USE_RESOLVE\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16544,6 +17053,10 @@ if test -z "${USE_LOAD_TESTER_TRUE}" && test -z "${USE_LOAD_TESTER_FALSE}"; then
as_fn_error "conditional \"USE_LOAD_TESTER\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${USE_HA_TRUE}" && test -z "${USE_HA_FALSE}"; then
+ as_fn_error "conditional \"USE_HA\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
if test -z "${USE_EAP_SIM_TRUE}" && test -z "${USE_EAP_SIM_FALSE}"; then
as_fn_error "conditional \"USE_EAP_SIM\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16604,6 +17117,22 @@ if test -z "${USE_KERNEL_KLIPS_TRUE}" && test -z "${USE_KERNEL_KLIPS_FALSE}"; th
as_fn_error "conditional \"USE_KERNEL_KLIPS\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${USE_SOCKET_DEFAULT_TRUE}" && test -z "${USE_SOCKET_DEFAULT_FALSE}"; then
+ as_fn_error "conditional \"USE_SOCKET_DEFAULT\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${USE_SOCKET_RAW_TRUE}" && test -z "${USE_SOCKET_RAW_FALSE}"; then
+ as_fn_error "conditional \"USE_SOCKET_RAW\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${USE_SOCKET_DYNAMIC_TRUE}" && test -z "${USE_SOCKET_DYNAMIC_FALSE}"; then
+ as_fn_error "conditional \"USE_SOCKET_DYNAMIC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${USE_FARP_TRUE}" && test -z "${USE_FARP_FALSE}"; then
+ as_fn_error "conditional \"USE_FARP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
if test -z "${USE_SMARTCARD_TRUE}" && test -z "${USE_SMARTCARD_FALSE}"; then
as_fn_error "conditional \"USE_SMARTCARD\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16680,6 +17209,10 @@ if test -z "${USE_LIBSTRONGSWAN_TRUE}" && test -z "${USE_LIBSTRONGSWAN_FALSE}";
as_fn_error "conditional \"USE_LIBSTRONGSWAN\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${USE_LIBHYDRA_TRUE}" && test -z "${USE_LIBHYDRA_FALSE}"; then
+ as_fn_error "conditional \"USE_LIBHYDRA\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
if test -z "${USE_FILE_CONFIG_TRUE}" && test -z "${USE_FILE_CONFIG_FALSE}"; then
as_fn_error "conditional \"USE_FILE_CONFIG\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16692,6 +17225,10 @@ if test -z "${USE_SIMAKA_TRUE}" && test -z "${USE_SIMAKA_FALSE}"; then
as_fn_error "conditional \"USE_SIMAKA\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${MONOLITHIC_TRUE}" && test -z "${MONOLITHIC_FALSE}"; then
+ as_fn_error "conditional \"MONOLITHIC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
: ${CONFIG_STATUS=./config.status}
ac_write_fail=0
@@ -17100,7 +17637,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by strongSwan $as_me 4.3.6, which was
+This file was extended by strongSwan $as_me 4.4.0, which was
generated by GNU Autoconf 2.64. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -17155,7 +17692,7 @@ Report bugs to the package provider."
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_version="\\
-strongSwan config.status 4.3.6
+strongSwan config.status 4.4.0
configured by $0, generated by GNU Autoconf 2.64,
with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
@@ -17548,44 +18085,53 @@ do
"src/libstrongswan/plugins/ldap/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/ldap/Makefile" ;;
"src/libstrongswan/plugins/mysql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/mysql/Makefile" ;;
"src/libstrongswan/plugins/sqlite/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/sqlite/Makefile" ;;
- "src/libstrongswan/plugins/attr_sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/attr_sql/Makefile" ;;
"src/libstrongswan/plugins/padlock/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/padlock/Makefile" ;;
"src/libstrongswan/plugins/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/openssl/Makefile" ;;
"src/libstrongswan/plugins/gcrypt/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/gcrypt/Makefile" ;;
"src/libstrongswan/plugins/agent/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/agent/Makefile" ;;
"src/libstrongswan/plugins/test_vectors/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/test_vectors/Makefile" ;;
+ "src/libhydra/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/Makefile" ;;
+ "src/libhydra/plugins/attr/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/attr/Makefile" ;;
+ "src/libhydra/plugins/attr_sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/attr_sql/Makefile" ;;
"src/libfreeswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libfreeswan/Makefile" ;;
"src/libsimaka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libsimaka/Makefile" ;;
"src/pluto/Makefile") CONFIG_FILES="$CONFIG_FILES src/pluto/Makefile" ;;
"src/whack/Makefile") CONFIG_FILES="$CONFIG_FILES src/whack/Makefile" ;;
"src/charon/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/Makefile" ;;
- "src/charon/plugins/eap_aka/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_aka/Makefile" ;;
- "src/charon/plugins/eap_aka_3gpp2/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_aka_3gpp2/Makefile" ;;
- "src/charon/plugins/eap_identity/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_identity/Makefile" ;;
- "src/charon/plugins/eap_md5/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_md5/Makefile" ;;
- "src/charon/plugins/eap_gtc/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_gtc/Makefile" ;;
- "src/charon/plugins/eap_sim/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_sim/Makefile" ;;
- "src/charon/plugins/eap_sim_file/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_sim_file/Makefile" ;;
- "src/charon/plugins/eap_simaka_pseudonym/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_simaka_pseudonym/Makefile" ;;
- "src/charon/plugins/eap_simaka_reauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_simaka_reauth/Makefile" ;;
- "src/charon/plugins/eap_mschapv2/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_mschapv2/Makefile" ;;
- "src/charon/plugins/eap_radius/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_radius/Makefile" ;;
- "src/charon/plugins/kernel_netlink/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_netlink/Makefile" ;;
- "src/charon/plugins/kernel_pfkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_pfkey/Makefile" ;;
- "src/charon/plugins/kernel_pfroute/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_pfroute/Makefile" ;;
- "src/charon/plugins/kernel_klips/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_klips/Makefile" ;;
- "src/charon/plugins/smp/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/smp/Makefile" ;;
- "src/charon/plugins/sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/sql/Makefile" ;;
- "src/charon/plugins/medsrv/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/medsrv/Makefile" ;;
- "src/charon/plugins/medcli/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/medcli/Makefile" ;;
- "src/charon/plugins/nm/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/nm/Makefile" ;;
- "src/charon/plugins/uci/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/uci/Makefile" ;;
- "src/charon/plugins/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/stroke/Makefile" ;;
- "src/charon/plugins/updown/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/updown/Makefile" ;;
- "src/charon/plugins/attr/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/attr/Makefile" ;;
- "src/charon/plugins/resolve/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/resolve/Makefile" ;;
- "src/charon/plugins/unit_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/unit_tester/Makefile" ;;
- "src/charon/plugins/load_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/load_tester/Makefile" ;;
+ "src/libcharon/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/Makefile" ;;
+ "src/libcharon/plugins/eap_aka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka/Makefile" ;;
+ "src/libcharon/plugins/eap_aka_3gpp2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp2/Makefile" ;;
+ "src/libcharon/plugins/eap_identity/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_identity/Makefile" ;;
+ "src/libcharon/plugins/eap_md5/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_md5/Makefile" ;;
+ "src/libcharon/plugins/eap_gtc/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_gtc/Makefile" ;;
+ "src/libcharon/plugins/eap_sim/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_sim/Makefile" ;;
+ "src/libcharon/plugins/eap_sim_file/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_sim_file/Makefile" ;;
+ "src/libcharon/plugins/eap_simaka_pseudonym/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_simaka_pseudonym/Makefile" ;;
+ "src/libcharon/plugins/eap_simaka_reauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_simaka_reauth/Makefile" ;;
+ "src/libcharon/plugins/eap_mschapv2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_mschapv2/Makefile" ;;
+ "src/libcharon/plugins/eap_radius/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_radius/Makefile" ;;
+ "src/libcharon/plugins/kernel_netlink/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_netlink/Makefile" ;;
+ "src/libcharon/plugins/kernel_pfkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_pfkey/Makefile" ;;
+ "src/libcharon/plugins/kernel_pfroute/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_pfroute/Makefile" ;;
+ "src/libcharon/plugins/kernel_klips/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_klips/Makefile" ;;
+ "src/libcharon/plugins/socket_default/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_default/Makefile" ;;
+ "src/libcharon/plugins/socket_raw/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_raw/Makefile" ;;
+ "src/libcharon/plugins/socket_dynamic/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_dynamic/Makefile" ;;
+ "src/libcharon/plugins/farp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/farp/Makefile" ;;
+ "src/libcharon/plugins/smp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/smp/Makefile" ;;
+ "src/libcharon/plugins/sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/sql/Makefile" ;;
+ "src/libcharon/plugins/medsrv/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/medsrv/Makefile" ;;
+ "src/libcharon/plugins/medcli/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/medcli/Makefile" ;;
+ "src/libcharon/plugins/nm/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/nm/Makefile" ;;
+ "src/libcharon/plugins/uci/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/uci/Makefile" ;;
+ "src/libcharon/plugins/ha/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/ha/Makefile" ;;
+ "src/libcharon/plugins/android/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/android/Makefile" ;;
+ "src/libcharon/plugins/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/stroke/Makefile" ;;
+ "src/libcharon/plugins/updown/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/updown/Makefile" ;;
+ "src/libcharon/plugins/dhcp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/dhcp/Makefile" ;;
+ "src/libcharon/plugins/resolve/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/resolve/Makefile" ;;
+ "src/libcharon/plugins/unit_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/unit_tester/Makefile" ;;
+ "src/libcharon/plugins/load_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/load_tester/Makefile" ;;
"src/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/stroke/Makefile" ;;
"src/ipsec/Makefile") CONFIG_FILES="$CONFIG_FILES src/ipsec/Makefile" ;;
"src/starter/Makefile") CONFIG_FILES="$CONFIG_FILES src/starter/Makefile" ;;
diff --git a/configure.in b/configure.in
index 8ba844e9b..efcccbb42 100644
--- a/configure.in
+++ b/configure.in
@@ -16,7 +16,7 @@ dnl ===========================
dnl initialize & set some vars
dnl ===========================
-AC_INIT(strongSwan,4.3.6)
+AC_INIT(strongSwan,4.4.0)
AM_INIT_AUTOMAKE(tar-ustar)
AC_CONFIG_MACRO_DIR([m4/config])
PKG_PROG_PKG_CONFIG
@@ -41,6 +41,7 @@ ARG_WITH_SUBST([routing-table], [220], [set routing table to use for IPsec
ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table])
ARG_WITH_SET([capabilities], [no], [set capability dropping library. Currently only the value "libcap" is supported])
+ARG_WITH_SET([mpz_powm_sec], [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available])
AC_ARG_WITH(
[xauth-module],
@@ -113,6 +114,10 @@ ARG_DISBL_SET([kernel-netlink], [disable the netlink kernel interface.])
ARG_ENABL_SET([kernel-pfkey], [enable the PF_KEY kernel interface.])
ARG_ENABL_SET([kernel-pfroute], [enable the PF_ROUTE kernel interface.])
ARG_ENABL_SET([kernel-klips], [enable the KLIPS kernel interface.])
+ARG_DISBL_SET([socket-default], [disable default socket implementation for charon.])
+ARG_ENABL_SET([socket-raw], [enable raw socket implementation of charon, enforced if pluto is enabled])
+ARG_ENABL_SET([socket-dynamic], [enable dynamic socket implementation for charon])
+ARG_ENABL_SET([farp], [enable ARP faking plugin that responds to ARP requests to peers virtual IP])
ARG_ENABL_SET([nat-transport], [enable NAT traversal with IPsec transport mode in pluto.])
ARG_DISBL_SET([vendor-id], [disable the sending of the strongSwan vendor ID in pluto.])
ARG_DISBL_SET([xauth-vid], [disable the sending of the XAUTH vendor ID.])
@@ -129,14 +134,18 @@ ARG_DISBL_SET([scripts], [disable additional utilities (found in director
ARG_DISBL_SET([updown], [disable updown firewall script plugin.])
ARG_DISBL_SET([attr], [disable strongswan.conf based configuration attribute plugin.])
ARG_ENABL_SET([attr-sql], [enable SQL based configuration attribute plugin.])
+ARG_ENABL_SET([dhcp], [enable DHCP based attribute provider plugin.])
ARG_DISBL_SET([resolve], [disable resolve DNS handler plugin.])
ARG_ENABL_SET([padlock], [enables VIA Padlock crypto plugin.])
ARG_ENABL_SET([openssl], [enables the OpenSSL crypto plugin.])
ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.])
ARG_ENABL_SET([agent], [enables the ssh-agent signing plugin.])
ARG_ENABL_SET([uci], [enable OpenWRT UCI configuration plugin.])
+ARG_ENABL_SET([android], [enable Android specific plugin.])
ARG_ENABL_SET([nm], [enable NetworkManager plugin.])
+ARG_ENABL_SET([ha], [enable high availability cluster plugin.])
ARG_ENABL_SET([vstr], [enforce using the Vstr string library to replace glibc-like printf hooks.])
+ARG_ENABL_SET([monolithic], [build monolithic version of libstrongswan that includes all enabled plugins. Similarly, the plugins of charon are assembled in libcharon.])
dnl =========================
dnl set up compiler and flags
@@ -202,7 +211,6 @@ fi
if test x$eap_aka = xtrue; then
fips_prf=true;
- sha1=true;
simaka=true;
fi
@@ -212,7 +220,9 @@ if test x$eap_sim = xtrue; then
fi
if test x$fips_prf = xtrue; then
- sha1=true;
+ if test x$openssl = xfalse; then
+ sha1=true;
+ fi
fi
if test x$smp = xtrue; then
@@ -232,6 +242,16 @@ if test x$medcli = xtrue; then
mediation=true
fi
+if test x$pluto = xtrue; then
+ if test x$socket_raw = xfalse; then
+ AC_MSG_NOTICE([Enforcing --enable-socket-raw, as pluto is enabled])
+ socket_raw=true
+ if test x$socket_default_given = xfalse; then
+ socket_default=false
+ fi
+ fi
+fi
+
dnl ===========================================
dnl check required libraries and header files
dnl ===========================================
@@ -431,7 +451,21 @@ if test x$vstr = xtrue; then
fi
if test x$gmp = xtrue; then
- AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])
+ saved_LIBS=$LIBS
+ AC_HAVE_LIBRARY([gmp],,[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])
+ AC_MSG_CHECKING([mpz_powm_sec])
+ if test x$mpz_powm_sec = xyes; then
+ AC_TRY_COMPILE(
+ [#include "gmp.h"],
+ [
+ void *x = mpz_powm_sec;
+ ],
+ [AC_MSG_RESULT([yes]); AC_DEFINE(HAVE_MPZ_POWM_SEC)], [AC_MSG_RESULT([no])]
+ )
+ else
+ AC_MSG_RESULT([disabled])
+ fi
+ LIBS=$saved_LIBS
AC_MSG_CHECKING([gmp.h version >= 4.1.4])
AC_TRY_COMPILE(
[#include "gmp.h"],
@@ -554,6 +588,15 @@ if test x$uci = xtrue; then
AC_CHECK_HEADER([uci.h],,[AC_MSG_ERROR([UCI header uci.h not found!])])
fi
+if test x$android = xtrue; then
+ AC_HAVE_LIBRARY([cutils],[LIBS="$LIBS"],[AC_MSG_ERROR([Android library libcutils not found])])
+ AC_CHECK_HEADER([cutils/properties.h],,[AC_MSG_ERROR([Android header cutils/properties.h not found!])])
+ dnl we have to force the use of libdl here because the autodetection
+ dnl above does not work correctly when cross-compiling for android.
+ DLLIB="-ldl"
+ AC_SUBST(DLLIB)
+fi
+
if test x$nm = xtrue; then
PKG_CHECK_EXISTS([libnm-glib],
[PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn])],
@@ -592,11 +635,12 @@ if test x$integrity_test = xtrue; then
)
fi
-dnl ======================================
-dnl collect all plugins for libstrongswan
-dnl ======================================
+dnl ==========================================================
+dnl collect all plugins for libstrongswan, libhydra and pluto
+dnl ==========================================================
libstrongswan_plugins=
+libhydra_plugins=
pluto_plugins=
if test x$test_vectors = xtrue; then
@@ -638,9 +682,6 @@ if test x$md5 = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" md5"
pluto_plugins=${pluto_plugins}" md5"
fi
-if test x$fips_prf = xtrue; then
- libstrongswan_plugins=${libstrongswan_plugins}" fips-prf"
-fi
if test x$random = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" random"
pluto_plugins=${pluto_plugins}" random"
@@ -677,10 +718,6 @@ if test x$sqlite = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" sqlite"
pluto_plugins=${pluto_plugins}" sqlite"
fi
-if test x$attr_sql = xtrue -o x$sql = xtrue; then
- libstrongswan_plugins=${libstrongswan_plugins}" attr-sql"
- pluto_plugins=${pluto_plugins}" attr-sql"
-fi
if test x$padlock = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" padlock"
fi
@@ -692,6 +729,9 @@ if test x$gcrypt = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" gcrypt"
pluto_plugins=${pluto_plugins}" gcrypt"
fi
+if test x$fips_prf = xtrue; then
+ libstrongswan_plugins=${libstrongswan_plugins}" fips-prf"
+fi
if test x$xcbc = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" xcbc"
fi
@@ -706,8 +746,17 @@ if test x$gmp = xtrue; then
libstrongswan_plugins=${libstrongswan_plugins}" gmp"
pluto_plugins=${pluto_plugins}" gmp"
fi
+if test x$attr = xtrue; then
+ libhydra_plugins=${libhydra_plugins}" attr"
+ pluto_plugins=${pluto_plugins}" attr"
+fi
+if test x$attr_sql = xtrue -o x$sql = xtrue; then
+ libhydra_plugins=${libhydra_plugins}" attr-sql"
+ pluto_plugins=${pluto_plugins}" attr-sql"
+fi
AC_SUBST(libstrongswan_plugins)
+AC_SUBST(libhydra_plugins)
AC_SUBST(pluto_plugins)
dnl =========================
@@ -752,13 +801,16 @@ AM_CONDITIONAL(USE_MEDSRV, test x$medsrv = xtrue)
AM_CONDITIONAL(USE_MEDCLI, test x$medcli = xtrue)
AM_CONDITIONAL(USE_NM, test x$nm = xtrue)
AM_CONDITIONAL(USE_UCI, test x$uci = xtrue)
+AM_CONDITIONAL(USE_ANDROID, test x$android = xtrue)
AM_CONDITIONAL(USE_SMP, test x$smp = xtrue)
AM_CONDITIONAL(USE_SQL, test x$sql = xtrue)
AM_CONDITIONAL(USE_UPDOWN, test x$updown = xtrue)
AM_CONDITIONAL(USE_ATTR, test x$attr = xtrue)
+AM_CONDITIONAL(USE_DHCP, test x$dhcp = xtrue)
AM_CONDITIONAL(USE_RESOLVE, test x$resolve = xtrue)
AM_CONDITIONAL(USE_UNIT_TESTS, test x$unit_tests = xtrue)
AM_CONDITIONAL(USE_LOAD_TESTER, test x$load_tester = xtrue)
+AM_CONDITIONAL(USE_HA, test x$ha = xtrue)
AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue)
AM_CONDITIONAL(USE_EAP_SIM_FILE, test x$eap_sim_file = xtrue)
AM_CONDITIONAL(USE_EAP_SIMAKA_PSEUDONYM, test x$eap_simaka_pseudonym = xtrue)
@@ -774,6 +826,10 @@ AM_CONDITIONAL(USE_KERNEL_NETLINK, test x$kernel_netlink = xtrue)
AM_CONDITIONAL(USE_KERNEL_PFKEY, test x$kernel_pfkey = xtrue)
AM_CONDITIONAL(USE_KERNEL_PFROUTE, test x$kernel_pfroute = xtrue)
AM_CONDITIONAL(USE_KERNEL_KLIPS, test x$kernel_klips = xtrue)
+AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue)
+AM_CONDITIONAL(USE_SOCKET_RAW, test x$socket_raw = xtrue)
+AM_CONDITIONAL(USE_SOCKET_DYNAMIC, test x$socket_dynamic = xtrue)
+AM_CONDITIONAL(USE_FARP, test x$farp = xtrue)
dnl other options
dnl =============
@@ -796,9 +852,11 @@ AM_CONDITIONAL(USE_CHARON, test x$charon = xtrue)
AM_CONDITIONAL(USE_TOOLS, test x$tools = xtrue)
AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue)
AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pluto = xtrue -o x$tools = xtrue)
+AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$pluto = xtrue)
AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue)
AM_CONDITIONAL(USE_VSTR, test x$vstr = xtrue)
AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue)
+AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue)
dnl ==============================
dnl set global definitions
@@ -810,6 +868,10 @@ fi
if test x$capabilities = xlibcap; then
AC_DEFINE(CAPABILITIES)
fi
+if test x$monolithic = xtrue; then
+ AC_DEFINE(MONOLITHIC)
+fi
+
dnl ==============================
dnl build Makefiles
@@ -842,44 +904,53 @@ AC_OUTPUT(
src/libstrongswan/plugins/ldap/Makefile
src/libstrongswan/plugins/mysql/Makefile
src/libstrongswan/plugins/sqlite/Makefile
- src/libstrongswan/plugins/attr_sql/Makefile
src/libstrongswan/plugins/padlock/Makefile
src/libstrongswan/plugins/openssl/Makefile
src/libstrongswan/plugins/gcrypt/Makefile
src/libstrongswan/plugins/agent/Makefile
src/libstrongswan/plugins/test_vectors/Makefile
+ src/libhydra/Makefile
+ src/libhydra/plugins/attr/Makefile
+ src/libhydra/plugins/attr_sql/Makefile
src/libfreeswan/Makefile
src/libsimaka/Makefile
src/pluto/Makefile
src/whack/Makefile
src/charon/Makefile
- src/charon/plugins/eap_aka/Makefile
- src/charon/plugins/eap_aka_3gpp2/Makefile
- src/charon/plugins/eap_identity/Makefile
- src/charon/plugins/eap_md5/Makefile
- src/charon/plugins/eap_gtc/Makefile
- src/charon/plugins/eap_sim/Makefile
- src/charon/plugins/eap_sim_file/Makefile
- src/charon/plugins/eap_simaka_pseudonym/Makefile
- src/charon/plugins/eap_simaka_reauth/Makefile
- src/charon/plugins/eap_mschapv2/Makefile
- src/charon/plugins/eap_radius/Makefile
- src/charon/plugins/kernel_netlink/Makefile
- src/charon/plugins/kernel_pfkey/Makefile
- src/charon/plugins/kernel_pfroute/Makefile
- src/charon/plugins/kernel_klips/Makefile
- src/charon/plugins/smp/Makefile
- src/charon/plugins/sql/Makefile
- src/charon/plugins/medsrv/Makefile
- src/charon/plugins/medcli/Makefile
- src/charon/plugins/nm/Makefile
- src/charon/plugins/uci/Makefile
- src/charon/plugins/stroke/Makefile
- src/charon/plugins/updown/Makefile
- src/charon/plugins/attr/Makefile
- src/charon/plugins/resolve/Makefile
- src/charon/plugins/unit_tester/Makefile
- src/charon/plugins/load_tester/Makefile
+ src/libcharon/Makefile
+ src/libcharon/plugins/eap_aka/Makefile
+ src/libcharon/plugins/eap_aka_3gpp2/Makefile
+ src/libcharon/plugins/eap_identity/Makefile
+ src/libcharon/plugins/eap_md5/Makefile
+ src/libcharon/plugins/eap_gtc/Makefile
+ src/libcharon/plugins/eap_sim/Makefile
+ src/libcharon/plugins/eap_sim_file/Makefile
+ src/libcharon/plugins/eap_simaka_pseudonym/Makefile
+ src/libcharon/plugins/eap_simaka_reauth/Makefile
+ src/libcharon/plugins/eap_mschapv2/Makefile
+ src/libcharon/plugins/eap_radius/Makefile
+ src/libcharon/plugins/kernel_netlink/Makefile
+ src/libcharon/plugins/kernel_pfkey/Makefile
+ src/libcharon/plugins/kernel_pfroute/Makefile
+ src/libcharon/plugins/kernel_klips/Makefile
+ src/libcharon/plugins/socket_default/Makefile
+ src/libcharon/plugins/socket_raw/Makefile
+ src/libcharon/plugins/socket_dynamic/Makefile
+ src/libcharon/plugins/farp/Makefile
+ src/libcharon/plugins/smp/Makefile
+ src/libcharon/plugins/sql/Makefile
+ src/libcharon/plugins/medsrv/Makefile
+ src/libcharon/plugins/medcli/Makefile
+ src/libcharon/plugins/nm/Makefile
+ src/libcharon/plugins/uci/Makefile
+ src/libcharon/plugins/ha/Makefile
+ src/libcharon/plugins/android/Makefile
+ src/libcharon/plugins/stroke/Makefile
+ src/libcharon/plugins/updown/Makefile
+ src/libcharon/plugins/dhcp/Makefile
+ src/libcharon/plugins/resolve/Makefile
+ src/libcharon/plugins/unit_tester/Makefile
+ src/libcharon/plugins/load_tester/Makefile
src/stroke/Makefile
src/ipsec/Makefile
src/starter/Makefile
diff --git a/m4/macros/enable-disable.m4 b/m4/macros/enable-disable.m4
index 6d7959e4e..3d423652f 100644
--- a/m4/macros/enable-disable.m4
+++ b/m4/macros/enable-disable.m4
@@ -6,12 +6,14 @@ AC_DEFUN([ARG_ENABL_SET],
[AC_ARG_ENABLE(
[$1],
AS_HELP_STRING([--enable-$1], [$2]),
- [if test x$enableval = xyes; then
+ [patsubst([$1], [-], [_])_given=true
+ if test x$enableval = xyes; then
patsubst([$1], [-], [_])=true
else
patsubst([$1], [-], [_])=false
fi],
- patsubst([$1], [-], [_])=false
+ [patsubst([$1], [-], [_])=false
+ patsubst([$1], [-], [_])_given=false]
)]
)
@@ -22,11 +24,13 @@ AC_DEFUN([ARG_DISBL_SET],
[AC_ARG_ENABLE(
[$1],
AS_HELP_STRING([--disable-$1], [$2]),
- [if test x$enableval = xyes; then
+ [patsubst([$1], [-], [_])_given=true
+ if test x$enableval = xyes; then
patsubst([$1], [-], [_])=true
else
patsubst([$1], [-], [_])=false
fi],
- patsubst([$1], [-], [_])=true
+ [patsubst([$1], [-], [_])=true
+ patsubst([$1], [-], [_])_given=false]
)]
)
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 24e3cd164..70a56f697 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -17,3 +17,7 @@ key2keyid_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
keyid2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
dh_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
+
+key2keyid.o : $(top_builddir)/config.status
+
+keyid2sql.o : $(top_builddir)/config.status
diff --git a/scripts/Makefile.in b/scripts/Makefile.in
index 7d1af0803..6a75fa7ae 100644
--- a/scripts/Makefile.in
+++ b/scripts/Makefile.in
@@ -226,6 +226,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -585,6 +586,10 @@ uninstall-am:
pdf pdf-am ps ps-am tags uninstall uninstall-am
+key2keyid.o : $(top_builddir)/config.status
+
+keyid2sql.o : $(top_builddir)/config.status
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff --git a/scripts/dh_speed.c b/scripts/dh_speed.c
index b85bf1ad8..ce102491b 100644
--- a/scripts/dh_speed.c
+++ b/scripts/dh_speed.c
@@ -15,19 +15,22 @@ struct {
char *name;
diffie_hellman_group_t group;
} groups[] = {
- {"modp768", MODP_768_BIT},
- {"modp1024", MODP_1024_BIT},
- {"modp1536", MODP_1536_BIT},
- {"modp2048", MODP_2048_BIT},
- {"modp3072", MODP_3072_BIT},
- {"modp4096", MODP_4096_BIT},
- {"modp6144", MODP_6144_BIT},
- {"modp8192", MODP_8192_BIT},
- {"ecp256", ECP_256_BIT},
- {"ecp384", ECP_384_BIT},
- {"ecp521", ECP_521_BIT},
- {"ecp192", ECP_192_BIT},
- {"ecp224", ECP_224_BIT},
+ {"modp768", MODP_768_BIT},
+ {"modp1024", MODP_1024_BIT},
+ {"modp1024s160", MODP_1024_160},
+ {"modp1536", MODP_1536_BIT},
+ {"modp2048", MODP_2048_BIT},
+ {"modp2048s224", MODP_2048_224},
+ {"modp2048s256", MODP_2048_256},
+ {"modp3072", MODP_3072_BIT},
+ {"modp4096", MODP_4096_BIT},
+ {"modp6144", MODP_6144_BIT},
+ {"modp8192", MODP_8192_BIT},
+ {"ecp256", ECP_256_BIT},
+ {"ecp384", ECP_384_BIT},
+ {"ecp521", ECP_521_BIT},
+ {"ecp192", ECP_192_BIT},
+ {"ecp224", ECP_224_BIT},
};
static void start_timing(struct timespec *start)
diff --git a/src/Makefile.am b/src/Makefile.am
index ae3ec8a20..8d4dd2e37 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -4,6 +4,10 @@ if USE_LIBSTRONGSWAN
SUBDIRS += libstrongswan
endif
+if USE_LIBHYDRA
+ SUBDIRS += libhydra
+endif
+
if USE_SIMAKA
SUBDIRS += libsimaka
endif
@@ -17,7 +21,7 @@ if USE_PLUTO
endif
if USE_CHARON
- SUBDIRS += charon
+ SUBDIRS += libcharon charon
endif
if USE_STROKE
@@ -29,7 +33,7 @@ if USE_UPDOWN
endif
if USE_TOOLS
- SUBDIRS += openac scepclient pki
+ SUBDIRS += libfreeswan openac scepclient pki
endif
if USE_DUMM
diff --git a/src/Makefile.in b/src/Makefile.in
index 2e305f50a..2a04c8b19 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -34,18 +34,19 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@USE_LIBSTRONGSWAN_TRUE@am__append_1 = libstrongswan
-@USE_SIMAKA_TRUE@am__append_2 = libsimaka
-@USE_FILE_CONFIG_TRUE@am__append_3 = libfreeswan starter ipsec _copyright
-@USE_PLUTO_TRUE@am__append_4 = pluto whack
-@USE_CHARON_TRUE@am__append_5 = charon
-@USE_STROKE_TRUE@am__append_6 = stroke
-@USE_UPDOWN_TRUE@am__append_7 = _updown _updown_espmark
-@USE_TOOLS_TRUE@am__append_8 = openac scepclient pki
-@USE_DUMM_TRUE@am__append_9 = dumm
-@USE_FAST_TRUE@am__append_10 = libfast
-@USE_MANAGER_TRUE@am__append_11 = manager
-@USE_MEDSRV_TRUE@am__append_12 = medsrv
-@USE_INTEGRITY_TEST_TRUE@am__append_13 = checksum
+@USE_LIBHYDRA_TRUE@am__append_2 = libhydra
+@USE_SIMAKA_TRUE@am__append_3 = libsimaka
+@USE_FILE_CONFIG_TRUE@am__append_4 = libfreeswan starter ipsec _copyright
+@USE_PLUTO_TRUE@am__append_5 = pluto whack
+@USE_CHARON_TRUE@am__append_6 = libcharon charon
+@USE_STROKE_TRUE@am__append_7 = stroke
+@USE_UPDOWN_TRUE@am__append_8 = _updown _updown_espmark
+@USE_TOOLS_TRUE@am__append_9 = libfreeswan openac scepclient pki
+@USE_DUMM_TRUE@am__append_10 = dumm
+@USE_FAST_TRUE@am__append_11 = libfast
+@USE_MANAGER_TRUE@am__append_12 = manager
+@USE_MEDSRV_TRUE@am__append_13 = medsrv
+@USE_INTEGRITY_TEST_TRUE@am__append_14 = checksum
subdir = src
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -78,10 +79,10 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
distdir
ETAGS = etags
CTAGS = ctags
-DIST_SUBDIRS = . include libstrongswan libsimaka libfreeswan starter \
- ipsec _copyright pluto whack charon stroke _updown \
- _updown_espmark openac scepclient pki dumm libfast manager \
- medsrv checksum
+DIST_SUBDIRS = . include libstrongswan libhydra libsimaka libfreeswan \
+ starter ipsec _copyright pluto whack libcharon charon stroke \
+ _updown _updown_espmark openac scepclient pki dumm libfast \
+ manager medsrv checksum
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -228,6 +229,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -266,7 +268,7 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \
$(am__append_4) $(am__append_5) $(am__append_6) \
$(am__append_7) $(am__append_8) $(am__append_9) \
$(am__append_10) $(am__append_11) $(am__append_12) \
- $(am__append_13)
+ $(am__append_13) $(am__append_14)
EXTRA_DIST = strongswan.conf
all: all-recursive
diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in
index fe529a151..d4e1c157b 100644
--- a/src/_copyright/Makefile.in
+++ b/src/_copyright/Makefile.in
@@ -221,6 +221,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in
index e99238ed8..cf153461d 100644
--- a/src/_updown/Makefile.in
+++ b/src/_updown/Makefile.in
@@ -200,6 +200,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
diff --git a/src/_updown_espmark/Makefile.in b/src/_updown_espmark/Makefile.in
index ed88b67a6..a4379b44c 100644
--- a/src/_updown_espmark/Makefile.in
+++ b/src/_updown_espmark/Makefile.in
@@ -200,6 +200,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
diff --git a/src/charon/Android.mk b/src/charon/Android.mk
new file mode 100644
index 000000000..491d7f946
--- /dev/null
+++ b/src/charon/Android.mk
@@ -0,0 +1,27 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# copy-n-paste from Makefile.am
+LOCAL_SRC_FILES := \
+charon.c
+
+# build charon -----------------------------------------------------------------
+
+LOCAL_C_INCLUDES += \
+ $(libvstr_PATH) \
+ $(strongswan_PATH)/src/libhydra \
+ $(strongswan_PATH)/src/libcharon \
+ $(strongswan_PATH)/src/libstrongswan
+
+LOCAL_CFLAGS := $(strongswan_CFLAGS)
+
+LOCAL_MODULE := charon
+
+LOCAL_ARM_MODE := arm
+
+LOCAL_PRELINK_MODULE := false
+
+LOCAL_SHARED_LIBRARIES += libstrongswan libhydra libcharon
+
+include $(BUILD_EXECUTABLE)
+
diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am
index e20d45cf8..6481947f1 100644
--- a/src/charon/Makefile.am
+++ b/src/charon/Makefile.am
@@ -1,275 +1,22 @@
ipsec_PROGRAMS = charon
charon_SOURCES = \
-bus/bus.c bus/bus.h \
-bus/listeners/listener.h \
-bus/listeners/file_logger.c bus/listeners/file_logger.h \
-bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
-config/backend_manager.c config/backend_manager.h config/backend.h \
-config/child_cfg.c config/child_cfg.h \
-config/ike_cfg.c config/ike_cfg.h \
-config/peer_cfg.c config/peer_cfg.h \
-config/proposal.c config/proposal.h \
-config/auth_cfg.c config/auth_cfg.h \
-control/controller.c control/controller.h \
-daemon.c daemon.h \
-encoding/generator.c encoding/generator.h \
-encoding/message.c encoding/message.h \
-encoding/parser.c encoding/parser.h \
-encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \
-encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \
-encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \
-encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \
-encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
-encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
-encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
-encoding/payloads/encodings.c encoding/payloads/encodings.h \
-encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \
-encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
-encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
-encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
-encoding/payloads/nonce_payload.c encoding/payloads/nonce_payload.h \
-encoding/payloads/notify_payload.c encoding/payloads/notify_payload.h \
-encoding/payloads/payload.c encoding/payloads/payload.h \
-encoding/payloads/proposal_substructure.c encoding/payloads/proposal_substructure.h \
-encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
-encoding/payloads/traffic_selector_substructure.c encoding/payloads/traffic_selector_substructure.h \
-encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \
-encoding/payloads/transform_substructure.c encoding/payloads/transform_substructure.h \
-encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
-encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \
-encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \
-kernel/kernel_interface.c kernel/kernel_interface.h \
-kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
-kernel/kernel_net.h \
-network/packet.c network/packet.h \
-network/receiver.c network/receiver.h \
-network/sender.c network/sender.h \
-network/socket.h \
-processing/jobs/job.h \
-processing/jobs/acquire_job.c processing/jobs/acquire_job.h \
-processing/jobs/callback_job.c processing/jobs/callback_job.h \
-processing/jobs/delete_child_sa_job.c processing/jobs/delete_child_sa_job.h \
-processing/jobs/delete_ike_sa_job.c processing/jobs/delete_ike_sa_job.h \
-processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
-processing/jobs/process_message_job.c processing/jobs/process_message_job.h \
-processing/jobs/rekey_child_sa_job.c processing/jobs/rekey_child_sa_job.h \
-processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \
-processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \
-processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
-processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \
-processing/jobs/roam_job.c processing/jobs/roam_job.h \
-processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \
-processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \
-processing/scheduler.c processing/scheduler.h \
-processing/processor.c processing/processor.h \
-sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
-sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
-sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
-sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \
-sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \
-sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
-sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \
-sa/child_sa.c sa/child_sa.h \
-sa/ike_sa.c sa/ike_sa.h \
-sa/ike_sa_id.c sa/ike_sa_id.h \
-sa/ike_sa_manager.c sa/ike_sa_manager.h \
-sa/task_manager.c sa/task_manager.h \
-sa/keymat.c sa/keymat.h \
-sa/trap_manager.c sa/trap_manager.h \
-sa/tasks/child_create.c sa/tasks/child_create.h \
-sa/tasks/child_delete.c sa/tasks/child_delete.h \
-sa/tasks/child_rekey.c sa/tasks/child_rekey.h \
-sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
-sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
-sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
-sa/tasks/ike_config.c sa/tasks/ike_config.h \
-sa/tasks/ike_delete.c sa/tasks/ike_delete.h \
-sa/tasks/ike_dpd.c sa/tasks/ike_dpd.h \
-sa/tasks/ike_init.c sa/tasks/ike_init.h \
-sa/tasks/ike_natd.c sa/tasks/ike_natd.h \
-sa/tasks/ike_mobike.c sa/tasks/ike_mobike.h \
-sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
-sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \
-sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \
-sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \
-sa/tasks/task.c sa/tasks/task.h \
-credentials/credential_manager.c credentials/credential_manager.h \
-credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \
-credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \
-credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
-credentials/credential_set.h
+charon.c
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-AM_CFLAGS = -rdynamic \
- -DIPSEC_DIR=\"${ipsecdir}\" \
- -DIPSEC_PIDDIR=\"${piddir}\"
-charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB)
+INCLUDES = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
-# compile options
-#################
+AM_CFLAGS = \
+ -DIPSEC_DIR=\"${ipsecdir}\" \
+ -DIPSEC_PIDDIR=\"${piddir}\"
-# Use RAW socket if pluto gets built
-if USE_PLUTO
- charon_SOURCES += network/socket-raw.c
-else
- charon_SOURCES += network/socket.c
-endif
+charon_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ -lm $(PTHREADLIB) $(DLLIB)
-if USE_ME
- charon_SOURCES += encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \
- processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \
- processing/jobs/mediation_job.c processing/jobs/mediation_job.h \
- sa/connect_manager.c sa/connect_manager.h \
- sa/mediation_manager.c sa/mediation_manager.h \
- sa/tasks/ike_me.c sa/tasks/ike_me.h
-endif
-
-if USE_CAPABILITIES
- charon_LDADD += -lcap
-endif
-
-
-# build optional plugins
-########################
-
-SUBDIRS = .
-PLUGINS = ${libstrongswan_plugins}
-
-if USE_LOAD_TESTER
- SUBDIRS += plugins/load_tester
- PLUGINS += load-tester
-endif
-
-if USE_KERNEL_PFKEY
- SUBDIRS += plugins/kernel_pfkey
- PLUGINS += kernel-pfkey
-endif
-
-if USE_KERNEL_PFROUTE
- SUBDIRS += plugins/kernel_pfroute
- PLUGINS += kernel-pfroute
-endif
-
-if USE_KERNEL_KLIPS
- SUBDIRS += plugins/kernel_klips
- PLUGINS += kernel-klips
-endif
-
-if USE_KERNEL_NETLINK
- SUBDIRS += plugins/kernel_netlink
- PLUGINS += kernel-netlink
-endif
-
-if USE_STROKE
- SUBDIRS += plugins/stroke
- PLUGINS += stroke
-endif
-
-if USE_SMP
- SUBDIRS += plugins/smp
- PLUGINS += smp
-endif
-
-if USE_SQL
- SUBDIRS += plugins/sql
- PLUGINS += sql
-endif
-
-if USE_UPDOWN
- SUBDIRS += plugins/updown
- PLUGINS += updown
-endif
-
-if USE_ATTR
- SUBDIRS += plugins/attr
- PLUGINS += attr
-endif
-
-if USE_EAP_IDENTITY
- SUBDIRS += plugins/eap_identity
- PLUGINS += eap-identity
-endif
-
-if USE_EAP_SIM
- SUBDIRS += plugins/eap_sim
- PLUGINS += eap-sim
-endif
-
-if USE_EAP_SIM_FILE
- SUBDIRS += plugins/eap_sim_file
- PLUGINS += eap-sim-file
-endif
-
-if USE_EAP_SIMAKA_PSEUDONYM
- SUBDIRS += plugins/eap_simaka_pseudonym
- PLUGINS += eap-simaka-pseudonym
-endif
-
-if USE_EAP_SIMAKA_REAUTH
- SUBDIRS += plugins/eap_simaka_reauth
- PLUGINS += eap-simaka-reauth
-endif
-
-if USE_EAP_MD5
- SUBDIRS += plugins/eap_md5
- PLUGINS += eap-md5
-endif
-
-if USE_EAP_GTC
- SUBDIRS += plugins/eap_gtc
- PLUGINS += eap-gtc
-endif
-
-if USE_EAP_AKA
- SUBDIRS += plugins/eap_aka
- PLUGINS += eap-aka
-endif
-
-if USE_EAP_AKA_3GPP2
- SUBDIRS += plugins/eap_aka_3gpp2
- PLUGINS += eap-aka-3gpp2
-endif
-
-if USE_EAP_MSCHAPV2
- SUBDIRS += plugins/eap_mschapv2
- PLUGINS += eap-mschapv2
-endif
-
-if USE_EAP_RADIUS
- SUBDIRS += plugins/eap_radius
- PLUGINS += eap-radius
-endif
-
-if USE_MEDSRV
- SUBDIRS += plugins/medsrv
- PLUGINS += medsrv
-endif
-
-if USE_MEDCLI
- SUBDIRS += plugins/medcli
- PLUGINS += medcli
-endif
-
-if USE_NM
- SUBDIRS += plugins/nm
- PLUGINS += nm
-endif
-
-if USE_RESOLVE
- SUBDIRS += plugins/resolve
- PLUGINS += resolve
-endif
-
-if USE_UCI
- SUBDIRS += plugins/uci
- PLUGINS += uci
-endif
-
-if USE_UNIT_TESTS
- SUBDIRS += plugins/unit_tester
- PLUGINS += unit-tester
-endif
-
-AM_CFLAGS += -DPLUGINS=\""${PLUGINS}\""
+EXTRA_DIST = Android.mk
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index d7339b226..66690a37a 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -35,75 +35,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = charon$(EXEEXT)
-
-# compile options
-#################
-
-# Use RAW socket if pluto gets built
-@USE_PLUTO_TRUE@am__append_1 = network/socket-raw.c
-@USE_PLUTO_FALSE@am__append_2 = network/socket.c
-@USE_ME_TRUE@am__append_3 = encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \
-@USE_ME_TRUE@ processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \
-@USE_ME_TRUE@ processing/jobs/mediation_job.c processing/jobs/mediation_job.h \
-@USE_ME_TRUE@ sa/connect_manager.c sa/connect_manager.h \
-@USE_ME_TRUE@ sa/mediation_manager.c sa/mediation_manager.h \
-@USE_ME_TRUE@ sa/tasks/ike_me.c sa/tasks/ike_me.h
-
-@USE_CAPABILITIES_TRUE@am__append_4 = -lcap
-@USE_LOAD_TESTER_TRUE@am__append_5 = plugins/load_tester
-@USE_LOAD_TESTER_TRUE@am__append_6 = load-tester
-@USE_KERNEL_PFKEY_TRUE@am__append_7 = plugins/kernel_pfkey
-@USE_KERNEL_PFKEY_TRUE@am__append_8 = kernel-pfkey
-@USE_KERNEL_PFROUTE_TRUE@am__append_9 = plugins/kernel_pfroute
-@USE_KERNEL_PFROUTE_TRUE@am__append_10 = kernel-pfroute
-@USE_KERNEL_KLIPS_TRUE@am__append_11 = plugins/kernel_klips
-@USE_KERNEL_KLIPS_TRUE@am__append_12 = kernel-klips
-@USE_KERNEL_NETLINK_TRUE@am__append_13 = plugins/kernel_netlink
-@USE_KERNEL_NETLINK_TRUE@am__append_14 = kernel-netlink
-@USE_STROKE_TRUE@am__append_15 = plugins/stroke
-@USE_STROKE_TRUE@am__append_16 = stroke
-@USE_SMP_TRUE@am__append_17 = plugins/smp
-@USE_SMP_TRUE@am__append_18 = smp
-@USE_SQL_TRUE@am__append_19 = plugins/sql
-@USE_SQL_TRUE@am__append_20 = sql
-@USE_UPDOWN_TRUE@am__append_21 = plugins/updown
-@USE_UPDOWN_TRUE@am__append_22 = updown
-@USE_ATTR_TRUE@am__append_23 = plugins/attr
-@USE_ATTR_TRUE@am__append_24 = attr
-@USE_EAP_IDENTITY_TRUE@am__append_25 = plugins/eap_identity
-@USE_EAP_IDENTITY_TRUE@am__append_26 = eap-identity
-@USE_EAP_SIM_TRUE@am__append_27 = plugins/eap_sim
-@USE_EAP_SIM_TRUE@am__append_28 = eap-sim
-@USE_EAP_SIM_FILE_TRUE@am__append_29 = plugins/eap_sim_file
-@USE_EAP_SIM_FILE_TRUE@am__append_30 = eap-sim-file
-@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_31 = plugins/eap_simaka_pseudonym
-@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_32 = eap-simaka-pseudonym
-@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_33 = plugins/eap_simaka_reauth
-@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_34 = eap-simaka-reauth
-@USE_EAP_MD5_TRUE@am__append_35 = plugins/eap_md5
-@USE_EAP_MD5_TRUE@am__append_36 = eap-md5
-@USE_EAP_GTC_TRUE@am__append_37 = plugins/eap_gtc
-@USE_EAP_GTC_TRUE@am__append_38 = eap-gtc
-@USE_EAP_AKA_TRUE@am__append_39 = plugins/eap_aka
-@USE_EAP_AKA_TRUE@am__append_40 = eap-aka
-@USE_EAP_AKA_3GPP2_TRUE@am__append_41 = plugins/eap_aka_3gpp2
-@USE_EAP_AKA_3GPP2_TRUE@am__append_42 = eap-aka-3gpp2
-@USE_EAP_MSCHAPV2_TRUE@am__append_43 = plugins/eap_mschapv2
-@USE_EAP_MSCHAPV2_TRUE@am__append_44 = eap-mschapv2
-@USE_EAP_RADIUS_TRUE@am__append_45 = plugins/eap_radius
-@USE_EAP_RADIUS_TRUE@am__append_46 = eap-radius
-@USE_MEDSRV_TRUE@am__append_47 = plugins/medsrv
-@USE_MEDSRV_TRUE@am__append_48 = medsrv
-@USE_MEDCLI_TRUE@am__append_49 = plugins/medcli
-@USE_MEDCLI_TRUE@am__append_50 = medcli
-@USE_NM_TRUE@am__append_51 = plugins/nm
-@USE_NM_TRUE@am__append_52 = nm
-@USE_RESOLVE_TRUE@am__append_53 = plugins/resolve
-@USE_RESOLVE_TRUE@am__append_54 = resolve
-@USE_UCI_TRUE@am__append_55 = plugins/uci
-@USE_UCI_TRUE@am__append_56 = uci
-@USE_UNIT_TESTS_TRUE@am__append_57 = plugins/unit_tester
-@USE_UNIT_TESTS_TRUE@am__append_58 = unit-tester
subdir = src/charon
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -122,186 +53,13 @@ CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__installdirs = "$(DESTDIR)$(ipsecdir)"
PROGRAMS = $(ipsec_PROGRAMS)
-am__charon_SOURCES_DIST = bus/bus.c bus/bus.h bus/listeners/listener.h \
- bus/listeners/file_logger.c bus/listeners/file_logger.h \
- bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
- config/backend_manager.c config/backend_manager.h \
- config/backend.h config/child_cfg.c config/child_cfg.h \
- config/ike_cfg.c config/ike_cfg.h config/peer_cfg.c \
- config/peer_cfg.h config/proposal.c config/proposal.h \
- config/auth_cfg.c config/auth_cfg.h control/controller.c \
- control/controller.h daemon.c daemon.h encoding/generator.c \
- encoding/generator.h encoding/message.c encoding/message.h \
- encoding/parser.c encoding/parser.h \
- encoding/payloads/auth_payload.c \
- encoding/payloads/auth_payload.h \
- encoding/payloads/cert_payload.c \
- encoding/payloads/cert_payload.h \
- encoding/payloads/certreq_payload.c \
- encoding/payloads/certreq_payload.h \
- encoding/payloads/configuration_attribute.c \
- encoding/payloads/configuration_attribute.h \
- encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
- encoding/payloads/delete_payload.c \
- encoding/payloads/delete_payload.h \
- encoding/payloads/eap_payload.c \
- encoding/payloads/eap_payload.h encoding/payloads/encodings.c \
- encoding/payloads/encodings.h \
- encoding/payloads/encryption_payload.c \
- encoding/payloads/encryption_payload.h \
- encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
- encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
- encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
- encoding/payloads/nonce_payload.c \
- encoding/payloads/nonce_payload.h \
- encoding/payloads/notify_payload.c \
- encoding/payloads/notify_payload.h encoding/payloads/payload.c \
- encoding/payloads/payload.h \
- encoding/payloads/proposal_substructure.c \
- encoding/payloads/proposal_substructure.h \
- encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
- encoding/payloads/traffic_selector_substructure.c \
- encoding/payloads/traffic_selector_substructure.h \
- encoding/payloads/transform_attribute.c \
- encoding/payloads/transform_attribute.h \
- encoding/payloads/transform_substructure.c \
- encoding/payloads/transform_substructure.h \
- encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
- encoding/payloads/unknown_payload.c \
- encoding/payloads/unknown_payload.h \
- encoding/payloads/vendor_id_payload.c \
- encoding/payloads/vendor_id_payload.h \
- kernel/kernel_interface.c kernel/kernel_interface.h \
- kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
- kernel/kernel_net.h network/packet.c network/packet.h \
- network/receiver.c network/receiver.h network/sender.c \
- network/sender.h network/socket.h processing/jobs/job.h \
- processing/jobs/acquire_job.c processing/jobs/acquire_job.h \
- processing/jobs/callback_job.c processing/jobs/callback_job.h \
- processing/jobs/delete_child_sa_job.c \
- processing/jobs/delete_child_sa_job.h \
- processing/jobs/delete_ike_sa_job.c \
- processing/jobs/delete_ike_sa_job.h \
- processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
- processing/jobs/process_message_job.c \
- processing/jobs/process_message_job.h \
- processing/jobs/rekey_child_sa_job.c \
- processing/jobs/rekey_child_sa_job.h \
- processing/jobs/rekey_ike_sa_job.c \
- processing/jobs/rekey_ike_sa_job.h \
- processing/jobs/retransmit_job.c \
- processing/jobs/retransmit_job.h \
- processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
- processing/jobs/send_keepalive_job.c \
- processing/jobs/send_keepalive_job.h \
- processing/jobs/roam_job.c processing/jobs/roam_job.h \
- processing/jobs/update_sa_job.c \
- processing/jobs/update_sa_job.h \
- processing/jobs/inactivity_job.c \
- processing/jobs/inactivity_job.h processing/scheduler.c \
- processing/scheduler.h processing/processor.c \
- processing/processor.h sa/authenticators/authenticator.c \
- sa/authenticators/authenticator.h \
- sa/authenticators/eap_authenticator.c \
- sa/authenticators/eap_authenticator.h \
- sa/authenticators/eap/eap_method.c \
- sa/authenticators/eap/eap_method.h \
- sa/authenticators/eap/eap_manager.c \
- sa/authenticators/eap/eap_manager.h \
- sa/authenticators/eap/sim_manager.c \
- sa/authenticators/eap/sim_manager.h \
- sa/authenticators/psk_authenticator.c \
- sa/authenticators/psk_authenticator.h \
- sa/authenticators/pubkey_authenticator.c \
- sa/authenticators/pubkey_authenticator.h sa/child_sa.c \
- sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_id.c \
- sa/ike_sa_id.h sa/ike_sa_manager.c sa/ike_sa_manager.h \
- sa/task_manager.c sa/task_manager.h sa/keymat.c sa/keymat.h \
- sa/trap_manager.c sa/trap_manager.h sa/tasks/child_create.c \
- sa/tasks/child_create.h sa/tasks/child_delete.c \
- sa/tasks/child_delete.h sa/tasks/child_rekey.c \
- sa/tasks/child_rekey.h sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
- sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
- sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
- sa/tasks/ike_config.c sa/tasks/ike_config.h \
- sa/tasks/ike_delete.c sa/tasks/ike_delete.h sa/tasks/ike_dpd.c \
- sa/tasks/ike_dpd.h sa/tasks/ike_init.c sa/tasks/ike_init.h \
- sa/tasks/ike_natd.c sa/tasks/ike_natd.h sa/tasks/ike_mobike.c \
- sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \
- sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \
- sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \
- sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \
- sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \
- credentials/credential_manager.c \
- credentials/credential_manager.h \
- credentials/sets/auth_cfg_wrapper.c \
- credentials/sets/auth_cfg_wrapper.h \
- credentials/sets/ocsp_response_wrapper.c \
- credentials/sets/ocsp_response_wrapper.h \
- credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
- credentials/credential_set.h network/socket-raw.c \
- network/socket.c encoding/payloads/endpoint_notify.c \
- encoding/payloads/endpoint_notify.h \
- processing/jobs/initiate_mediation_job.c \
- processing/jobs/initiate_mediation_job.h \
- processing/jobs/mediation_job.c \
- processing/jobs/mediation_job.h sa/connect_manager.c \
- sa/connect_manager.h sa/mediation_manager.c \
- sa/mediation_manager.h sa/tasks/ike_me.c sa/tasks/ike_me.h
-@USE_PLUTO_TRUE@am__objects_1 = socket-raw.$(OBJEXT)
-@USE_PLUTO_FALSE@am__objects_2 = socket.$(OBJEXT)
-@USE_ME_TRUE@am__objects_3 = endpoint_notify.$(OBJEXT) \
-@USE_ME_TRUE@ initiate_mediation_job.$(OBJEXT) \
-@USE_ME_TRUE@ mediation_job.$(OBJEXT) connect_manager.$(OBJEXT) \
-@USE_ME_TRUE@ mediation_manager.$(OBJEXT) ike_me.$(OBJEXT)
-am_charon_OBJECTS = bus.$(OBJEXT) file_logger.$(OBJEXT) \
- sys_logger.$(OBJEXT) backend_manager.$(OBJEXT) \
- child_cfg.$(OBJEXT) ike_cfg.$(OBJEXT) peer_cfg.$(OBJEXT) \
- proposal.$(OBJEXT) auth_cfg.$(OBJEXT) controller.$(OBJEXT) \
- daemon.$(OBJEXT) generator.$(OBJEXT) message.$(OBJEXT) \
- parser.$(OBJEXT) auth_payload.$(OBJEXT) cert_payload.$(OBJEXT) \
- certreq_payload.$(OBJEXT) configuration_attribute.$(OBJEXT) \
- cp_payload.$(OBJEXT) delete_payload.$(OBJEXT) \
- eap_payload.$(OBJEXT) encodings.$(OBJEXT) \
- encryption_payload.$(OBJEXT) id_payload.$(OBJEXT) \
- ike_header.$(OBJEXT) ke_payload.$(OBJEXT) \
- nonce_payload.$(OBJEXT) notify_payload.$(OBJEXT) \
- payload.$(OBJEXT) proposal_substructure.$(OBJEXT) \
- sa_payload.$(OBJEXT) traffic_selector_substructure.$(OBJEXT) \
- transform_attribute.$(OBJEXT) transform_substructure.$(OBJEXT) \
- ts_payload.$(OBJEXT) unknown_payload.$(OBJEXT) \
- vendor_id_payload.$(OBJEXT) kernel_interface.$(OBJEXT) \
- kernel_ipsec.$(OBJEXT) packet.$(OBJEXT) receiver.$(OBJEXT) \
- sender.$(OBJEXT) acquire_job.$(OBJEXT) callback_job.$(OBJEXT) \
- delete_child_sa_job.$(OBJEXT) delete_ike_sa_job.$(OBJEXT) \
- migrate_job.$(OBJEXT) process_message_job.$(OBJEXT) \
- rekey_child_sa_job.$(OBJEXT) rekey_ike_sa_job.$(OBJEXT) \
- retransmit_job.$(OBJEXT) send_dpd_job.$(OBJEXT) \
- send_keepalive_job.$(OBJEXT) roam_job.$(OBJEXT) \
- update_sa_job.$(OBJEXT) inactivity_job.$(OBJEXT) \
- scheduler.$(OBJEXT) processor.$(OBJEXT) \
- authenticator.$(OBJEXT) eap_authenticator.$(OBJEXT) \
- eap_method.$(OBJEXT) eap_manager.$(OBJEXT) \
- sim_manager.$(OBJEXT) psk_authenticator.$(OBJEXT) \
- pubkey_authenticator.$(OBJEXT) child_sa.$(OBJEXT) \
- ike_sa.$(OBJEXT) ike_sa_id.$(OBJEXT) ike_sa_manager.$(OBJEXT) \
- task_manager.$(OBJEXT) keymat.$(OBJEXT) trap_manager.$(OBJEXT) \
- child_create.$(OBJEXT) child_delete.$(OBJEXT) \
- child_rekey.$(OBJEXT) ike_auth.$(OBJEXT) \
- ike_cert_pre.$(OBJEXT) ike_cert_post.$(OBJEXT) \
- ike_config.$(OBJEXT) ike_delete.$(OBJEXT) ike_dpd.$(OBJEXT) \
- ike_init.$(OBJEXT) ike_natd.$(OBJEXT) ike_mobike.$(OBJEXT) \
- ike_rekey.$(OBJEXT) ike_reauth.$(OBJEXT) \
- ike_auth_lifetime.$(OBJEXT) ike_vendor.$(OBJEXT) \
- task.$(OBJEXT) credential_manager.$(OBJEXT) \
- auth_cfg_wrapper.$(OBJEXT) ocsp_response_wrapper.$(OBJEXT) \
- cert_cache.$(OBJEXT) $(am__objects_1) $(am__objects_2) \
- $(am__objects_3)
+am_charon_OBJECTS = charon.$(OBJEXT)
charon_OBJECTS = $(am_charon_OBJECTS)
am__DEPENDENCIES_1 =
charon_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libcharon/libcharon.la \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
@@ -317,57 +75,10 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(charon_SOURCES)
-DIST_SOURCES = $(am__charon_SOURCES_DIST)
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
- html-recursive info-recursive install-data-recursive \
- install-dvi-recursive install-exec-recursive \
- install-html-recursive install-info-recursive \
- install-pdf-recursive install-ps-recursive install-recursive \
- installcheck-recursive installdirs-recursive pdf-recursive \
- ps-recursive uninstall-recursive
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
- distclean-recursive maintainer-clean-recursive
-AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
- $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
- distdir
+DIST_SOURCES = $(charon_SOURCES)
ETAGS = etags
CTAGS = ctags
-DIST_SUBDIRS = . plugins/load_tester plugins/kernel_pfkey \
- plugins/kernel_pfroute plugins/kernel_klips \
- plugins/kernel_netlink plugins/stroke plugins/smp plugins/sql \
- plugins/updown plugins/attr plugins/eap_identity \
- plugins/eap_sim plugins/eap_sim_file \
- plugins/eap_simaka_pseudonym plugins/eap_simaka_reauth \
- plugins/eap_md5 plugins/eap_gtc plugins/eap_aka \
- plugins/eap_aka_3gpp2 plugins/eap_mschapv2 plugins/eap_radius \
- plugins/medsrv plugins/medcli plugins/nm plugins/resolve \
- plugins/uci plugins/unit_tester
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-am__relativize = \
- dir0=`pwd`; \
- sed_first='s,^\([^/]*\)/.*$$,\1,'; \
- sed_rest='s,^[^/]*/*,,'; \
- sed_last='s,^.*/\([^/]*\)$$,\1,'; \
- sed_butlast='s,/*[^/]*$$,,'; \
- while test -n "$$dir1"; do \
- first=`echo "$$dir1" | sed -e "$$sed_first"`; \
- if test "$$first" != "."; then \
- if test "$$first" = ".."; then \
- dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
- dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
- else \
- first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
- if test "$$first2" = "$$first"; then \
- dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
- else \
- dir2="../$$dir2"; \
- fi; \
- dir0="$$dir0"/"$$first"; \
- fi; \
- fi; \
- dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
- done; \
- reldir="$$dir2"
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
@@ -488,6 +199,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -522,153 +234,26 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-charon_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \
- bus/listeners/file_logger.c bus/listeners/file_logger.h \
- bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
- config/backend_manager.c config/backend_manager.h \
- config/backend.h config/child_cfg.c config/child_cfg.h \
- config/ike_cfg.c config/ike_cfg.h config/peer_cfg.c \
- config/peer_cfg.h config/proposal.c config/proposal.h \
- config/auth_cfg.c config/auth_cfg.h control/controller.c \
- control/controller.h daemon.c daemon.h encoding/generator.c \
- encoding/generator.h encoding/message.c encoding/message.h \
- encoding/parser.c encoding/parser.h \
- encoding/payloads/auth_payload.c \
- encoding/payloads/auth_payload.h \
- encoding/payloads/cert_payload.c \
- encoding/payloads/cert_payload.h \
- encoding/payloads/certreq_payload.c \
- encoding/payloads/certreq_payload.h \
- encoding/payloads/configuration_attribute.c \
- encoding/payloads/configuration_attribute.h \
- encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
- encoding/payloads/delete_payload.c \
- encoding/payloads/delete_payload.h \
- encoding/payloads/eap_payload.c \
- encoding/payloads/eap_payload.h encoding/payloads/encodings.c \
- encoding/payloads/encodings.h \
- encoding/payloads/encryption_payload.c \
- encoding/payloads/encryption_payload.h \
- encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
- encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
- encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
- encoding/payloads/nonce_payload.c \
- encoding/payloads/nonce_payload.h \
- encoding/payloads/notify_payload.c \
- encoding/payloads/notify_payload.h encoding/payloads/payload.c \
- encoding/payloads/payload.h \
- encoding/payloads/proposal_substructure.c \
- encoding/payloads/proposal_substructure.h \
- encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
- encoding/payloads/traffic_selector_substructure.c \
- encoding/payloads/traffic_selector_substructure.h \
- encoding/payloads/transform_attribute.c \
- encoding/payloads/transform_attribute.h \
- encoding/payloads/transform_substructure.c \
- encoding/payloads/transform_substructure.h \
- encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
- encoding/payloads/unknown_payload.c \
- encoding/payloads/unknown_payload.h \
- encoding/payloads/vendor_id_payload.c \
- encoding/payloads/vendor_id_payload.h \
- kernel/kernel_interface.c kernel/kernel_interface.h \
- kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
- kernel/kernel_net.h network/packet.c network/packet.h \
- network/receiver.c network/receiver.h network/sender.c \
- network/sender.h network/socket.h processing/jobs/job.h \
- processing/jobs/acquire_job.c processing/jobs/acquire_job.h \
- processing/jobs/callback_job.c processing/jobs/callback_job.h \
- processing/jobs/delete_child_sa_job.c \
- processing/jobs/delete_child_sa_job.h \
- processing/jobs/delete_ike_sa_job.c \
- processing/jobs/delete_ike_sa_job.h \
- processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
- processing/jobs/process_message_job.c \
- processing/jobs/process_message_job.h \
- processing/jobs/rekey_child_sa_job.c \
- processing/jobs/rekey_child_sa_job.h \
- processing/jobs/rekey_ike_sa_job.c \
- processing/jobs/rekey_ike_sa_job.h \
- processing/jobs/retransmit_job.c \
- processing/jobs/retransmit_job.h \
- processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
- processing/jobs/send_keepalive_job.c \
- processing/jobs/send_keepalive_job.h \
- processing/jobs/roam_job.c processing/jobs/roam_job.h \
- processing/jobs/update_sa_job.c \
- processing/jobs/update_sa_job.h \
- processing/jobs/inactivity_job.c \
- processing/jobs/inactivity_job.h processing/scheduler.c \
- processing/scheduler.h processing/processor.c \
- processing/processor.h sa/authenticators/authenticator.c \
- sa/authenticators/authenticator.h \
- sa/authenticators/eap_authenticator.c \
- sa/authenticators/eap_authenticator.h \
- sa/authenticators/eap/eap_method.c \
- sa/authenticators/eap/eap_method.h \
- sa/authenticators/eap/eap_manager.c \
- sa/authenticators/eap/eap_manager.h \
- sa/authenticators/eap/sim_manager.c \
- sa/authenticators/eap/sim_manager.h \
- sa/authenticators/psk_authenticator.c \
- sa/authenticators/psk_authenticator.h \
- sa/authenticators/pubkey_authenticator.c \
- sa/authenticators/pubkey_authenticator.h sa/child_sa.c \
- sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_id.c \
- sa/ike_sa_id.h sa/ike_sa_manager.c sa/ike_sa_manager.h \
- sa/task_manager.c sa/task_manager.h sa/keymat.c sa/keymat.h \
- sa/trap_manager.c sa/trap_manager.h sa/tasks/child_create.c \
- sa/tasks/child_create.h sa/tasks/child_delete.c \
- sa/tasks/child_delete.h sa/tasks/child_rekey.c \
- sa/tasks/child_rekey.h sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
- sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
- sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
- sa/tasks/ike_config.c sa/tasks/ike_config.h \
- sa/tasks/ike_delete.c sa/tasks/ike_delete.h sa/tasks/ike_dpd.c \
- sa/tasks/ike_dpd.h sa/tasks/ike_init.c sa/tasks/ike_init.h \
- sa/tasks/ike_natd.c sa/tasks/ike_natd.h sa/tasks/ike_mobike.c \
- sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \
- sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \
- sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \
- sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \
- sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \
- credentials/credential_manager.c \
- credentials/credential_manager.h \
- credentials/sets/auth_cfg_wrapper.c \
- credentials/sets/auth_cfg_wrapper.h \
- credentials/sets/ocsp_response_wrapper.c \
- credentials/sets/ocsp_response_wrapper.h \
- credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
- credentials/credential_set.h $(am__append_1) $(am__append_2) \
- $(am__append_3)
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-AM_CFLAGS = -rdynamic -DIPSEC_DIR=\"${ipsecdir}\" \
- -DIPSEC_PIDDIR=\"${piddir}\" -DPLUGINS=\""${PLUGINS}\""
-charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lm \
- $(PTHREADLIB) $(DLLIB) $(SOCKLIB) $(am__append_4)
-
-# build optional plugins
-########################
-SUBDIRS = . $(am__append_5) $(am__append_7) $(am__append_9) \
- $(am__append_11) $(am__append_13) $(am__append_15) \
- $(am__append_17) $(am__append_19) $(am__append_21) \
- $(am__append_23) $(am__append_25) $(am__append_27) \
- $(am__append_29) $(am__append_31) $(am__append_33) \
- $(am__append_35) $(am__append_37) $(am__append_39) \
- $(am__append_41) $(am__append_43) $(am__append_45) \
- $(am__append_47) $(am__append_49) $(am__append_51) \
- $(am__append_53) $(am__append_55) $(am__append_57)
-PLUGINS = ${libstrongswan_plugins} $(am__append_6) $(am__append_8) \
- $(am__append_10) $(am__append_12) $(am__append_14) \
- $(am__append_16) $(am__append_18) $(am__append_20) \
- $(am__append_22) $(am__append_24) $(am__append_26) \
- $(am__append_28) $(am__append_30) $(am__append_32) \
- $(am__append_34) $(am__append_36) $(am__append_38) \
- $(am__append_40) $(am__append_42) $(am__append_44) \
- $(am__append_46) $(am__append_48) $(am__append_50) \
- $(am__append_52) $(am__append_54) $(am__append_56) \
- $(am__append_58)
-all: all-recursive
+charon_SOURCES = \
+charon.c
+
+INCLUDES = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = \
+ -DIPSEC_DIR=\"${ipsecdir}\" \
+ -DIPSEC_PIDDIR=\"${piddir}\"
+
+charon_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ -lm $(PTHREADLIB) $(DLLIB)
+
+EXTRA_DIST = Android.mk
+all: all-am
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
@@ -755,107 +340,7 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/acquire_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg_wrapper.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authenticator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/backend_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bus.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callback_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_cache.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certreq_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_cfg.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_create.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_delete.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_rekey.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_sa.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/configuration_attribute.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/connect_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/controller.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cp_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/credential_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/daemon.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_child_sa_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_ike_sa_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_authenticator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_method.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encodings.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encryption_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/endpoint_notify.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/file_logger.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/generator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth_lifetime.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cert_post.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cert_pre.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cfg.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_config.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_delete.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_dpd.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_header.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_init.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_me.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_mobike.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_natd.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_reauth.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_rekey.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_id.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_vendor.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/inactivity_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initiate_mediation_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ke_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_interface.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_ipsec.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keymat.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mediation_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mediation_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/message.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/migrate_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nonce_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/notify_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp_response_wrapper.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parser.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/peer_cfg.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/process_message_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/processor.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal_substructure.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/psk_authenticator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_authenticator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/receiver.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_child_sa_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_ike_sa_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/retransmit_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/roam_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sa_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scheduler.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_dpd_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_keepalive_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sender.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sim_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket-raw.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sys_logger.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector_substructure.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_attribute.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_substructure.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trap_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ts_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unknown_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/update_sa_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vendor_id_payload.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/charon.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -878,1482 +363,12 @@ distclean-compile:
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
-bus.o: bus/bus.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bus.o -MD -MP -MF $(DEPDIR)/bus.Tpo -c -o bus.o `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bus.Tpo $(DEPDIR)/bus.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/bus.c' object='bus.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bus.o `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c
-
-bus.obj: bus/bus.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bus.obj -MD -MP -MF $(DEPDIR)/bus.Tpo -c -o bus.obj `if test -f 'bus/bus.c'; then $(CYGPATH_W) 'bus/bus.c'; else $(CYGPATH_W) '$(srcdir)/bus/bus.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bus.Tpo $(DEPDIR)/bus.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/bus.c' object='bus.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bus.obj `if test -f 'bus/bus.c'; then $(CYGPATH_W) 'bus/bus.c'; else $(CYGPATH_W) '$(srcdir)/bus/bus.c'; fi`
-
-file_logger.o: bus/listeners/file_logger.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT file_logger.o -MD -MP -MF $(DEPDIR)/file_logger.Tpo -c -o file_logger.o `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/file_logger.Tpo $(DEPDIR)/file_logger.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/file_logger.c' object='file_logger.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o file_logger.o `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c
-
-file_logger.obj: bus/listeners/file_logger.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT file_logger.obj -MD -MP -MF $(DEPDIR)/file_logger.Tpo -c -o file_logger.obj `if test -f 'bus/listeners/file_logger.c'; then $(CYGPATH_W) 'bus/listeners/file_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/file_logger.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/file_logger.Tpo $(DEPDIR)/file_logger.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/file_logger.c' object='file_logger.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o file_logger.obj `if test -f 'bus/listeners/file_logger.c'; then $(CYGPATH_W) 'bus/listeners/file_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/file_logger.c'; fi`
-
-sys_logger.o: bus/listeners/sys_logger.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.o -MD -MP -MF $(DEPDIR)/sys_logger.Tpo -c -o sys_logger.o `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sys_logger.Tpo $(DEPDIR)/sys_logger.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/sys_logger.c' object='sys_logger.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.o `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c
-
-sys_logger.obj: bus/listeners/sys_logger.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.obj -MD -MP -MF $(DEPDIR)/sys_logger.Tpo -c -o sys_logger.obj `if test -f 'bus/listeners/sys_logger.c'; then $(CYGPATH_W) 'bus/listeners/sys_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/sys_logger.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sys_logger.Tpo $(DEPDIR)/sys_logger.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/sys_logger.c' object='sys_logger.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.obj `if test -f 'bus/listeners/sys_logger.c'; then $(CYGPATH_W) 'bus/listeners/sys_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/sys_logger.c'; fi`
-
-backend_manager.o: config/backend_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backend_manager.o -MD -MP -MF $(DEPDIR)/backend_manager.Tpo -c -o backend_manager.o `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/backend_manager.Tpo $(DEPDIR)/backend_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/backend_manager.c' object='backend_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backend_manager.o `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c
-
-backend_manager.obj: config/backend_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backend_manager.obj -MD -MP -MF $(DEPDIR)/backend_manager.Tpo -c -o backend_manager.obj `if test -f 'config/backend_manager.c'; then $(CYGPATH_W) 'config/backend_manager.c'; else $(CYGPATH_W) '$(srcdir)/config/backend_manager.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/backend_manager.Tpo $(DEPDIR)/backend_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/backend_manager.c' object='backend_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backend_manager.obj `if test -f 'config/backend_manager.c'; then $(CYGPATH_W) 'config/backend_manager.c'; else $(CYGPATH_W) '$(srcdir)/config/backend_manager.c'; fi`
-
-child_cfg.o: config/child_cfg.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_cfg.o -MD -MP -MF $(DEPDIR)/child_cfg.Tpo -c -o child_cfg.o `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_cfg.Tpo $(DEPDIR)/child_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/child_cfg.c' object='child_cfg.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_cfg.o `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c
-
-child_cfg.obj: config/child_cfg.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_cfg.obj -MD -MP -MF $(DEPDIR)/child_cfg.Tpo -c -o child_cfg.obj `if test -f 'config/child_cfg.c'; then $(CYGPATH_W) 'config/child_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/child_cfg.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_cfg.Tpo $(DEPDIR)/child_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/child_cfg.c' object='child_cfg.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_cfg.obj `if test -f 'config/child_cfg.c'; then $(CYGPATH_W) 'config/child_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/child_cfg.c'; fi`
-
-ike_cfg.o: config/ike_cfg.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cfg.o -MD -MP -MF $(DEPDIR)/ike_cfg.Tpo -c -o ike_cfg.o `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cfg.Tpo $(DEPDIR)/ike_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/ike_cfg.c' object='ike_cfg.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cfg.o `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c
-
-ike_cfg.obj: config/ike_cfg.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cfg.obj -MD -MP -MF $(DEPDIR)/ike_cfg.Tpo -c -o ike_cfg.obj `if test -f 'config/ike_cfg.c'; then $(CYGPATH_W) 'config/ike_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/ike_cfg.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cfg.Tpo $(DEPDIR)/ike_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/ike_cfg.c' object='ike_cfg.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cfg.obj `if test -f 'config/ike_cfg.c'; then $(CYGPATH_W) 'config/ike_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/ike_cfg.c'; fi`
-
-peer_cfg.o: config/peer_cfg.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_cfg.o -MD -MP -MF $(DEPDIR)/peer_cfg.Tpo -c -o peer_cfg.o `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/peer_cfg.Tpo $(DEPDIR)/peer_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/peer_cfg.c' object='peer_cfg.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_cfg.o `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c
-
-peer_cfg.obj: config/peer_cfg.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_cfg.obj -MD -MP -MF $(DEPDIR)/peer_cfg.Tpo -c -o peer_cfg.obj `if test -f 'config/peer_cfg.c'; then $(CYGPATH_W) 'config/peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/peer_cfg.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/peer_cfg.Tpo $(DEPDIR)/peer_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/peer_cfg.c' object='peer_cfg.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_cfg.obj `if test -f 'config/peer_cfg.c'; then $(CYGPATH_W) 'config/peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/peer_cfg.c'; fi`
-
-proposal.o: config/proposal.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal.o -MD -MP -MF $(DEPDIR)/proposal.Tpo -c -o proposal.o `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal.Tpo $(DEPDIR)/proposal.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/proposal.c' object='proposal.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal.o `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c
-
-proposal.obj: config/proposal.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal.obj -MD -MP -MF $(DEPDIR)/proposal.Tpo -c -o proposal.obj `if test -f 'config/proposal.c'; then $(CYGPATH_W) 'config/proposal.c'; else $(CYGPATH_W) '$(srcdir)/config/proposal.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal.Tpo $(DEPDIR)/proposal.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/proposal.c' object='proposal.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal.obj `if test -f 'config/proposal.c'; then $(CYGPATH_W) 'config/proposal.c'; else $(CYGPATH_W) '$(srcdir)/config/proposal.c'; fi`
-
-auth_cfg.o: config/auth_cfg.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg.o -MD -MP -MF $(DEPDIR)/auth_cfg.Tpo -c -o auth_cfg.o `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/auth_cfg.c' object='auth_cfg.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg.o `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c
-
-auth_cfg.obj: config/auth_cfg.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg.obj -MD -MP -MF $(DEPDIR)/auth_cfg.Tpo -c -o auth_cfg.obj `if test -f 'config/auth_cfg.c'; then $(CYGPATH_W) 'config/auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/auth_cfg.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/auth_cfg.c' object='auth_cfg.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg.obj `if test -f 'config/auth_cfg.c'; then $(CYGPATH_W) 'config/auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/auth_cfg.c'; fi`
-
-controller.o: control/controller.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT controller.o -MD -MP -MF $(DEPDIR)/controller.Tpo -c -o controller.o `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/controller.Tpo $(DEPDIR)/controller.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='control/controller.c' object='controller.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o controller.o `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c
-
-controller.obj: control/controller.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT controller.obj -MD -MP -MF $(DEPDIR)/controller.Tpo -c -o controller.obj `if test -f 'control/controller.c'; then $(CYGPATH_W) 'control/controller.c'; else $(CYGPATH_W) '$(srcdir)/control/controller.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/controller.Tpo $(DEPDIR)/controller.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='control/controller.c' object='controller.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o controller.obj `if test -f 'control/controller.c'; then $(CYGPATH_W) 'control/controller.c'; else $(CYGPATH_W) '$(srcdir)/control/controller.c'; fi`
-
-generator.o: encoding/generator.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.o -MD -MP -MF $(DEPDIR)/generator.Tpo -c -o generator.o `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/generator.Tpo $(DEPDIR)/generator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/generator.c' object='generator.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.o `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c
-
-generator.obj: encoding/generator.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.obj -MD -MP -MF $(DEPDIR)/generator.Tpo -c -o generator.obj `if test -f 'encoding/generator.c'; then $(CYGPATH_W) 'encoding/generator.c'; else $(CYGPATH_W) '$(srcdir)/encoding/generator.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/generator.Tpo $(DEPDIR)/generator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/generator.c' object='generator.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.obj `if test -f 'encoding/generator.c'; then $(CYGPATH_W) 'encoding/generator.c'; else $(CYGPATH_W) '$(srcdir)/encoding/generator.c'; fi`
-
-message.o: encoding/message.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.o -MD -MP -MF $(DEPDIR)/message.Tpo -c -o message.o `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/message.Tpo $(DEPDIR)/message.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/message.c' object='message.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.o `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c
-
-message.obj: encoding/message.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.obj -MD -MP -MF $(DEPDIR)/message.Tpo -c -o message.obj `if test -f 'encoding/message.c'; then $(CYGPATH_W) 'encoding/message.c'; else $(CYGPATH_W) '$(srcdir)/encoding/message.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/message.Tpo $(DEPDIR)/message.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/message.c' object='message.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.obj `if test -f 'encoding/message.c'; then $(CYGPATH_W) 'encoding/message.c'; else $(CYGPATH_W) '$(srcdir)/encoding/message.c'; fi`
-
-parser.o: encoding/parser.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.o -MD -MP -MF $(DEPDIR)/parser.Tpo -c -o parser.o `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/parser.Tpo $(DEPDIR)/parser.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/parser.c' object='parser.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.o `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c
-
-parser.obj: encoding/parser.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.obj -MD -MP -MF $(DEPDIR)/parser.Tpo -c -o parser.obj `if test -f 'encoding/parser.c'; then $(CYGPATH_W) 'encoding/parser.c'; else $(CYGPATH_W) '$(srcdir)/encoding/parser.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/parser.Tpo $(DEPDIR)/parser.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/parser.c' object='parser.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.obj `if test -f 'encoding/parser.c'; then $(CYGPATH_W) 'encoding/parser.c'; else $(CYGPATH_W) '$(srcdir)/encoding/parser.c'; fi`
-
-auth_payload.o: encoding/payloads/auth_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.o -MD -MP -MF $(DEPDIR)/auth_payload.Tpo -c -o auth_payload.o `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_payload.Tpo $(DEPDIR)/auth_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/auth_payload.c' object='auth_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.o `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c
-
-auth_payload.obj: encoding/payloads/auth_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.obj -MD -MP -MF $(DEPDIR)/auth_payload.Tpo -c -o auth_payload.obj `if test -f 'encoding/payloads/auth_payload.c'; then $(CYGPATH_W) 'encoding/payloads/auth_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/auth_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_payload.Tpo $(DEPDIR)/auth_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/auth_payload.c' object='auth_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.obj `if test -f 'encoding/payloads/auth_payload.c'; then $(CYGPATH_W) 'encoding/payloads/auth_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/auth_payload.c'; fi`
-
-cert_payload.o: encoding/payloads/cert_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.o -MD -MP -MF $(DEPDIR)/cert_payload.Tpo -c -o cert_payload.o `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_payload.Tpo $(DEPDIR)/cert_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cert_payload.c' object='cert_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.o `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c
-
-cert_payload.obj: encoding/payloads/cert_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.obj -MD -MP -MF $(DEPDIR)/cert_payload.Tpo -c -o cert_payload.obj `if test -f 'encoding/payloads/cert_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cert_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cert_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_payload.Tpo $(DEPDIR)/cert_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cert_payload.c' object='cert_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.obj `if test -f 'encoding/payloads/cert_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cert_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cert_payload.c'; fi`
-
-certreq_payload.o: encoding/payloads/certreq_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.o -MD -MP -MF $(DEPDIR)/certreq_payload.Tpo -c -o certreq_payload.o `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/certreq_payload.Tpo $(DEPDIR)/certreq_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/certreq_payload.c' object='certreq_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.o `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c
-
-certreq_payload.obj: encoding/payloads/certreq_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.obj -MD -MP -MF $(DEPDIR)/certreq_payload.Tpo -c -o certreq_payload.obj `if test -f 'encoding/payloads/certreq_payload.c'; then $(CYGPATH_W) 'encoding/payloads/certreq_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/certreq_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/certreq_payload.Tpo $(DEPDIR)/certreq_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/certreq_payload.c' object='certreq_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.obj `if test -f 'encoding/payloads/certreq_payload.c'; then $(CYGPATH_W) 'encoding/payloads/certreq_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/certreq_payload.c'; fi`
-
-configuration_attribute.o: encoding/payloads/configuration_attribute.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.o -MD -MP -MF $(DEPDIR)/configuration_attribute.Tpo -c -o configuration_attribute.o `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/configuration_attribute.Tpo $(DEPDIR)/configuration_attribute.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.o `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c
-
-configuration_attribute.obj: encoding/payloads/configuration_attribute.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.obj -MD -MP -MF $(DEPDIR)/configuration_attribute.Tpo -c -o configuration_attribute.obj `if test -f 'encoding/payloads/configuration_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/configuration_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/configuration_attribute.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/configuration_attribute.Tpo $(DEPDIR)/configuration_attribute.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.obj `if test -f 'encoding/payloads/configuration_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/configuration_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/configuration_attribute.c'; fi`
-
-cp_payload.o: encoding/payloads/cp_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.o -MD -MP -MF $(DEPDIR)/cp_payload.Tpo -c -o cp_payload.o `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cp_payload.Tpo $(DEPDIR)/cp_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cp_payload.c' object='cp_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.o `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c
-
-cp_payload.obj: encoding/payloads/cp_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.obj -MD -MP -MF $(DEPDIR)/cp_payload.Tpo -c -o cp_payload.obj `if test -f 'encoding/payloads/cp_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cp_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cp_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cp_payload.Tpo $(DEPDIR)/cp_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cp_payload.c' object='cp_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.obj `if test -f 'encoding/payloads/cp_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cp_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cp_payload.c'; fi`
-
-delete_payload.o: encoding/payloads/delete_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.o -MD -MP -MF $(DEPDIR)/delete_payload.Tpo -c -o delete_payload.o `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_payload.Tpo $(DEPDIR)/delete_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/delete_payload.c' object='delete_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.o `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c
-
-delete_payload.obj: encoding/payloads/delete_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.obj -MD -MP -MF $(DEPDIR)/delete_payload.Tpo -c -o delete_payload.obj `if test -f 'encoding/payloads/delete_payload.c'; then $(CYGPATH_W) 'encoding/payloads/delete_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/delete_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_payload.Tpo $(DEPDIR)/delete_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/delete_payload.c' object='delete_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.obj `if test -f 'encoding/payloads/delete_payload.c'; then $(CYGPATH_W) 'encoding/payloads/delete_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/delete_payload.c'; fi`
-
-eap_payload.o: encoding/payloads/eap_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.o -MD -MP -MF $(DEPDIR)/eap_payload.Tpo -c -o eap_payload.o `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_payload.Tpo $(DEPDIR)/eap_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/eap_payload.c' object='eap_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.o `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c
-
-eap_payload.obj: encoding/payloads/eap_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.obj -MD -MP -MF $(DEPDIR)/eap_payload.Tpo -c -o eap_payload.obj `if test -f 'encoding/payloads/eap_payload.c'; then $(CYGPATH_W) 'encoding/payloads/eap_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/eap_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_payload.Tpo $(DEPDIR)/eap_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/eap_payload.c' object='eap_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.obj `if test -f 'encoding/payloads/eap_payload.c'; then $(CYGPATH_W) 'encoding/payloads/eap_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/eap_payload.c'; fi`
-
-encodings.o: encoding/payloads/encodings.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.o -MD -MP -MF $(DEPDIR)/encodings.Tpo -c -o encodings.o `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encodings.Tpo $(DEPDIR)/encodings.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encodings.c' object='encodings.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.o `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c
-
-encodings.obj: encoding/payloads/encodings.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.obj -MD -MP -MF $(DEPDIR)/encodings.Tpo -c -o encodings.obj `if test -f 'encoding/payloads/encodings.c'; then $(CYGPATH_W) 'encoding/payloads/encodings.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encodings.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encodings.Tpo $(DEPDIR)/encodings.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encodings.c' object='encodings.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.obj `if test -f 'encoding/payloads/encodings.c'; then $(CYGPATH_W) 'encoding/payloads/encodings.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encodings.c'; fi`
-
-encryption_payload.o: encoding/payloads/encryption_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.o -MD -MP -MF $(DEPDIR)/encryption_payload.Tpo -c -o encryption_payload.o `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encryption_payload.Tpo $(DEPDIR)/encryption_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encryption_payload.c' object='encryption_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.o `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c
-
-encryption_payload.obj: encoding/payloads/encryption_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.obj -MD -MP -MF $(DEPDIR)/encryption_payload.Tpo -c -o encryption_payload.obj `if test -f 'encoding/payloads/encryption_payload.c'; then $(CYGPATH_W) 'encoding/payloads/encryption_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encryption_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encryption_payload.Tpo $(DEPDIR)/encryption_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encryption_payload.c' object='encryption_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.obj `if test -f 'encoding/payloads/encryption_payload.c'; then $(CYGPATH_W) 'encoding/payloads/encryption_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encryption_payload.c'; fi`
-
-id_payload.o: encoding/payloads/id_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.o -MD -MP -MF $(DEPDIR)/id_payload.Tpo -c -o id_payload.o `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/id_payload.Tpo $(DEPDIR)/id_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/id_payload.c' object='id_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.o `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c
-
-id_payload.obj: encoding/payloads/id_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.obj -MD -MP -MF $(DEPDIR)/id_payload.Tpo -c -o id_payload.obj `if test -f 'encoding/payloads/id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/id_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/id_payload.Tpo $(DEPDIR)/id_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/id_payload.c' object='id_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.obj `if test -f 'encoding/payloads/id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/id_payload.c'; fi`
-
-ike_header.o: encoding/payloads/ike_header.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.o -MD -MP -MF $(DEPDIR)/ike_header.Tpo -c -o ike_header.o `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_header.Tpo $(DEPDIR)/ike_header.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ike_header.c' object='ike_header.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.o `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c
-
-ike_header.obj: encoding/payloads/ike_header.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.obj -MD -MP -MF $(DEPDIR)/ike_header.Tpo -c -o ike_header.obj `if test -f 'encoding/payloads/ike_header.c'; then $(CYGPATH_W) 'encoding/payloads/ike_header.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ike_header.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_header.Tpo $(DEPDIR)/ike_header.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ike_header.c' object='ike_header.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.obj `if test -f 'encoding/payloads/ike_header.c'; then $(CYGPATH_W) 'encoding/payloads/ike_header.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ike_header.c'; fi`
-
-ke_payload.o: encoding/payloads/ke_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.o -MD -MP -MF $(DEPDIR)/ke_payload.Tpo -c -o ke_payload.o `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ke_payload.Tpo $(DEPDIR)/ke_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ke_payload.c' object='ke_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.o `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c
-
-ke_payload.obj: encoding/payloads/ke_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.obj -MD -MP -MF $(DEPDIR)/ke_payload.Tpo -c -o ke_payload.obj `if test -f 'encoding/payloads/ke_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ke_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ke_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ke_payload.Tpo $(DEPDIR)/ke_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ke_payload.c' object='ke_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.obj `if test -f 'encoding/payloads/ke_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ke_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ke_payload.c'; fi`
-
-nonce_payload.o: encoding/payloads/nonce_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.o -MD -MP -MF $(DEPDIR)/nonce_payload.Tpo -c -o nonce_payload.o `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/nonce_payload.Tpo $(DEPDIR)/nonce_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/nonce_payload.c' object='nonce_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.o `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c
-
-nonce_payload.obj: encoding/payloads/nonce_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.obj -MD -MP -MF $(DEPDIR)/nonce_payload.Tpo -c -o nonce_payload.obj `if test -f 'encoding/payloads/nonce_payload.c'; then $(CYGPATH_W) 'encoding/payloads/nonce_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/nonce_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/nonce_payload.Tpo $(DEPDIR)/nonce_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/nonce_payload.c' object='nonce_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.obj `if test -f 'encoding/payloads/nonce_payload.c'; then $(CYGPATH_W) 'encoding/payloads/nonce_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/nonce_payload.c'; fi`
-
-notify_payload.o: encoding/payloads/notify_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.o -MD -MP -MF $(DEPDIR)/notify_payload.Tpo -c -o notify_payload.o `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/notify_payload.Tpo $(DEPDIR)/notify_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/notify_payload.c' object='notify_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.o `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c
-
-notify_payload.obj: encoding/payloads/notify_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.obj -MD -MP -MF $(DEPDIR)/notify_payload.Tpo -c -o notify_payload.obj `if test -f 'encoding/payloads/notify_payload.c'; then $(CYGPATH_W) 'encoding/payloads/notify_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/notify_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/notify_payload.Tpo $(DEPDIR)/notify_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/notify_payload.c' object='notify_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.obj `if test -f 'encoding/payloads/notify_payload.c'; then $(CYGPATH_W) 'encoding/payloads/notify_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/notify_payload.c'; fi`
-
-payload.o: encoding/payloads/payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.o -MD -MP -MF $(DEPDIR)/payload.Tpo -c -o payload.o `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/payload.Tpo $(DEPDIR)/payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/payload.c' object='payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.o `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c
-
-payload.obj: encoding/payloads/payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.obj -MD -MP -MF $(DEPDIR)/payload.Tpo -c -o payload.obj `if test -f 'encoding/payloads/payload.c'; then $(CYGPATH_W) 'encoding/payloads/payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/payload.Tpo $(DEPDIR)/payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/payload.c' object='payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.obj `if test -f 'encoding/payloads/payload.c'; then $(CYGPATH_W) 'encoding/payloads/payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/payload.c'; fi`
-
-proposal_substructure.o: encoding/payloads/proposal_substructure.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.o -MD -MP -MF $(DEPDIR)/proposal_substructure.Tpo -c -o proposal_substructure.o `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal_substructure.Tpo $(DEPDIR)/proposal_substructure.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.o `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c
-
-proposal_substructure.obj: encoding/payloads/proposal_substructure.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.obj -MD -MP -MF $(DEPDIR)/proposal_substructure.Tpo -c -o proposal_substructure.obj `if test -f 'encoding/payloads/proposal_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/proposal_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/proposal_substructure.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal_substructure.Tpo $(DEPDIR)/proposal_substructure.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.obj `if test -f 'encoding/payloads/proposal_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/proposal_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/proposal_substructure.c'; fi`
-
-sa_payload.o: encoding/payloads/sa_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.o -MD -MP -MF $(DEPDIR)/sa_payload.Tpo -c -o sa_payload.o `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sa_payload.Tpo $(DEPDIR)/sa_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/sa_payload.c' object='sa_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.o `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c
-
-sa_payload.obj: encoding/payloads/sa_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.obj -MD -MP -MF $(DEPDIR)/sa_payload.Tpo -c -o sa_payload.obj `if test -f 'encoding/payloads/sa_payload.c'; then $(CYGPATH_W) 'encoding/payloads/sa_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/sa_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sa_payload.Tpo $(DEPDIR)/sa_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/sa_payload.c' object='sa_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.obj `if test -f 'encoding/payloads/sa_payload.c'; then $(CYGPATH_W) 'encoding/payloads/sa_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/sa_payload.c'; fi`
-
-traffic_selector_substructure.o: encoding/payloads/traffic_selector_substructure.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector_substructure.o -MD -MP -MF $(DEPDIR)/traffic_selector_substructure.Tpo -c -o traffic_selector_substructure.o `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/traffic_selector_substructure.Tpo $(DEPDIR)/traffic_selector_substructure.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/traffic_selector_substructure.c' object='traffic_selector_substructure.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector_substructure.o `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c
-
-traffic_selector_substructure.obj: encoding/payloads/traffic_selector_substructure.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector_substructure.obj -MD -MP -MF $(DEPDIR)/traffic_selector_substructure.Tpo -c -o traffic_selector_substructure.obj `if test -f 'encoding/payloads/traffic_selector_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/traffic_selector_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/traffic_selector_substructure.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/traffic_selector_substructure.Tpo $(DEPDIR)/traffic_selector_substructure.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/traffic_selector_substructure.c' object='traffic_selector_substructure.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector_substructure.obj `if test -f 'encoding/payloads/traffic_selector_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/traffic_selector_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/traffic_selector_substructure.c'; fi`
-
-transform_attribute.o: encoding/payloads/transform_attribute.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_attribute.o -MD -MP -MF $(DEPDIR)/transform_attribute.Tpo -c -o transform_attribute.o `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_attribute.Tpo $(DEPDIR)/transform_attribute.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_attribute.c' object='transform_attribute.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_attribute.o `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c
-
-transform_attribute.obj: encoding/payloads/transform_attribute.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_attribute.obj -MD -MP -MF $(DEPDIR)/transform_attribute.Tpo -c -o transform_attribute.obj `if test -f 'encoding/payloads/transform_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/transform_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_attribute.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_attribute.Tpo $(DEPDIR)/transform_attribute.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_attribute.c' object='transform_attribute.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_attribute.obj `if test -f 'encoding/payloads/transform_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/transform_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_attribute.c'; fi`
-
-transform_substructure.o: encoding/payloads/transform_substructure.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_substructure.o -MD -MP -MF $(DEPDIR)/transform_substructure.Tpo -c -o transform_substructure.o `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_substructure.Tpo $(DEPDIR)/transform_substructure.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_substructure.c' object='transform_substructure.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_substructure.o `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c
-
-transform_substructure.obj: encoding/payloads/transform_substructure.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_substructure.obj -MD -MP -MF $(DEPDIR)/transform_substructure.Tpo -c -o transform_substructure.obj `if test -f 'encoding/payloads/transform_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/transform_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_substructure.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_substructure.Tpo $(DEPDIR)/transform_substructure.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_substructure.c' object='transform_substructure.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_substructure.obj `if test -f 'encoding/payloads/transform_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/transform_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_substructure.c'; fi`
-
-ts_payload.o: encoding/payloads/ts_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.o -MD -MP -MF $(DEPDIR)/ts_payload.Tpo -c -o ts_payload.o `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ts_payload.Tpo $(DEPDIR)/ts_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ts_payload.c' object='ts_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.o `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c
-
-ts_payload.obj: encoding/payloads/ts_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.obj -MD -MP -MF $(DEPDIR)/ts_payload.Tpo -c -o ts_payload.obj `if test -f 'encoding/payloads/ts_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ts_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ts_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ts_payload.Tpo $(DEPDIR)/ts_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ts_payload.c' object='ts_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.obj `if test -f 'encoding/payloads/ts_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ts_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ts_payload.c'; fi`
-
-unknown_payload.o: encoding/payloads/unknown_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.o -MD -MP -MF $(DEPDIR)/unknown_payload.Tpo -c -o unknown_payload.o `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unknown_payload.Tpo $(DEPDIR)/unknown_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/unknown_payload.c' object='unknown_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.o `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c
-
-unknown_payload.obj: encoding/payloads/unknown_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.obj -MD -MP -MF $(DEPDIR)/unknown_payload.Tpo -c -o unknown_payload.obj `if test -f 'encoding/payloads/unknown_payload.c'; then $(CYGPATH_W) 'encoding/payloads/unknown_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/unknown_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unknown_payload.Tpo $(DEPDIR)/unknown_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/unknown_payload.c' object='unknown_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.obj `if test -f 'encoding/payloads/unknown_payload.c'; then $(CYGPATH_W) 'encoding/payloads/unknown_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/unknown_payload.c'; fi`
-
-vendor_id_payload.o: encoding/payloads/vendor_id_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.o -MD -MP -MF $(DEPDIR)/vendor_id_payload.Tpo -c -o vendor_id_payload.o `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/vendor_id_payload.Tpo $(DEPDIR)/vendor_id_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.o `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c
-
-vendor_id_payload.obj: encoding/payloads/vendor_id_payload.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.obj -MD -MP -MF $(DEPDIR)/vendor_id_payload.Tpo -c -o vendor_id_payload.obj `if test -f 'encoding/payloads/vendor_id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/vendor_id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/vendor_id_payload.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/vendor_id_payload.Tpo $(DEPDIR)/vendor_id_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.obj `if test -f 'encoding/payloads/vendor_id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/vendor_id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/vendor_id_payload.c'; fi`
-
-kernel_interface.o: kernel/kernel_interface.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.o -MD -MP -MF $(DEPDIR)/kernel_interface.Tpo -c -o kernel_interface.o `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_interface.Tpo $(DEPDIR)/kernel_interface.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_interface.c' object='kernel_interface.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.o `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c
-
-kernel_interface.obj: kernel/kernel_interface.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.obj -MD -MP -MF $(DEPDIR)/kernel_interface.Tpo -c -o kernel_interface.obj `if test -f 'kernel/kernel_interface.c'; then $(CYGPATH_W) 'kernel/kernel_interface.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_interface.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_interface.Tpo $(DEPDIR)/kernel_interface.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_interface.c' object='kernel_interface.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.obj `if test -f 'kernel/kernel_interface.c'; then $(CYGPATH_W) 'kernel/kernel_interface.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_interface.c'; fi`
-
-kernel_ipsec.o: kernel/kernel_ipsec.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_ipsec.o -MD -MP -MF $(DEPDIR)/kernel_ipsec.Tpo -c -o kernel_ipsec.o `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_ipsec.Tpo $(DEPDIR)/kernel_ipsec.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_ipsec.c' object='kernel_ipsec.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_ipsec.o `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c
-
-kernel_ipsec.obj: kernel/kernel_ipsec.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_ipsec.obj -MD -MP -MF $(DEPDIR)/kernel_ipsec.Tpo -c -o kernel_ipsec.obj `if test -f 'kernel/kernel_ipsec.c'; then $(CYGPATH_W) 'kernel/kernel_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_ipsec.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_ipsec.Tpo $(DEPDIR)/kernel_ipsec.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_ipsec.c' object='kernel_ipsec.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_ipsec.obj `if test -f 'kernel/kernel_ipsec.c'; then $(CYGPATH_W) 'kernel/kernel_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_ipsec.c'; fi`
-
-packet.o: network/packet.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.o -MD -MP -MF $(DEPDIR)/packet.Tpo -c -o packet.o `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/packet.Tpo $(DEPDIR)/packet.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/packet.c' object='packet.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.o `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c
-
-packet.obj: network/packet.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.obj -MD -MP -MF $(DEPDIR)/packet.Tpo -c -o packet.obj `if test -f 'network/packet.c'; then $(CYGPATH_W) 'network/packet.c'; else $(CYGPATH_W) '$(srcdir)/network/packet.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/packet.Tpo $(DEPDIR)/packet.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/packet.c' object='packet.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.obj `if test -f 'network/packet.c'; then $(CYGPATH_W) 'network/packet.c'; else $(CYGPATH_W) '$(srcdir)/network/packet.c'; fi`
-
-receiver.o: network/receiver.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.o -MD -MP -MF $(DEPDIR)/receiver.Tpo -c -o receiver.o `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/receiver.Tpo $(DEPDIR)/receiver.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/receiver.c' object='receiver.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.o `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c
-
-receiver.obj: network/receiver.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.obj -MD -MP -MF $(DEPDIR)/receiver.Tpo -c -o receiver.obj `if test -f 'network/receiver.c'; then $(CYGPATH_W) 'network/receiver.c'; else $(CYGPATH_W) '$(srcdir)/network/receiver.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/receiver.Tpo $(DEPDIR)/receiver.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/receiver.c' object='receiver.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.obj `if test -f 'network/receiver.c'; then $(CYGPATH_W) 'network/receiver.c'; else $(CYGPATH_W) '$(srcdir)/network/receiver.c'; fi`
-
-sender.o: network/sender.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.o -MD -MP -MF $(DEPDIR)/sender.Tpo -c -o sender.o `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sender.Tpo $(DEPDIR)/sender.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/sender.c' object='sender.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.o `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c
-
-sender.obj: network/sender.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.obj -MD -MP -MF $(DEPDIR)/sender.Tpo -c -o sender.obj `if test -f 'network/sender.c'; then $(CYGPATH_W) 'network/sender.c'; else $(CYGPATH_W) '$(srcdir)/network/sender.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sender.Tpo $(DEPDIR)/sender.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/sender.c' object='sender.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.obj `if test -f 'network/sender.c'; then $(CYGPATH_W) 'network/sender.c'; else $(CYGPATH_W) '$(srcdir)/network/sender.c'; fi`
-
-acquire_job.o: processing/jobs/acquire_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.o -MD -MP -MF $(DEPDIR)/acquire_job.Tpo -c -o acquire_job.o `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/acquire_job.Tpo $(DEPDIR)/acquire_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/acquire_job.c' object='acquire_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.o `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c
-
-acquire_job.obj: processing/jobs/acquire_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.obj -MD -MP -MF $(DEPDIR)/acquire_job.Tpo -c -o acquire_job.obj `if test -f 'processing/jobs/acquire_job.c'; then $(CYGPATH_W) 'processing/jobs/acquire_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/acquire_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/acquire_job.Tpo $(DEPDIR)/acquire_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/acquire_job.c' object='acquire_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.obj `if test -f 'processing/jobs/acquire_job.c'; then $(CYGPATH_W) 'processing/jobs/acquire_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/acquire_job.c'; fi`
-
-callback_job.o: processing/jobs/callback_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_job.o -MD -MP -MF $(DEPDIR)/callback_job.Tpo -c -o callback_job.o `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/callback_job.c' object='callback_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o callback_job.o `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c
-
-callback_job.obj: processing/jobs/callback_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_job.obj -MD -MP -MF $(DEPDIR)/callback_job.Tpo -c -o callback_job.obj `if test -f 'processing/jobs/callback_job.c'; then $(CYGPATH_W) 'processing/jobs/callback_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/callback_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/callback_job.c' object='callback_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o callback_job.obj `if test -f 'processing/jobs/callback_job.c'; then $(CYGPATH_W) 'processing/jobs/callback_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/callback_job.c'; fi`
-
-delete_child_sa_job.o: processing/jobs/delete_child_sa_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.o -MD -MP -MF $(DEPDIR)/delete_child_sa_job.Tpo -c -o delete_child_sa_job.o `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_child_sa_job.Tpo $(DEPDIR)/delete_child_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_child_sa_job.c' object='delete_child_sa_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.o `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c
-
-delete_child_sa_job.obj: processing/jobs/delete_child_sa_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.obj -MD -MP -MF $(DEPDIR)/delete_child_sa_job.Tpo -c -o delete_child_sa_job.obj `if test -f 'processing/jobs/delete_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_child_sa_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_child_sa_job.Tpo $(DEPDIR)/delete_child_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_child_sa_job.c' object='delete_child_sa_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.obj `if test -f 'processing/jobs/delete_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_child_sa_job.c'; fi`
-
-delete_ike_sa_job.o: processing/jobs/delete_ike_sa_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.o -MD -MP -MF $(DEPDIR)/delete_ike_sa_job.Tpo -c -o delete_ike_sa_job.o `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_ike_sa_job.Tpo $(DEPDIR)/delete_ike_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.o `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c
-
-delete_ike_sa_job.obj: processing/jobs/delete_ike_sa_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.obj -MD -MP -MF $(DEPDIR)/delete_ike_sa_job.Tpo -c -o delete_ike_sa_job.obj `if test -f 'processing/jobs/delete_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_ike_sa_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_ike_sa_job.Tpo $(DEPDIR)/delete_ike_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.obj `if test -f 'processing/jobs/delete_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_ike_sa_job.c'; fi`
-
-migrate_job.o: processing/jobs/migrate_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT migrate_job.o -MD -MP -MF $(DEPDIR)/migrate_job.Tpo -c -o migrate_job.o `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/migrate_job.Tpo $(DEPDIR)/migrate_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/migrate_job.c' object='migrate_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o migrate_job.o `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c
-
-migrate_job.obj: processing/jobs/migrate_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT migrate_job.obj -MD -MP -MF $(DEPDIR)/migrate_job.Tpo -c -o migrate_job.obj `if test -f 'processing/jobs/migrate_job.c'; then $(CYGPATH_W) 'processing/jobs/migrate_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/migrate_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/migrate_job.Tpo $(DEPDIR)/migrate_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/migrate_job.c' object='migrate_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o migrate_job.obj `if test -f 'processing/jobs/migrate_job.c'; then $(CYGPATH_W) 'processing/jobs/migrate_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/migrate_job.c'; fi`
-
-process_message_job.o: processing/jobs/process_message_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.o -MD -MP -MF $(DEPDIR)/process_message_job.Tpo -c -o process_message_job.o `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/process_message_job.Tpo $(DEPDIR)/process_message_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/process_message_job.c' object='process_message_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.o `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c
-
-process_message_job.obj: processing/jobs/process_message_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.obj -MD -MP -MF $(DEPDIR)/process_message_job.Tpo -c -o process_message_job.obj `if test -f 'processing/jobs/process_message_job.c'; then $(CYGPATH_W) 'processing/jobs/process_message_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/process_message_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/process_message_job.Tpo $(DEPDIR)/process_message_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/process_message_job.c' object='process_message_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.obj `if test -f 'processing/jobs/process_message_job.c'; then $(CYGPATH_W) 'processing/jobs/process_message_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/process_message_job.c'; fi`
-
-rekey_child_sa_job.o: processing/jobs/rekey_child_sa_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.o -MD -MP -MF $(DEPDIR)/rekey_child_sa_job.Tpo -c -o rekey_child_sa_job.o `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_child_sa_job.Tpo $(DEPDIR)/rekey_child_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.o `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c
-
-rekey_child_sa_job.obj: processing/jobs/rekey_child_sa_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.obj -MD -MP -MF $(DEPDIR)/rekey_child_sa_job.Tpo -c -o rekey_child_sa_job.obj `if test -f 'processing/jobs/rekey_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_child_sa_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_child_sa_job.Tpo $(DEPDIR)/rekey_child_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.obj `if test -f 'processing/jobs/rekey_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_child_sa_job.c'; fi`
-
-rekey_ike_sa_job.o: processing/jobs/rekey_ike_sa_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.o -MD -MP -MF $(DEPDIR)/rekey_ike_sa_job.Tpo -c -o rekey_ike_sa_job.o `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_ike_sa_job.Tpo $(DEPDIR)/rekey_ike_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.o `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c
-
-rekey_ike_sa_job.obj: processing/jobs/rekey_ike_sa_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.obj -MD -MP -MF $(DEPDIR)/rekey_ike_sa_job.Tpo -c -o rekey_ike_sa_job.obj `if test -f 'processing/jobs/rekey_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_ike_sa_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_ike_sa_job.Tpo $(DEPDIR)/rekey_ike_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.obj `if test -f 'processing/jobs/rekey_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_ike_sa_job.c'; fi`
-
-retransmit_job.o: processing/jobs/retransmit_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.o -MD -MP -MF $(DEPDIR)/retransmit_job.Tpo -c -o retransmit_job.o `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/retransmit_job.Tpo $(DEPDIR)/retransmit_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/retransmit_job.c' object='retransmit_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.o `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c
-
-retransmit_job.obj: processing/jobs/retransmit_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.obj -MD -MP -MF $(DEPDIR)/retransmit_job.Tpo -c -o retransmit_job.obj `if test -f 'processing/jobs/retransmit_job.c'; then $(CYGPATH_W) 'processing/jobs/retransmit_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/retransmit_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/retransmit_job.Tpo $(DEPDIR)/retransmit_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/retransmit_job.c' object='retransmit_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.obj `if test -f 'processing/jobs/retransmit_job.c'; then $(CYGPATH_W) 'processing/jobs/retransmit_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/retransmit_job.c'; fi`
-
-send_dpd_job.o: processing/jobs/send_dpd_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.o -MD -MP -MF $(DEPDIR)/send_dpd_job.Tpo -c -o send_dpd_job.o `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_dpd_job.Tpo $(DEPDIR)/send_dpd_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_dpd_job.c' object='send_dpd_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.o `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c
-
-send_dpd_job.obj: processing/jobs/send_dpd_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.obj -MD -MP -MF $(DEPDIR)/send_dpd_job.Tpo -c -o send_dpd_job.obj `if test -f 'processing/jobs/send_dpd_job.c'; then $(CYGPATH_W) 'processing/jobs/send_dpd_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_dpd_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_dpd_job.Tpo $(DEPDIR)/send_dpd_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_dpd_job.c' object='send_dpd_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.obj `if test -f 'processing/jobs/send_dpd_job.c'; then $(CYGPATH_W) 'processing/jobs/send_dpd_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_dpd_job.c'; fi`
-
-send_keepalive_job.o: processing/jobs/send_keepalive_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.o -MD -MP -MF $(DEPDIR)/send_keepalive_job.Tpo -c -o send_keepalive_job.o `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_keepalive_job.Tpo $(DEPDIR)/send_keepalive_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_keepalive_job.c' object='send_keepalive_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.o `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c
-
-send_keepalive_job.obj: processing/jobs/send_keepalive_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.obj -MD -MP -MF $(DEPDIR)/send_keepalive_job.Tpo -c -o send_keepalive_job.obj `if test -f 'processing/jobs/send_keepalive_job.c'; then $(CYGPATH_W) 'processing/jobs/send_keepalive_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_keepalive_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_keepalive_job.Tpo $(DEPDIR)/send_keepalive_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_keepalive_job.c' object='send_keepalive_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.obj `if test -f 'processing/jobs/send_keepalive_job.c'; then $(CYGPATH_W) 'processing/jobs/send_keepalive_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_keepalive_job.c'; fi`
-
-roam_job.o: processing/jobs/roam_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT roam_job.o -MD -MP -MF $(DEPDIR)/roam_job.Tpo -c -o roam_job.o `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/roam_job.c' object='roam_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o roam_job.o `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c
-
-roam_job.obj: processing/jobs/roam_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT roam_job.obj -MD -MP -MF $(DEPDIR)/roam_job.Tpo -c -o roam_job.obj `if test -f 'processing/jobs/roam_job.c'; then $(CYGPATH_W) 'processing/jobs/roam_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/roam_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/roam_job.c' object='roam_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o roam_job.obj `if test -f 'processing/jobs/roam_job.c'; then $(CYGPATH_W) 'processing/jobs/roam_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/roam_job.c'; fi`
-
-update_sa_job.o: processing/jobs/update_sa_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT update_sa_job.o -MD -MP -MF $(DEPDIR)/update_sa_job.Tpo -c -o update_sa_job.o `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/update_sa_job.Tpo $(DEPDIR)/update_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/update_sa_job.c' object='update_sa_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o update_sa_job.o `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c
-
-update_sa_job.obj: processing/jobs/update_sa_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT update_sa_job.obj -MD -MP -MF $(DEPDIR)/update_sa_job.Tpo -c -o update_sa_job.obj `if test -f 'processing/jobs/update_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/update_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/update_sa_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/update_sa_job.Tpo $(DEPDIR)/update_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/update_sa_job.c' object='update_sa_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o update_sa_job.obj `if test -f 'processing/jobs/update_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/update_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/update_sa_job.c'; fi`
-
-inactivity_job.o: processing/jobs/inactivity_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT inactivity_job.o -MD -MP -MF $(DEPDIR)/inactivity_job.Tpo -c -o inactivity_job.o `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/inactivity_job.Tpo $(DEPDIR)/inactivity_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/inactivity_job.c' object='inactivity_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o inactivity_job.o `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c
-
-inactivity_job.obj: processing/jobs/inactivity_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT inactivity_job.obj -MD -MP -MF $(DEPDIR)/inactivity_job.Tpo -c -o inactivity_job.obj `if test -f 'processing/jobs/inactivity_job.c'; then $(CYGPATH_W) 'processing/jobs/inactivity_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/inactivity_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/inactivity_job.Tpo $(DEPDIR)/inactivity_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/inactivity_job.c' object='inactivity_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o inactivity_job.obj `if test -f 'processing/jobs/inactivity_job.c'; then $(CYGPATH_W) 'processing/jobs/inactivity_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/inactivity_job.c'; fi`
-
-scheduler.o: processing/scheduler.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.o -MD -MP -MF $(DEPDIR)/scheduler.Tpo -c -o scheduler.o `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/scheduler.c' object='scheduler.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.o `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c
-
-scheduler.obj: processing/scheduler.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.obj -MD -MP -MF $(DEPDIR)/scheduler.Tpo -c -o scheduler.obj `if test -f 'processing/scheduler.c'; then $(CYGPATH_W) 'processing/scheduler.c'; else $(CYGPATH_W) '$(srcdir)/processing/scheduler.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/scheduler.c' object='scheduler.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.obj `if test -f 'processing/scheduler.c'; then $(CYGPATH_W) 'processing/scheduler.c'; else $(CYGPATH_W) '$(srcdir)/processing/scheduler.c'; fi`
-
-processor.o: processing/processor.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT processor.o -MD -MP -MF $(DEPDIR)/processor.Tpo -c -o processor.o `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/processor.c' object='processor.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o processor.o `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c
-
-processor.obj: processing/processor.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT processor.obj -MD -MP -MF $(DEPDIR)/processor.Tpo -c -o processor.obj `if test -f 'processing/processor.c'; then $(CYGPATH_W) 'processing/processor.c'; else $(CYGPATH_W) '$(srcdir)/processing/processor.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/processor.c' object='processor.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o processor.obj `if test -f 'processing/processor.c'; then $(CYGPATH_W) 'processing/processor.c'; else $(CYGPATH_W) '$(srcdir)/processing/processor.c'; fi`
-
-authenticator.o: sa/authenticators/authenticator.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.o -MD -MP -MF $(DEPDIR)/authenticator.Tpo -c -o authenticator.o `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/authenticator.Tpo $(DEPDIR)/authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/authenticator.c' object='authenticator.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.o `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c
-
-authenticator.obj: sa/authenticators/authenticator.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.obj -MD -MP -MF $(DEPDIR)/authenticator.Tpo -c -o authenticator.obj `if test -f 'sa/authenticators/authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/authenticator.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/authenticator.Tpo $(DEPDIR)/authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/authenticator.c' object='authenticator.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.obj `if test -f 'sa/authenticators/authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/authenticator.c'; fi`
-
-eap_authenticator.o: sa/authenticators/eap_authenticator.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.o -MD -MP -MF $(DEPDIR)/eap_authenticator.Tpo -c -o eap_authenticator.o `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_authenticator.Tpo $(DEPDIR)/eap_authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.o `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c
-
-eap_authenticator.obj: sa/authenticators/eap_authenticator.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.obj -MD -MP -MF $(DEPDIR)/eap_authenticator.Tpo -c -o eap_authenticator.obj `if test -f 'sa/authenticators/eap_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/eap_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap_authenticator.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_authenticator.Tpo $(DEPDIR)/eap_authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.obj `if test -f 'sa/authenticators/eap_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/eap_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap_authenticator.c'; fi`
-
-eap_method.o: sa/authenticators/eap/eap_method.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.o -MD -MP -MF $(DEPDIR)/eap_method.Tpo -c -o eap_method.o `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_method.Tpo $(DEPDIR)/eap_method.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_method.c' object='eap_method.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.o `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c
-
-eap_method.obj: sa/authenticators/eap/eap_method.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.obj -MD -MP -MF $(DEPDIR)/eap_method.Tpo -c -o eap_method.obj `if test -f 'sa/authenticators/eap/eap_method.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_method.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_method.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_method.Tpo $(DEPDIR)/eap_method.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_method.c' object='eap_method.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.obj `if test -f 'sa/authenticators/eap/eap_method.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_method.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_method.c'; fi`
-
-eap_manager.o: sa/authenticators/eap/eap_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_manager.o -MD -MP -MF $(DEPDIR)/eap_manager.Tpo -c -o eap_manager.o `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_manager.Tpo $(DEPDIR)/eap_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_manager.c' object='eap_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_manager.o `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c
-
-eap_manager.obj: sa/authenticators/eap/eap_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_manager.obj -MD -MP -MF $(DEPDIR)/eap_manager.Tpo -c -o eap_manager.obj `if test -f 'sa/authenticators/eap/eap_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_manager.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_manager.Tpo $(DEPDIR)/eap_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_manager.c' object='eap_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_manager.obj `if test -f 'sa/authenticators/eap/eap_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_manager.c'; fi`
-
-sim_manager.o: sa/authenticators/eap/sim_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sim_manager.o -MD -MP -MF $(DEPDIR)/sim_manager.Tpo -c -o sim_manager.o `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sim_manager.Tpo $(DEPDIR)/sim_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/sim_manager.c' object='sim_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sim_manager.o `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c
-
-sim_manager.obj: sa/authenticators/eap/sim_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sim_manager.obj -MD -MP -MF $(DEPDIR)/sim_manager.Tpo -c -o sim_manager.obj `if test -f 'sa/authenticators/eap/sim_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/sim_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/sim_manager.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sim_manager.Tpo $(DEPDIR)/sim_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/sim_manager.c' object='sim_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sim_manager.obj `if test -f 'sa/authenticators/eap/sim_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/sim_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/sim_manager.c'; fi`
-
-psk_authenticator.o: sa/authenticators/psk_authenticator.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.o -MD -MP -MF $(DEPDIR)/psk_authenticator.Tpo -c -o psk_authenticator.o `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/psk_authenticator.Tpo $(DEPDIR)/psk_authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.o `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c
-
-psk_authenticator.obj: sa/authenticators/psk_authenticator.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.obj -MD -MP -MF $(DEPDIR)/psk_authenticator.Tpo -c -o psk_authenticator.obj `if test -f 'sa/authenticators/psk_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/psk_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/psk_authenticator.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/psk_authenticator.Tpo $(DEPDIR)/psk_authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.obj `if test -f 'sa/authenticators/psk_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/psk_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/psk_authenticator.c'; fi`
-
-pubkey_authenticator.o: sa/authenticators/pubkey_authenticator.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pubkey_authenticator.o -MD -MP -MF $(DEPDIR)/pubkey_authenticator.Tpo -c -o pubkey_authenticator.o `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pubkey_authenticator.Tpo $(DEPDIR)/pubkey_authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/pubkey_authenticator.c' object='pubkey_authenticator.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pubkey_authenticator.o `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c
-
-pubkey_authenticator.obj: sa/authenticators/pubkey_authenticator.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pubkey_authenticator.obj -MD -MP -MF $(DEPDIR)/pubkey_authenticator.Tpo -c -o pubkey_authenticator.obj `if test -f 'sa/authenticators/pubkey_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/pubkey_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/pubkey_authenticator.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pubkey_authenticator.Tpo $(DEPDIR)/pubkey_authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/pubkey_authenticator.c' object='pubkey_authenticator.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pubkey_authenticator.obj `if test -f 'sa/authenticators/pubkey_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/pubkey_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/pubkey_authenticator.c'; fi`
-
-child_sa.o: sa/child_sa.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.o -MD -MP -MF $(DEPDIR)/child_sa.Tpo -c -o child_sa.o `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_sa.Tpo $(DEPDIR)/child_sa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/child_sa.c' object='child_sa.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.o `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c
-
-child_sa.obj: sa/child_sa.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.obj -MD -MP -MF $(DEPDIR)/child_sa.Tpo -c -o child_sa.obj `if test -f 'sa/child_sa.c'; then $(CYGPATH_W) 'sa/child_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/child_sa.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_sa.Tpo $(DEPDIR)/child_sa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/child_sa.c' object='child_sa.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.obj `if test -f 'sa/child_sa.c'; then $(CYGPATH_W) 'sa/child_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/child_sa.c'; fi`
-
-ike_sa.o: sa/ike_sa.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.o -MD -MP -MF $(DEPDIR)/ike_sa.Tpo -c -o ike_sa.o `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa.Tpo $(DEPDIR)/ike_sa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa.c' object='ike_sa.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.o `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c
-
-ike_sa.obj: sa/ike_sa.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.obj -MD -MP -MF $(DEPDIR)/ike_sa.Tpo -c -o ike_sa.obj `if test -f 'sa/ike_sa.c'; then $(CYGPATH_W) 'sa/ike_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa.Tpo $(DEPDIR)/ike_sa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa.c' object='ike_sa.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.obj `if test -f 'sa/ike_sa.c'; then $(CYGPATH_W) 'sa/ike_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa.c'; fi`
-
-ike_sa_id.o: sa/ike_sa_id.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.o -MD -MP -MF $(DEPDIR)/ike_sa_id.Tpo -c -o ike_sa_id.o `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_id.Tpo $(DEPDIR)/ike_sa_id.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_id.c' object='ike_sa_id.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.o `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c
-
-ike_sa_id.obj: sa/ike_sa_id.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.obj -MD -MP -MF $(DEPDIR)/ike_sa_id.Tpo -c -o ike_sa_id.obj `if test -f 'sa/ike_sa_id.c'; then $(CYGPATH_W) 'sa/ike_sa_id.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_id.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_id.Tpo $(DEPDIR)/ike_sa_id.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_id.c' object='ike_sa_id.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.obj `if test -f 'sa/ike_sa_id.c'; then $(CYGPATH_W) 'sa/ike_sa_id.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_id.c'; fi`
-
-ike_sa_manager.o: sa/ike_sa_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.o -MD -MP -MF $(DEPDIR)/ike_sa_manager.Tpo -c -o ike_sa_manager.o `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_manager.Tpo $(DEPDIR)/ike_sa_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_manager.c' object='ike_sa_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.o `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c
-
-ike_sa_manager.obj: sa/ike_sa_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.obj -MD -MP -MF $(DEPDIR)/ike_sa_manager.Tpo -c -o ike_sa_manager.obj `if test -f 'sa/ike_sa_manager.c'; then $(CYGPATH_W) 'sa/ike_sa_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_manager.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_manager.Tpo $(DEPDIR)/ike_sa_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_manager.c' object='ike_sa_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.obj `if test -f 'sa/ike_sa_manager.c'; then $(CYGPATH_W) 'sa/ike_sa_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_manager.c'; fi`
-
-task_manager.o: sa/task_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.o -MD -MP -MF $(DEPDIR)/task_manager.Tpo -c -o task_manager.o `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task_manager.Tpo $(DEPDIR)/task_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/task_manager.c' object='task_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.o `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c
-
-task_manager.obj: sa/task_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.obj -MD -MP -MF $(DEPDIR)/task_manager.Tpo -c -o task_manager.obj `if test -f 'sa/task_manager.c'; then $(CYGPATH_W) 'sa/task_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/task_manager.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task_manager.Tpo $(DEPDIR)/task_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/task_manager.c' object='task_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.obj `if test -f 'sa/task_manager.c'; then $(CYGPATH_W) 'sa/task_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/task_manager.c'; fi`
-
-keymat.o: sa/keymat.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keymat.o -MD -MP -MF $(DEPDIR)/keymat.Tpo -c -o keymat.o `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/keymat.Tpo $(DEPDIR)/keymat.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/keymat.c' object='keymat.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keymat.o `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c
-
-keymat.obj: sa/keymat.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keymat.obj -MD -MP -MF $(DEPDIR)/keymat.Tpo -c -o keymat.obj `if test -f 'sa/keymat.c'; then $(CYGPATH_W) 'sa/keymat.c'; else $(CYGPATH_W) '$(srcdir)/sa/keymat.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/keymat.Tpo $(DEPDIR)/keymat.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/keymat.c' object='keymat.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keymat.obj `if test -f 'sa/keymat.c'; then $(CYGPATH_W) 'sa/keymat.c'; else $(CYGPATH_W) '$(srcdir)/sa/keymat.c'; fi`
-
-trap_manager.o: sa/trap_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT trap_manager.o -MD -MP -MF $(DEPDIR)/trap_manager.Tpo -c -o trap_manager.o `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/trap_manager.Tpo $(DEPDIR)/trap_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/trap_manager.c' object='trap_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o trap_manager.o `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c
-
-trap_manager.obj: sa/trap_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT trap_manager.obj -MD -MP -MF $(DEPDIR)/trap_manager.Tpo -c -o trap_manager.obj `if test -f 'sa/trap_manager.c'; then $(CYGPATH_W) 'sa/trap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/trap_manager.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/trap_manager.Tpo $(DEPDIR)/trap_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/trap_manager.c' object='trap_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o trap_manager.obj `if test -f 'sa/trap_manager.c'; then $(CYGPATH_W) 'sa/trap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/trap_manager.c'; fi`
-
-child_create.o: sa/tasks/child_create.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.o -MD -MP -MF $(DEPDIR)/child_create.Tpo -c -o child_create.o `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_create.Tpo $(DEPDIR)/child_create.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_create.c' object='child_create.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.o `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c
-
-child_create.obj: sa/tasks/child_create.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.obj -MD -MP -MF $(DEPDIR)/child_create.Tpo -c -o child_create.obj `if test -f 'sa/tasks/child_create.c'; then $(CYGPATH_W) 'sa/tasks/child_create.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_create.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_create.Tpo $(DEPDIR)/child_create.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_create.c' object='child_create.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.obj `if test -f 'sa/tasks/child_create.c'; then $(CYGPATH_W) 'sa/tasks/child_create.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_create.c'; fi`
-
-child_delete.o: sa/tasks/child_delete.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.o -MD -MP -MF $(DEPDIR)/child_delete.Tpo -c -o child_delete.o `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_delete.Tpo $(DEPDIR)/child_delete.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_delete.c' object='child_delete.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.o `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c
-
-child_delete.obj: sa/tasks/child_delete.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.obj -MD -MP -MF $(DEPDIR)/child_delete.Tpo -c -o child_delete.obj `if test -f 'sa/tasks/child_delete.c'; then $(CYGPATH_W) 'sa/tasks/child_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_delete.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_delete.Tpo $(DEPDIR)/child_delete.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_delete.c' object='child_delete.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.obj `if test -f 'sa/tasks/child_delete.c'; then $(CYGPATH_W) 'sa/tasks/child_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_delete.c'; fi`
-
-child_rekey.o: sa/tasks/child_rekey.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.o -MD -MP -MF $(DEPDIR)/child_rekey.Tpo -c -o child_rekey.o `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_rekey.Tpo $(DEPDIR)/child_rekey.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_rekey.c' object='child_rekey.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.o `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c
-
-child_rekey.obj: sa/tasks/child_rekey.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.obj -MD -MP -MF $(DEPDIR)/child_rekey.Tpo -c -o child_rekey.obj `if test -f 'sa/tasks/child_rekey.c'; then $(CYGPATH_W) 'sa/tasks/child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_rekey.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_rekey.Tpo $(DEPDIR)/child_rekey.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_rekey.c' object='child_rekey.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.obj `if test -f 'sa/tasks/child_rekey.c'; then $(CYGPATH_W) 'sa/tasks/child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_rekey.c'; fi`
-
-ike_auth.o: sa/tasks/ike_auth.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.o -MD -MP -MF $(DEPDIR)/ike_auth.Tpo -c -o ike_auth.o `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth.Tpo $(DEPDIR)/ike_auth.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth.c' object='ike_auth.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.o `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c
-
-ike_auth.obj: sa/tasks/ike_auth.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.obj -MD -MP -MF $(DEPDIR)/ike_auth.Tpo -c -o ike_auth.obj `if test -f 'sa/tasks/ike_auth.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth.Tpo $(DEPDIR)/ike_auth.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth.c' object='ike_auth.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.obj `if test -f 'sa/tasks/ike_auth.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth.c'; fi`
-
-ike_cert_pre.o: sa/tasks/ike_cert_pre.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_pre.o -MD -MP -MF $(DEPDIR)/ike_cert_pre.Tpo -c -o ike_cert_pre.o `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_pre.Tpo $(DEPDIR)/ike_cert_pre.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_pre.c' object='ike_cert_pre.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_pre.o `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c
-
-ike_cert_pre.obj: sa/tasks/ike_cert_pre.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_pre.obj -MD -MP -MF $(DEPDIR)/ike_cert_pre.Tpo -c -o ike_cert_pre.obj `if test -f 'sa/tasks/ike_cert_pre.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_pre.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_pre.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_pre.Tpo $(DEPDIR)/ike_cert_pre.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_pre.c' object='ike_cert_pre.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_pre.obj `if test -f 'sa/tasks/ike_cert_pre.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_pre.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_pre.c'; fi`
-
-ike_cert_post.o: sa/tasks/ike_cert_post.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_post.o -MD -MP -MF $(DEPDIR)/ike_cert_post.Tpo -c -o ike_cert_post.o `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_post.Tpo $(DEPDIR)/ike_cert_post.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_post.c' object='ike_cert_post.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_post.o `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c
-
-ike_cert_post.obj: sa/tasks/ike_cert_post.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_post.obj -MD -MP -MF $(DEPDIR)/ike_cert_post.Tpo -c -o ike_cert_post.obj `if test -f 'sa/tasks/ike_cert_post.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_post.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_post.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_post.Tpo $(DEPDIR)/ike_cert_post.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_post.c' object='ike_cert_post.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_post.obj `if test -f 'sa/tasks/ike_cert_post.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_post.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_post.c'; fi`
-
-ike_config.o: sa/tasks/ike_config.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.o -MD -MP -MF $(DEPDIR)/ike_config.Tpo -c -o ike_config.o `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_config.Tpo $(DEPDIR)/ike_config.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_config.c' object='ike_config.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.o `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c
-
-ike_config.obj: sa/tasks/ike_config.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.obj -MD -MP -MF $(DEPDIR)/ike_config.Tpo -c -o ike_config.obj `if test -f 'sa/tasks/ike_config.c'; then $(CYGPATH_W) 'sa/tasks/ike_config.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_config.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_config.Tpo $(DEPDIR)/ike_config.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_config.c' object='ike_config.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.obj `if test -f 'sa/tasks/ike_config.c'; then $(CYGPATH_W) 'sa/tasks/ike_config.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_config.c'; fi`
-
-ike_delete.o: sa/tasks/ike_delete.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.o -MD -MP -MF $(DEPDIR)/ike_delete.Tpo -c -o ike_delete.o `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_delete.Tpo $(DEPDIR)/ike_delete.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_delete.c' object='ike_delete.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.o `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c
-
-ike_delete.obj: sa/tasks/ike_delete.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.obj -MD -MP -MF $(DEPDIR)/ike_delete.Tpo -c -o ike_delete.obj `if test -f 'sa/tasks/ike_delete.c'; then $(CYGPATH_W) 'sa/tasks/ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_delete.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_delete.Tpo $(DEPDIR)/ike_delete.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_delete.c' object='ike_delete.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.obj `if test -f 'sa/tasks/ike_delete.c'; then $(CYGPATH_W) 'sa/tasks/ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_delete.c'; fi`
-
-ike_dpd.o: sa/tasks/ike_dpd.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.o -MD -MP -MF $(DEPDIR)/ike_dpd.Tpo -c -o ike_dpd.o `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_dpd.Tpo $(DEPDIR)/ike_dpd.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_dpd.c' object='ike_dpd.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.o `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c
-
-ike_dpd.obj: sa/tasks/ike_dpd.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.obj -MD -MP -MF $(DEPDIR)/ike_dpd.Tpo -c -o ike_dpd.obj `if test -f 'sa/tasks/ike_dpd.c'; then $(CYGPATH_W) 'sa/tasks/ike_dpd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_dpd.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_dpd.Tpo $(DEPDIR)/ike_dpd.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_dpd.c' object='ike_dpd.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.obj `if test -f 'sa/tasks/ike_dpd.c'; then $(CYGPATH_W) 'sa/tasks/ike_dpd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_dpd.c'; fi`
-
-ike_init.o: sa/tasks/ike_init.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.o -MD -MP -MF $(DEPDIR)/ike_init.Tpo -c -o ike_init.o `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_init.Tpo $(DEPDIR)/ike_init.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_init.c' object='ike_init.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.o `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c
-
-ike_init.obj: sa/tasks/ike_init.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.obj -MD -MP -MF $(DEPDIR)/ike_init.Tpo -c -o ike_init.obj `if test -f 'sa/tasks/ike_init.c'; then $(CYGPATH_W) 'sa/tasks/ike_init.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_init.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_init.Tpo $(DEPDIR)/ike_init.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_init.c' object='ike_init.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.obj `if test -f 'sa/tasks/ike_init.c'; then $(CYGPATH_W) 'sa/tasks/ike_init.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_init.c'; fi`
-
-ike_natd.o: sa/tasks/ike_natd.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.o -MD -MP -MF $(DEPDIR)/ike_natd.Tpo -c -o ike_natd.o `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_natd.Tpo $(DEPDIR)/ike_natd.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_natd.c' object='ike_natd.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.o `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c
-
-ike_natd.obj: sa/tasks/ike_natd.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.obj -MD -MP -MF $(DEPDIR)/ike_natd.Tpo -c -o ike_natd.obj `if test -f 'sa/tasks/ike_natd.c'; then $(CYGPATH_W) 'sa/tasks/ike_natd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_natd.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_natd.Tpo $(DEPDIR)/ike_natd.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_natd.c' object='ike_natd.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.obj `if test -f 'sa/tasks/ike_natd.c'; then $(CYGPATH_W) 'sa/tasks/ike_natd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_natd.c'; fi`
-
-ike_mobike.o: sa/tasks/ike_mobike.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_mobike.o -MD -MP -MF $(DEPDIR)/ike_mobike.Tpo -c -o ike_mobike.o `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_mobike.Tpo $(DEPDIR)/ike_mobike.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_mobike.c' object='ike_mobike.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_mobike.o `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c
-
-ike_mobike.obj: sa/tasks/ike_mobike.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_mobike.obj -MD -MP -MF $(DEPDIR)/ike_mobike.Tpo -c -o ike_mobike.obj `if test -f 'sa/tasks/ike_mobike.c'; then $(CYGPATH_W) 'sa/tasks/ike_mobike.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_mobike.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_mobike.Tpo $(DEPDIR)/ike_mobike.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_mobike.c' object='ike_mobike.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_mobike.obj `if test -f 'sa/tasks/ike_mobike.c'; then $(CYGPATH_W) 'sa/tasks/ike_mobike.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_mobike.c'; fi`
-
-ike_rekey.o: sa/tasks/ike_rekey.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.o -MD -MP -MF $(DEPDIR)/ike_rekey.Tpo -c -o ike_rekey.o `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_rekey.Tpo $(DEPDIR)/ike_rekey.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_rekey.c' object='ike_rekey.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.o `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c
-
-ike_rekey.obj: sa/tasks/ike_rekey.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.obj -MD -MP -MF $(DEPDIR)/ike_rekey.Tpo -c -o ike_rekey.obj `if test -f 'sa/tasks/ike_rekey.c'; then $(CYGPATH_W) 'sa/tasks/ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_rekey.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_rekey.Tpo $(DEPDIR)/ike_rekey.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_rekey.c' object='ike_rekey.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.obj `if test -f 'sa/tasks/ike_rekey.c'; then $(CYGPATH_W) 'sa/tasks/ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_rekey.c'; fi`
-
-ike_reauth.o: sa/tasks/ike_reauth.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_reauth.o -MD -MP -MF $(DEPDIR)/ike_reauth.Tpo -c -o ike_reauth.o `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_reauth.Tpo $(DEPDIR)/ike_reauth.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_reauth.c' object='ike_reauth.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_reauth.o `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c
-
-ike_reauth.obj: sa/tasks/ike_reauth.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_reauth.obj -MD -MP -MF $(DEPDIR)/ike_reauth.Tpo -c -o ike_reauth.obj `if test -f 'sa/tasks/ike_reauth.c'; then $(CYGPATH_W) 'sa/tasks/ike_reauth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_reauth.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_reauth.Tpo $(DEPDIR)/ike_reauth.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_reauth.c' object='ike_reauth.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_reauth.obj `if test -f 'sa/tasks/ike_reauth.c'; then $(CYGPATH_W) 'sa/tasks/ike_reauth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_reauth.c'; fi`
-
-ike_auth_lifetime.o: sa/tasks/ike_auth_lifetime.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth_lifetime.o -MD -MP -MF $(DEPDIR)/ike_auth_lifetime.Tpo -c -o ike_auth_lifetime.o `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth_lifetime.Tpo $(DEPDIR)/ike_auth_lifetime.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth_lifetime.c' object='ike_auth_lifetime.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth_lifetime.o `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c
-
-ike_auth_lifetime.obj: sa/tasks/ike_auth_lifetime.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth_lifetime.obj -MD -MP -MF $(DEPDIR)/ike_auth_lifetime.Tpo -c -o ike_auth_lifetime.obj `if test -f 'sa/tasks/ike_auth_lifetime.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth_lifetime.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth_lifetime.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth_lifetime.Tpo $(DEPDIR)/ike_auth_lifetime.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth_lifetime.c' object='ike_auth_lifetime.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth_lifetime.obj `if test -f 'sa/tasks/ike_auth_lifetime.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth_lifetime.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth_lifetime.c'; fi`
-
-ike_vendor.o: sa/tasks/ike_vendor.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_vendor.o -MD -MP -MF $(DEPDIR)/ike_vendor.Tpo -c -o ike_vendor.o `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_vendor.Tpo $(DEPDIR)/ike_vendor.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_vendor.c' object='ike_vendor.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_vendor.o `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c
-
-ike_vendor.obj: sa/tasks/ike_vendor.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_vendor.obj -MD -MP -MF $(DEPDIR)/ike_vendor.Tpo -c -o ike_vendor.obj `if test -f 'sa/tasks/ike_vendor.c'; then $(CYGPATH_W) 'sa/tasks/ike_vendor.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_vendor.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_vendor.Tpo $(DEPDIR)/ike_vendor.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_vendor.c' object='ike_vendor.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_vendor.obj `if test -f 'sa/tasks/ike_vendor.c'; then $(CYGPATH_W) 'sa/tasks/ike_vendor.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_vendor.c'; fi`
-
-task.o: sa/tasks/task.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.o -MD -MP -MF $(DEPDIR)/task.Tpo -c -o task.o `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task.Tpo $(DEPDIR)/task.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/task.c' object='task.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.o `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c
-
-task.obj: sa/tasks/task.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.obj -MD -MP -MF $(DEPDIR)/task.Tpo -c -o task.obj `if test -f 'sa/tasks/task.c'; then $(CYGPATH_W) 'sa/tasks/task.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/task.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task.Tpo $(DEPDIR)/task.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/task.c' object='task.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.obj `if test -f 'sa/tasks/task.c'; then $(CYGPATH_W) 'sa/tasks/task.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/task.c'; fi`
-
-credential_manager.o: credentials/credential_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_manager.o -MD -MP -MF $(DEPDIR)/credential_manager.Tpo -c -o credential_manager.o `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/credential_manager.Tpo $(DEPDIR)/credential_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/credential_manager.c' object='credential_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o credential_manager.o `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c
-
-credential_manager.obj: credentials/credential_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_manager.obj -MD -MP -MF $(DEPDIR)/credential_manager.Tpo -c -o credential_manager.obj `if test -f 'credentials/credential_manager.c'; then $(CYGPATH_W) 'credentials/credential_manager.c'; else $(CYGPATH_W) '$(srcdir)/credentials/credential_manager.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/credential_manager.Tpo $(DEPDIR)/credential_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/credential_manager.c' object='credential_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o credential_manager.obj `if test -f 'credentials/credential_manager.c'; then $(CYGPATH_W) 'credentials/credential_manager.c'; else $(CYGPATH_W) '$(srcdir)/credentials/credential_manager.c'; fi`
-
-auth_cfg_wrapper.o: credentials/sets/auth_cfg_wrapper.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg_wrapper.o -MD -MP -MF $(DEPDIR)/auth_cfg_wrapper.Tpo -c -o auth_cfg_wrapper.o `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg_wrapper.Tpo $(DEPDIR)/auth_cfg_wrapper.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/auth_cfg_wrapper.c' object='auth_cfg_wrapper.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg_wrapper.o `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c
-
-auth_cfg_wrapper.obj: credentials/sets/auth_cfg_wrapper.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg_wrapper.obj -MD -MP -MF $(DEPDIR)/auth_cfg_wrapper.Tpo -c -o auth_cfg_wrapper.obj `if test -f 'credentials/sets/auth_cfg_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/auth_cfg_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/auth_cfg_wrapper.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg_wrapper.Tpo $(DEPDIR)/auth_cfg_wrapper.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/auth_cfg_wrapper.c' object='auth_cfg_wrapper.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg_wrapper.obj `if test -f 'credentials/sets/auth_cfg_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/auth_cfg_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/auth_cfg_wrapper.c'; fi`
-
-ocsp_response_wrapper.o: credentials/sets/ocsp_response_wrapper.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp_response_wrapper.o -MD -MP -MF $(DEPDIR)/ocsp_response_wrapper.Tpo -c -o ocsp_response_wrapper.o `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ocsp_response_wrapper.Tpo $(DEPDIR)/ocsp_response_wrapper.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/ocsp_response_wrapper.c' object='ocsp_response_wrapper.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response_wrapper.o `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c
-
-ocsp_response_wrapper.obj: credentials/sets/ocsp_response_wrapper.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp_response_wrapper.obj -MD -MP -MF $(DEPDIR)/ocsp_response_wrapper.Tpo -c -o ocsp_response_wrapper.obj `if test -f 'credentials/sets/ocsp_response_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/ocsp_response_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/ocsp_response_wrapper.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ocsp_response_wrapper.Tpo $(DEPDIR)/ocsp_response_wrapper.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/ocsp_response_wrapper.c' object='ocsp_response_wrapper.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response_wrapper.obj `if test -f 'credentials/sets/ocsp_response_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/ocsp_response_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/ocsp_response_wrapper.c'; fi`
-
-cert_cache.o: credentials/sets/cert_cache.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_cache.o -MD -MP -MF $(DEPDIR)/cert_cache.Tpo -c -o cert_cache.o `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_cache.Tpo $(DEPDIR)/cert_cache.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/cert_cache.c' object='cert_cache.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_cache.o `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c
-
-cert_cache.obj: credentials/sets/cert_cache.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_cache.obj -MD -MP -MF $(DEPDIR)/cert_cache.Tpo -c -o cert_cache.obj `if test -f 'credentials/sets/cert_cache.c'; then $(CYGPATH_W) 'credentials/sets/cert_cache.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/cert_cache.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_cache.Tpo $(DEPDIR)/cert_cache.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/cert_cache.c' object='cert_cache.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_cache.obj `if test -f 'credentials/sets/cert_cache.c'; then $(CYGPATH_W) 'credentials/sets/cert_cache.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/cert_cache.c'; fi`
-
-socket-raw.o: network/socket-raw.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket-raw.o -MD -MP -MF $(DEPDIR)/socket-raw.Tpo -c -o socket-raw.o `test -f 'network/socket-raw.c' || echo '$(srcdir)/'`network/socket-raw.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket-raw.Tpo $(DEPDIR)/socket-raw.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket-raw.c' object='socket-raw.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket-raw.o `test -f 'network/socket-raw.c' || echo '$(srcdir)/'`network/socket-raw.c
-
-socket-raw.obj: network/socket-raw.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket-raw.obj -MD -MP -MF $(DEPDIR)/socket-raw.Tpo -c -o socket-raw.obj `if test -f 'network/socket-raw.c'; then $(CYGPATH_W) 'network/socket-raw.c'; else $(CYGPATH_W) '$(srcdir)/network/socket-raw.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket-raw.Tpo $(DEPDIR)/socket-raw.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket-raw.c' object='socket-raw.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket-raw.obj `if test -f 'network/socket-raw.c'; then $(CYGPATH_W) 'network/socket-raw.c'; else $(CYGPATH_W) '$(srcdir)/network/socket-raw.c'; fi`
-
-socket.o: network/socket.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket.o -MD -MP -MF $(DEPDIR)/socket.Tpo -c -o socket.o `test -f 'network/socket.c' || echo '$(srcdir)/'`network/socket.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket.Tpo $(DEPDIR)/socket.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket.c' object='socket.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket.o `test -f 'network/socket.c' || echo '$(srcdir)/'`network/socket.c
-
-socket.obj: network/socket.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket.obj -MD -MP -MF $(DEPDIR)/socket.Tpo -c -o socket.obj `if test -f 'network/socket.c'; then $(CYGPATH_W) 'network/socket.c'; else $(CYGPATH_W) '$(srcdir)/network/socket.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket.Tpo $(DEPDIR)/socket.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket.c' object='socket.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket.obj `if test -f 'network/socket.c'; then $(CYGPATH_W) 'network/socket.c'; else $(CYGPATH_W) '$(srcdir)/network/socket.c'; fi`
-
-endpoint_notify.o: encoding/payloads/endpoint_notify.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT endpoint_notify.o -MD -MP -MF $(DEPDIR)/endpoint_notify.Tpo -c -o endpoint_notify.o `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/endpoint_notify.Tpo $(DEPDIR)/endpoint_notify.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/endpoint_notify.c' object='endpoint_notify.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o endpoint_notify.o `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c
-
-endpoint_notify.obj: encoding/payloads/endpoint_notify.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT endpoint_notify.obj -MD -MP -MF $(DEPDIR)/endpoint_notify.Tpo -c -o endpoint_notify.obj `if test -f 'encoding/payloads/endpoint_notify.c'; then $(CYGPATH_W) 'encoding/payloads/endpoint_notify.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/endpoint_notify.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/endpoint_notify.Tpo $(DEPDIR)/endpoint_notify.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/endpoint_notify.c' object='endpoint_notify.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o endpoint_notify.obj `if test -f 'encoding/payloads/endpoint_notify.c'; then $(CYGPATH_W) 'encoding/payloads/endpoint_notify.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/endpoint_notify.c'; fi`
-
-initiate_mediation_job.o: processing/jobs/initiate_mediation_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT initiate_mediation_job.o -MD -MP -MF $(DEPDIR)/initiate_mediation_job.Tpo -c -o initiate_mediation_job.o `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/initiate_mediation_job.Tpo $(DEPDIR)/initiate_mediation_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/initiate_mediation_job.c' object='initiate_mediation_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o initiate_mediation_job.o `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c
-
-initiate_mediation_job.obj: processing/jobs/initiate_mediation_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT initiate_mediation_job.obj -MD -MP -MF $(DEPDIR)/initiate_mediation_job.Tpo -c -o initiate_mediation_job.obj `if test -f 'processing/jobs/initiate_mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/initiate_mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/initiate_mediation_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/initiate_mediation_job.Tpo $(DEPDIR)/initiate_mediation_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/initiate_mediation_job.c' object='initiate_mediation_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o initiate_mediation_job.obj `if test -f 'processing/jobs/initiate_mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/initiate_mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/initiate_mediation_job.c'; fi`
-
-mediation_job.o: processing/jobs/mediation_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_job.o -MD -MP -MF $(DEPDIR)/mediation_job.Tpo -c -o mediation_job.o `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_job.Tpo $(DEPDIR)/mediation_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/mediation_job.c' object='mediation_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_job.o `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c
-
-mediation_job.obj: processing/jobs/mediation_job.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_job.obj -MD -MP -MF $(DEPDIR)/mediation_job.Tpo -c -o mediation_job.obj `if test -f 'processing/jobs/mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/mediation_job.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_job.Tpo $(DEPDIR)/mediation_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/mediation_job.c' object='mediation_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_job.obj `if test -f 'processing/jobs/mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/mediation_job.c'; fi`
-
-connect_manager.o: sa/connect_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT connect_manager.o -MD -MP -MF $(DEPDIR)/connect_manager.Tpo -c -o connect_manager.o `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/connect_manager.Tpo $(DEPDIR)/connect_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/connect_manager.c' object='connect_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o connect_manager.o `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c
-
-connect_manager.obj: sa/connect_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT connect_manager.obj -MD -MP -MF $(DEPDIR)/connect_manager.Tpo -c -o connect_manager.obj `if test -f 'sa/connect_manager.c'; then $(CYGPATH_W) 'sa/connect_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/connect_manager.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/connect_manager.Tpo $(DEPDIR)/connect_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/connect_manager.c' object='connect_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o connect_manager.obj `if test -f 'sa/connect_manager.c'; then $(CYGPATH_W) 'sa/connect_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/connect_manager.c'; fi`
-
-mediation_manager.o: sa/mediation_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_manager.o -MD -MP -MF $(DEPDIR)/mediation_manager.Tpo -c -o mediation_manager.o `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_manager.Tpo $(DEPDIR)/mediation_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/mediation_manager.c' object='mediation_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_manager.o `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c
-
-mediation_manager.obj: sa/mediation_manager.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_manager.obj -MD -MP -MF $(DEPDIR)/mediation_manager.Tpo -c -o mediation_manager.obj `if test -f 'sa/mediation_manager.c'; then $(CYGPATH_W) 'sa/mediation_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/mediation_manager.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_manager.Tpo $(DEPDIR)/mediation_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/mediation_manager.c' object='mediation_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_manager.obj `if test -f 'sa/mediation_manager.c'; then $(CYGPATH_W) 'sa/mediation_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/mediation_manager.c'; fi`
-
-ike_me.o: sa/tasks/ike_me.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_me.o -MD -MP -MF $(DEPDIR)/ike_me.Tpo -c -o ike_me.o `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_me.Tpo $(DEPDIR)/ike_me.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_me.c' object='ike_me.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_me.o `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c
-
-ike_me.obj: sa/tasks/ike_me.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_me.obj -MD -MP -MF $(DEPDIR)/ike_me.Tpo -c -o ike_me.obj `if test -f 'sa/tasks/ike_me.c'; then $(CYGPATH_W) 'sa/tasks/ike_me.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_me.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_me.Tpo $(DEPDIR)/ike_me.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_me.c' object='ike_me.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_me.obj `if test -f 'sa/tasks/ike_me.c'; then $(CYGPATH_W) 'sa/tasks/ike_me.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_me.c'; fi`
-
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-# (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
- @failcom='exit 1'; \
- for f in x $$MAKEFLAGS; do \
- case $$f in \
- *=* | --[!k]*);; \
- *k*) failcom='fail=yes';; \
- esac; \
- done; \
- dot_seen=no; \
- target=`echo $@ | sed s/-recursive//`; \
- list='$(SUBDIRS)'; for subdir in $$list; do \
- echo "Making $$target in $$subdir"; \
- if test "$$subdir" = "."; then \
- dot_seen=yes; \
- local_target="$$target-am"; \
- else \
- local_target="$$target"; \
- fi; \
- ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
- || eval $$failcom; \
- done; \
- if test "$$dot_seen" = "no"; then \
- $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
- fi; test -z "$$fail"
-
-$(RECURSIVE_CLEAN_TARGETS):
- @failcom='exit 1'; \
- for f in x $$MAKEFLAGS; do \
- case $$f in \
- *=* | --[!k]*);; \
- *k*) failcom='fail=yes';; \
- esac; \
- done; \
- dot_seen=no; \
- case "$@" in \
- distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
- *) list='$(SUBDIRS)' ;; \
- esac; \
- rev=''; for subdir in $$list; do \
- if test "$$subdir" = "."; then :; else \
- rev="$$subdir $$rev"; \
- fi; \
- done; \
- rev="$$rev ."; \
- target=`echo $@ | sed s/-recursive//`; \
- for subdir in $$rev; do \
- echo "Making $$target in $$subdir"; \
- if test "$$subdir" = "."; then \
- local_target="$$target-am"; \
- else \
- local_target="$$target"; \
- fi; \
- ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
- || eval $$failcom; \
- done && test -z "$$fail"
-tags-recursive:
- list='$(SUBDIRS)'; for subdir in $$list; do \
- test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
- done
-ctags-recursive:
- list='$(SUBDIRS)'; for subdir in $$list; do \
- test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
- done
-
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
@@ -2364,23 +379,10 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
mkid -fID $$unique
tags: TAGS
-TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
set x; \
here=`pwd`; \
- if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
- include_option=--etags-include; \
- empty_fix=.; \
- else \
- include_option=--include; \
- empty_fix=; \
- fi; \
- list='$(SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- test ! -f $$subdir/TAGS || \
- set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
- fi; \
- done; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
@@ -2399,7 +401,7 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
fi; \
fi
ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
@@ -2449,51 +451,22 @@ distdir: $(DISTFILES)
|| exit 1; \
fi; \
done
- @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- test -d "$(distdir)/$$subdir" \
- || $(MKDIR_P) "$(distdir)/$$subdir" \
- || exit 1; \
- fi; \
- done
- @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
- $(am__relativize); \
- new_distdir=$$reldir; \
- dir1=$$subdir; dir2="$(top_distdir)"; \
- $(am__relativize); \
- new_top_distdir=$$reldir; \
- echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
- echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
- ($(am__cd) $$subdir && \
- $(MAKE) $(AM_MAKEFLAGS) \
- top_distdir="$$new_top_distdir" \
- distdir="$$new_distdir" \
- am__remove_distdir=: \
- am__skip_length_check=: \
- am__skip_mode_fix=: \
- distdir) \
- || exit 1; \
- fi; \
- done
check-am: all-am
-check: check-recursive
+check: check-am
all-am: Makefile $(PROGRAMS)
-installdirs: installdirs-recursive
-installdirs-am:
+installdirs:
for dir in "$(DESTDIR)$(ipsecdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-installcheck: installcheck-recursive
+installcheck: installcheck-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
@@ -2510,95 +483,92 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
+clean: clean-am
clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \
mostlyclean-am
-distclean: distclean-recursive
+distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
-dvi: dvi-recursive
+dvi: dvi-am
dvi-am:
-html: html-recursive
+html: html-am
html-am:
-info: info-recursive
+info: info-am
info-am:
install-data-am: install-ipsecPROGRAMS
-install-dvi: install-dvi-recursive
+install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
-install-html: install-html-recursive
+install-html: install-html-am
install-html-am:
-install-info: install-info-recursive
+install-info: install-info-am
install-info-am:
install-man:
-install-pdf: install-pdf-recursive
+install-pdf: install-pdf-am
install-pdf-am:
-install-ps: install-ps-recursive
+install-ps: install-ps-am
install-ps-am:
installcheck-am:
-maintainer-clean: maintainer-clean-recursive
+maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
-mostlyclean: mostlyclean-recursive
+mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool
-pdf: pdf-recursive
+pdf: pdf-am
pdf-am:
-ps: ps-recursive
+ps: ps-am
ps-am:
uninstall-am: uninstall-ipsecPROGRAMS
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
- install-am install-strip tags-recursive
-
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
- all all-am check check-am clean clean-generic \
- clean-ipsecPROGRAMS clean-libtool ctags ctags-recursive \
- distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-ipsecPROGRAMS install-man install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs installdirs-am \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \
- uninstall-ipsecPROGRAMS
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-ipsecPROGRAMS clean-libtool ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-ipsecPROGRAMS install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-ipsecPROGRAMS
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/charon.c b/src/charon/charon.c
new file mode 100644
index 000000000..9b552fb62
--- /dev/null
+++ b/src/charon/charon.c
@@ -0,0 +1,417 @@
+/*
+ * Copyright (C) 2006-2010 Tobias Brunner
+ * Copyright (C) 2005-2009 Martin Willi
+ * Copyright (C) 2006 Daniel Roethlisberger
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdio.h>
+#ifdef HAVE_PRCTL
+#include <sys/prctl.h>
+#endif
+#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */
+#include <signal.h>
+#undef _POSIX_PTHREAD_SEMANTICS
+#include <pthread.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <getopt.h>
+#include <pwd.h>
+#include <grp.h>
+
+#include <hydra.h>
+#include <daemon.h>
+
+#include <library.h>
+#include <utils/backtrace.h>
+#include <threading/thread.h>
+
+/**
+ * PID file, in which charon stores its process id
+ */
+#define PID_FILE IPSEC_PIDDIR "/charon.pid"
+
+/**
+ * hook in library for debugging messages
+ */
+extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
+
+/**
+ * Logging hook for library logs, using stderr output
+ */
+static void dbg_stderr(debug_t group, level_t level, char *fmt, ...)
+{
+ va_list args;
+
+ if (level <= 1)
+ {
+ va_start(args, fmt);
+ fprintf(stderr, "00[%N] ", debug_names, group);
+ vfprintf(stderr, fmt, args);
+ fprintf(stderr, "\n");
+ va_end(args);
+ }
+}
+
+/**
+ * Run the daemon and handle unix signals
+ */
+static void run()
+{
+ sigset_t set;
+
+ /* handle SIGINT, SIGHUP ans SIGTERM in this handler */
+ sigemptyset(&set);
+ sigaddset(&set, SIGINT);
+ sigaddset(&set, SIGHUP);
+ sigaddset(&set, SIGTERM);
+ sigprocmask(SIG_BLOCK, &set, NULL);
+
+ while (TRUE)
+ {
+ int sig;
+ int error;
+
+ error = sigwait(&set, &sig);
+ if (error)
+ {
+ DBG1(DBG_DMN, "error %d while waiting for a signal", error);
+ return;
+ }
+ switch (sig)
+ {
+ case SIGHUP:
+ {
+ DBG1(DBG_DMN, "signal of type SIGHUP received. Ignored");
+ break;
+ }
+ case SIGINT:
+ {
+ DBG1(DBG_DMN, "signal of type SIGINT received. Shutting down");
+ charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
+ return;
+ }
+ case SIGTERM:
+ {
+ DBG1(DBG_DMN, "signal of type SIGTERM received. Shutting down");
+ charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
+ return;
+ }
+ default:
+ {
+ DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
+ break;
+ }
+ }
+ }
+}
+
+/**
+ * drop daemon capabilities
+ */
+static bool drop_capabilities()
+{
+#ifdef HAVE_PRCTL
+ prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
+#endif
+
+ if (setgid(charon->gid) != 0)
+ {
+ DBG1(DBG_DMN, "change to unprivileged group failed");
+ return FALSE;
+ }
+ if (setuid(charon->uid) != 0)
+ {
+ DBG1(DBG_DMN, "change to unprivileged user failed");
+ return FALSE;
+ }
+ if (!charon->drop_capabilities(charon))
+ {
+ DBG1(DBG_DMN, "unable to drop daemon capabilities");
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ * lookup UID and GID
+ */
+static bool lookup_uid_gid()
+{
+#ifdef IPSEC_USER
+ {
+ char buf[1024];
+ struct passwd passwd, *pwp;
+
+ if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
+ pwp == NULL)
+ {
+ DBG1(DBG_DMN, "resolving user '"IPSEC_USER"' failed");
+ return FALSE;
+ }
+ charon->uid = pwp->pw_uid;
+ }
+#endif
+#ifdef IPSEC_GROUP
+ {
+ char buf[1024];
+ struct group group, *grp;
+
+ if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
+ grp == NULL)
+ {
+ DBG1(DBG_DMN, "resolving group '"IPSEC_GROUP"' failed");
+ return FALSE;
+ }
+ charon->gid = grp->gr_gid;
+ }
+#endif
+ return TRUE;
+}
+
+/**
+ * Handle SIGSEGV/SIGILL signals raised by threads
+ */
+static void segv_handler(int signal)
+{
+ backtrace_t *backtrace;
+
+ DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal);
+ backtrace = backtrace_create(2);
+ backtrace->log(backtrace, stderr);
+ backtrace->destroy(backtrace);
+
+ DBG1(DBG_DMN, "killing ourself, received critical signal");
+ abort();
+}
+
+/**
+ * Check/create PID file, return TRUE if already running
+ */
+static bool check_pidfile()
+{
+ struct stat stb;
+ FILE *file;
+
+ if (stat(PID_FILE, &stb) == 0)
+ {
+ file = fopen(PID_FILE, "r");
+ if (file)
+ {
+ char buf[64];
+ pid_t pid = 0;
+
+ memset(buf, 0, sizeof(buf));
+ if (fread(buf, 1, sizeof(buf), file))
+ {
+ pid = atoi(buf);
+ }
+ fclose(file);
+ if (pid && kill(pid, 0) == 0)
+ { /* such a process is running */
+ return TRUE;
+ }
+ }
+ DBG1(DBG_DMN, "removing pidfile '"PID_FILE"', process not running");
+ unlink(PID_FILE);
+ }
+
+ /* create new pidfile */
+ file = fopen(PID_FILE, "w");
+ if (file)
+ {
+ fprintf(file, "%d\n", getpid());
+ ignore_result(fchown(fileno(file), charon->uid, charon->gid));
+ fclose(file);
+ }
+ return FALSE;
+}
+
+/**
+ * print command line usage and exit
+ */
+static void usage(const char *msg)
+{
+ if (msg != NULL && *msg != '\0')
+ {
+ fprintf(stderr, "%s\n", msg);
+ }
+ fprintf(stderr, "Usage: charon\n"
+ " [--help]\n"
+ " [--version]\n"
+ " [--use-syslog]\n"
+ " [--debug-<type> <level>]\n"
+ " <type>: log context type (dmn|mgr|ike|chd|job|cfg|knl|net|enc|lib)\n"
+ " <level>: log verbosity (-1 = silent, 0 = audit, 1 = control,\n"
+ " 2 = controlmore, 3 = raw, 4 = private)\n"
+ "\n"
+ );
+ exit(msg == NULL? 0 : 1);
+}
+
+/**
+ * Main function, starts the daemon.
+ */
+int main(int argc, char *argv[])
+{
+ struct sigaction action;
+ bool use_syslog = FALSE;
+ level_t levels[DBG_MAX];
+ int group, status = SS_RC_INITIALIZATION_FAILED;
+
+ /* logging for library during initialization, as we have no bus yet */
+ dbg = dbg_stderr;
+
+ /* initialize library */
+ if (!library_init(NULL))
+ {
+ library_deinit();
+ exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
+ }
+
+ if (lib->integrity &&
+ !lib->integrity->check_file(lib->integrity, "charon", argv[0]))
+ {
+ dbg_stderr(DBG_DMN, 1, "integrity check of charon failed");
+ library_deinit();
+ exit(SS_RC_DAEMON_INTEGRITY);
+ }
+
+ if (!libhydra_init("charon"))
+ {
+ dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon");
+ libhydra_deinit();
+ library_deinit();
+ exit(SS_RC_INITIALIZATION_FAILED);
+ }
+
+ if (!libcharon_init())
+ {
+ dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon");
+ goto deinit;
+ }
+
+ /* use CTRL loglevel for default */
+ for (group = 0; group < DBG_MAX; group++)
+ {
+ levels[group] = LEVEL_CTRL;
+ }
+
+ /* handle arguments */
+ for (;;)
+ {
+ struct option long_opts[] = {
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, 'v' },
+ { "use-syslog", no_argument, NULL, 'l' },
+ /* TODO: handle "debug-all" */
+ { "debug-dmn", required_argument, &group, DBG_DMN },
+ { "debug-mgr", required_argument, &group, DBG_MGR },
+ { "debug-ike", required_argument, &group, DBG_IKE },
+ { "debug-chd", required_argument, &group, DBG_CHD },
+ { "debug-job", required_argument, &group, DBG_JOB },
+ { "debug-cfg", required_argument, &group, DBG_CFG },
+ { "debug-knl", required_argument, &group, DBG_KNL },
+ { "debug-net", required_argument, &group, DBG_NET },
+ { "debug-enc", required_argument, &group, DBG_ENC },
+ { "debug-lib", required_argument, &group, DBG_LIB },
+ { 0,0,0,0 }
+ };
+
+ int c = getopt_long(argc, argv, "", long_opts, NULL);
+ switch (c)
+ {
+ case EOF:
+ break;
+ case 'h':
+ usage(NULL);
+ break;
+ case 'v':
+ printf("Linux strongSwan %s\n", VERSION);
+ status = 0;
+ goto deinit;
+ case 'l':
+ use_syslog = TRUE;
+ continue;
+ case 0:
+ /* option is in group */
+ levels[group] = atoi(optarg);
+ continue;
+ default:
+ usage("");
+ break;
+ }
+ break;
+ }
+
+ if (!lookup_uid_gid())
+ {
+ dbg_stderr(DBG_DMN, 1, "invalid uid/gid - aborting charon");
+ goto deinit;
+ }
+
+ /* initialize daemon */
+ if (!charon->initialize(charon, use_syslog, levels))
+ {
+ DBG1(DBG_DMN, "initialization failed - aborting charon");
+ goto deinit;
+ }
+
+ if (check_pidfile())
+ {
+ DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)");
+ status = -1;
+ goto deinit;
+ }
+
+ if (!drop_capabilities())
+ {
+ DBG1(DBG_DMN, "capability dropping failed - aborting charon");
+ goto deinit;
+ }
+
+ /* add handler for SEGV and ILL,
+ * INT, TERM and HUP are handled by sigwait() in run() */
+ action.sa_handler = segv_handler;
+ action.sa_flags = 0;
+ sigemptyset(&action.sa_mask);
+ sigaddset(&action.sa_mask, SIGINT);
+ sigaddset(&action.sa_mask, SIGTERM);
+ sigaddset(&action.sa_mask, SIGHUP);
+ sigaction(SIGSEGV, &action, NULL);
+ sigaction(SIGILL, &action, NULL);
+ sigaction(SIGBUS, &action, NULL);
+ action.sa_handler = SIG_IGN;
+ sigaction(SIGPIPE, &action, NULL);
+
+ pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
+
+ /* start daemon (i.e. the threads in the thread-pool) */
+ charon->start(charon);
+
+ /* main thread goes to run loop */
+ run();
+
+ /* normal termination, cleanup and exit */
+ unlink(PID_FILE);
+ status = 0;
+
+deinit:
+ libcharon_deinit();
+ libhydra_deinit();
+ library_deinit();
+ return status;
+}
+
diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c
deleted file mode 100644
index 99bf94e9b..000000000
--- a/src/charon/kernel/kernel_interface.c
+++ /dev/null
@@ -1,430 +0,0 @@
-/*
- * Copyright (C) 2008-2009 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "kernel_interface.h"
-
-#include <daemon.h>
-
-typedef struct private_kernel_interface_t private_kernel_interface_t;
-
-/**
- * Private data of a kernel_interface_t object.
- */
-struct private_kernel_interface_t {
-
- /**
- * Public part of kernel_interface_t object.
- */
- kernel_interface_t public;
-
- /**
- * ipsec interface
- */
- kernel_ipsec_t *ipsec;
-
- /**
- * network interface
- */
- kernel_net_t *net;
-};
-
-/**
- * Implementation of kernel_interface_t.get_spi
- */
-static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *dst,
- protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
-{
- if (!this->ipsec)
- {
- return NOT_SUPPORTED;
- }
- return this->ipsec->get_spi(this->ipsec, src, dst, protocol, reqid, spi);
-}
-
-/**
- * Implementation of kernel_interface_t.get_cpi
- */
-static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t reqid, u_int16_t *cpi)
-{
- if (!this->ipsec)
- {
- return NOT_SUPPORTED;
- }
- return this->ipsec->get_cpi(this->ipsec, src, dst, reqid, cpi);
-}
-
-/**
- * Implementation of kernel_interface_t.add_sa
- */
-static status_t add_sa(private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, protocol_id_t protocol, u_int32_t reqid,
- lifetime_cfg_t *lifetime,
- u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key,
- ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap,
- bool inbound, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts)
-{
- if (!this->ipsec)
- {
- return NOT_SUPPORTED;
- }
- return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
- lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, cpi,
- encap, inbound, src_ts, dst_ts);
-}
-
-/**
- * Implementation of kernel_interface_t.update_sa
- */
-static status_t update_sa(private_kernel_interface_t *this, u_int32_t spi,
- protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst,
- host_t *new_src, host_t *new_dst, bool encap, bool new_encap)
-{
- if (!this->ipsec)
- {
- return NOT_SUPPORTED;
- }
- return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst,
- new_src, new_dst, encap, new_encap);
-}
-
-/**
- * Implementation of kernel_interface_t.query_sa
- */
-static status_t query_sa(private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes)
-{
- if (!this->ipsec)
- {
- return NOT_SUPPORTED;
- }
- return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, bytes);
-}
-
-/**
- * Implementation of kernel_interface_t.del_sa
- */
-static status_t del_sa(private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, protocol_id_t protocol, u_int16_t cpi)
-{
- if (!this->ipsec)
- {
- return NOT_SUPPORTED;
- }
- return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi);
-}
-
-/**
- * Implementation of kernel_interface_t.add_policy
- */
-static status_t add_policy(private_kernel_interface_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
- u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- bool routed)
-{
- if (!this->ipsec)
- {
- return NOT_SUPPORTED;
- }
- return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts,
- direction, spi, protocol, reqid, mode, ipcomp, cpi, routed);
-}
-
-/**
- * Implementation of kernel_interface_t.query_policy
- */
-static status_t query_policy(private_kernel_interface_t *this,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, u_int32_t *use_time)
-{
- if (!this->ipsec)
- {
- return NOT_SUPPORTED;
- }
- return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts, direction, use_time);
-}
-
-/**
- * Implementation of kernel_interface_t.del_policy
- */
-static status_t del_policy(private_kernel_interface_t *this,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, bool unrouted)
-{
- if (!this->ipsec)
- {
- return NOT_SUPPORTED;
- }
- return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts, direction, unrouted);
-}
-
-/**
- * Implementation of kernel_interface_t.get_source_addr
- */
-static host_t *get_source_addr(private_kernel_interface_t *this,
- host_t *dest, host_t *src)
-{
- if (!this->net)
- {
- return NULL;
- }
- return this->net->get_source_addr(this->net, dest, src);
-}
-
-/**
- * Implementation of kernel_interface_t.get_nexthop
- */
-static host_t *get_nexthop(private_kernel_interface_t *this, host_t *dest)
-{
- if (!this->net)
- {
- return NULL;
- }
- return this->net->get_nexthop(this->net, dest);
-}
-
-/**
- * Implementation of kernel_interface_t.get_interface
- */
-static char* get_interface(private_kernel_interface_t *this, host_t *host)
-{
- if (!this->net)
- {
- return NULL;
- }
- return this->net->get_interface(this->net, host);
-}
-
-/**
- * Implementation of kernel_interface_t.create_address_enumerator
- */
-static enumerator_t *create_address_enumerator(private_kernel_interface_t *this,
- bool include_down_ifaces, bool include_virtual_ips)
-{
- if (!this->net)
- {
- return enumerator_create_empty();
- }
- return this->net->create_address_enumerator(this->net, include_down_ifaces,
- include_virtual_ips);
-}
-
-/**
- * Implementation of kernel_interface_t.add_ip
- */
-static status_t add_ip(private_kernel_interface_t *this, host_t *virtual_ip,
- host_t *iface_ip)
-{
- if (!this->net)
- {
- return NOT_SUPPORTED;
- }
- return this->net->add_ip(this->net, virtual_ip, iface_ip);
-}
-
-/**
- * Implementation of kernel_interface_t.del_ip
- */
-static status_t del_ip(private_kernel_interface_t *this, host_t *virtual_ip)
-{
- if (!this->net)
- {
- return NOT_SUPPORTED;
- }
- return this->net->del_ip(this->net, virtual_ip);
-}
-
-/**
- * Implementation of kernel_interface_t.add_route
- */
-static status_t add_route(private_kernel_interface_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
-{
- if (!this->net)
- {
- return NOT_SUPPORTED;
- }
- return this->net->add_route(this->net, dst_net, prefixlen, gateway, src_ip,
- if_name);
-}
-
-/**
- * Implementation of kernel_interface_t.del_route
- */
-static status_t del_route(private_kernel_interface_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
-{
- if (!this->net)
- {
- return NOT_SUPPORTED;
- }
- return this->net->del_route(this->net, dst_net, prefixlen, gateway, src_ip,
- if_name);
-}
-
-
-/**
- * Implementation of kernel_interface_t.get_address_by_ts
- */
-static status_t get_address_by_ts(private_kernel_interface_t *this,
- traffic_selector_t *ts, host_t **ip)
-{
- enumerator_t *addrs;
- host_t *host;
- int family;
- bool found = FALSE;
-
- DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts);
-
- /* if we have a family which includes localhost, we do not
- * search for an IP, we use the default */
- family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
-
- if (family == AF_INET)
- {
- host = host_create_from_string("127.0.0.1", 0);
- }
- else
- {
- host = host_create_from_string("::1", 0);
- }
-
- if (ts->includes(ts, host))
- {
- *ip = host_create_any(family);
- host->destroy(host);
- DBG2(DBG_KNL, "using host %H", *ip);
- return SUCCESS;
- }
- host->destroy(host);
-
- addrs = create_address_enumerator(this, TRUE, TRUE);
- while (addrs->enumerate(addrs, (void**)&host))
- {
- if (ts->includes(ts, host))
- {
- found = TRUE;
- *ip = host->clone(host);
- break;
- }
- }
- addrs->destroy(addrs);
-
- if (!found)
- {
- DBG1(DBG_KNL, "no local address found in traffic selector %R", ts);
- return FAILED;
- }
-
- DBG2(DBG_KNL, "using host %H", *ip);
- return SUCCESS;
-}
-
-
-/**
- * Implementation of kernel_interface_t.add_ipsec_interface.
- */
-static void add_ipsec_interface(private_kernel_interface_t *this,
- kernel_ipsec_constructor_t constructor)
-{
- if (!this->ipsec)
- {
- this->ipsec = constructor();
- }
-}
-
-/**
- * Implementation of kernel_interface_t.remove_ipsec_interface.
- */
-static void remove_ipsec_interface(private_kernel_interface_t *this,
- kernel_ipsec_constructor_t constructor)
-{
- /* TODO: replace if interface currently in use */
-}
-
-/**
- * Implementation of kernel_interface_t.add_net_interface.
- */
-static void add_net_interface(private_kernel_interface_t *this,
- kernel_net_constructor_t constructor)
-{
- if (!this->net)
- {
- this->net = constructor();
- }
-}
-
-/**
- * Implementation of kernel_interface_t.remove_net_interface.
- */
-static void remove_net_interface(private_kernel_interface_t *this,
- kernel_net_constructor_t constructor)
-{
- /* TODO: replace if interface currently in use */
-}
-
-/**
- * Implementation of kernel_interface_t.destroy.
- */
-static void destroy(private_kernel_interface_t *this)
-{
- DESTROY_IF(this->ipsec);
- DESTROY_IF(this->net);
- free(this);
-}
-
-/*
- * Described in header-file
- */
-kernel_interface_t *kernel_interface_create()
-{
- private_kernel_interface_t *this = malloc_thing(private_kernel_interface_t);
-
- this->public.get_spi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
- this->public.get_cpi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
- this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa;
- this->public.update_sa = (status_t(*)(kernel_interface_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
- this->public.query_sa = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
- this->public.del_sa = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
- this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
- this->public.query_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
- this->public.del_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy;
-
- this->public.get_source_addr = (host_t*(*)(kernel_interface_t*, host_t *dest, host_t *src))get_source_addr;
- this->public.get_nexthop = (host_t*(*)(kernel_interface_t*, host_t *dest))get_nexthop;
- this->public.get_interface = (char*(*)(kernel_interface_t*,host_t*))get_interface;
- this->public.create_address_enumerator = (enumerator_t*(*)(kernel_interface_t*,bool,bool))create_address_enumerator;
- this->public.add_ip = (status_t(*)(kernel_interface_t*,host_t*,host_t*)) add_ip;
- this->public.del_ip = (status_t(*)(kernel_interface_t*,host_t*)) del_ip;
- this->public.add_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route;
- this->public.del_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route;
-
- this->public.get_address_by_ts = (status_t(*)(kernel_interface_t*,traffic_selector_t*,host_t**))get_address_by_ts;
-
- this->public.add_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))add_ipsec_interface;
- this->public.remove_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))remove_ipsec_interface;
- this->public.add_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))add_net_interface;
- this->public.remove_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))remove_net_interface;
-
- this->public.destroy = (void (*)(kernel_interface_t*))destroy;
-
- this->ipsec = NULL;
- this->net = NULL;
-
- return &this->public;
-}
diff --git a/src/charon/network/packet.c b/src/charon/network/packet.c
deleted file mode 100644
index 19a62603d..000000000
--- a/src/charon/network/packet.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "packet.h"
-
-typedef struct private_packet_t private_packet_t;
-
-/**
- * Private data of an packet_t object.
- */
-struct private_packet_t {
-
- /**
- * Public part of a packet_t object.
- */
- packet_t public;
-
- /**
- * source address
- */
- host_t *source;
-
- /**
- * destination address
- */
- host_t *destination;
-
- /**
- * message data
- */
- chunk_t data;
-};
-
-/**
- * Implements packet_t.get_source
- */
-static void set_source(private_packet_t *this, host_t *source)
-{
- DESTROY_IF(this->source);
- this->source = source;
-}
-
-/**
- * Implements packet_t.set_destination
- */
-static void set_destination(private_packet_t *this, host_t *destination)
-{
- DESTROY_IF(this->destination);
- this->destination = destination;
-}
-
-/**
- * Implements packet_t.get_source
- */
-static host_t *get_source(private_packet_t *this)
-{
- return this->source;
-}
-
-/**
- * Implements packet_t.get_destination
- */
-static host_t *get_destination(private_packet_t *this)
-{
- return this->destination;
-}
-
-/**
- * Implements packet_t.get_data
- */
-static chunk_t get_data(private_packet_t *this)
-{
- return this->data;
-}
-
-/**
- * Implements packet_t.set_data
- */
-static void set_data(private_packet_t *this, chunk_t data)
-{
- free(this->data.ptr);
- this->data = data;
-}
-
-/**
- * Implements packet_t.destroy.
- */
-static void destroy(private_packet_t *this)
-{
- if (this->source != NULL)
- {
- this->source->destroy(this->source);
- }
- if (this->destination != NULL)
- {
- this->destination->destroy(this->destination);
- }
- free(this->data.ptr);
- free(this);
-}
-
-/**
- * Implements packet_t.clone.
- */
-static packet_t *clone_(private_packet_t *this)
-{
- private_packet_t *other = (private_packet_t*)packet_create();
-
- if (this->destination != NULL)
- {
- other->destination = this->destination->clone(this->destination);
- }
- if (this->source != NULL)
- {
- other->source = this->source->clone(this->source);
- }
- if (this->data.ptr != NULL)
- {
- other->data.ptr = clalloc(this->data.ptr,this->data.len);
- other->data.len = this->data.len;
- }
- return &(other->public);
-}
-
-/*
- * Documented in header
- */
-packet_t *packet_create(void)
-{
- private_packet_t *this = malloc_thing(private_packet_t);
-
- this->public.set_data = (void(*) (packet_t *,chunk_t)) set_data;
- this->public.get_data = (chunk_t(*) (packet_t *)) get_data;
- this->public.set_source = (void(*) (packet_t *,host_t*)) set_source;
- this->public.get_source = (host_t*(*) (packet_t *)) get_source;
- this->public.set_destination = (void(*) (packet_t *,host_t*)) set_destination;
- this->public.get_destination = (host_t*(*) (packet_t *)) get_destination;
- this->public.clone = (packet_t*(*) (packet_t *))clone_;
- this->public.destroy = (void(*) (packet_t *)) destroy;
-
- this->destination = NULL;
- this->source = NULL;
- this->data = chunk_empty;
-
- return &(this->public);
-}
diff --git a/src/charon/plugins/attr/Makefile.am b/src/charon/plugins/attr/Makefile.am
deleted file mode 100644
index b4b3b7da6..000000000
--- a/src/charon/plugins/attr/Makefile.am
+++ /dev/null
@@ -1,9 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-attr.la
-libstrongswan_attr_la_SOURCES = attr_plugin.h attr_plugin.c \
- attr_provider.h attr_provider.c
-libstrongswan_attr_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_aka/Makefile.am b/src/charon/plugins/eap_aka/Makefile.am
deleted file mode 100644
index e007f5f00..000000000
--- a/src/charon/plugins/eap_aka/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \
- -I$(top_srcdir)/src/libsimaka
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-aka.la
-
-libstrongswan_eap_aka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c \
- eap_aka_peer.h eap_aka_peer.c \
- eap_aka_server.h eap_aka_server.c
-libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
-libstrongswan_eap_aka_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/eap_aka_3gpp2/Makefile.am b/src/charon/plugins/eap_aka_3gpp2/Makefile.am
deleted file mode 100644
index 1a4a3765b..000000000
--- a/src/charon/plugins/eap_aka_3gpp2/Makefile.am
+++ /dev/null
@@ -1,15 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la
-
-libstrongswan_eap_aka_3gpp2_la_SOURCES = \
- eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \
- eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \
- eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \
- eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c
-libstrongswan_eap_aka_3gpp2_la_LDFLAGS = -module -avoid-version
-libstrongswan_eap_aka_3gpp2_la_LIBADD = -lgmp
-
diff --git a/src/charon/plugins/eap_gtc/Makefile.am b/src/charon/plugins/eap_gtc/Makefile.am
deleted file mode 100644
index 0d938cacd..000000000
--- a/src/charon/plugins/eap_gtc/Makefile.am
+++ /dev/null
@@ -1,10 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-gtc.la
-
-libstrongswan_eap_gtc_la_SOURCES = eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c
-libstrongswan_eap_gtc_la_LDFLAGS = -module -avoid-version -lpam
-
diff --git a/src/charon/plugins/eap_md5/Makefile.am b/src/charon/plugins/eap_md5/Makefile.am
deleted file mode 100644
index f49928cd2..000000000
--- a/src/charon/plugins/eap_md5/Makefile.am
+++ /dev/null
@@ -1,10 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-md5.la
-
-libstrongswan_eap_md5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c
-libstrongswan_eap_md5_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/eap_radius/Makefile.am b/src/charon/plugins/eap_radius/Makefile.am
deleted file mode 100644
index e476fbed6..000000000
--- a/src/charon/plugins/eap_radius/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-radius.la
-
-libstrongswan_eap_radius_la_SOURCES = \
- eap_radius_plugin.h eap_radius_plugin.c \
- eap_radius.h eap_radius.c \
- radius_client.h radius_client.c \
- radius_message.h radius_message.c
-libstrongswan_eap_radius_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/eap_sim/Makefile.am b/src/charon/plugins/eap_sim/Makefile.am
deleted file mode 100644
index 74b9bb4e8..000000000
--- a/src/charon/plugins/eap_sim/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \
- -I$(top_srcdir)/src/libsimaka
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-sim.la
-
-libstrongswan_eap_sim_la_SOURCES = eap_sim_plugin.h eap_sim_plugin.c \
- eap_sim_peer.h eap_sim_peer.c \
- eap_sim_server.h eap_sim_server.c
-libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
-libstrongswan_eap_sim_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/eap_sim_file/Makefile.am b/src/charon/plugins/eap_sim_file/Makefile.am
deleted file mode 100644
index 350d4244f..000000000
--- a/src/charon/plugins/eap_sim_file/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\"
-
-plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la
-
-libstrongswan_eap_sim_file_la_SOURCES = \
- eap_sim_file_plugin.h eap_sim_file_plugin.c \
- eap_sim_file_card.h eap_sim_file_card.c \
- eap_sim_file_provider.h eap_sim_file_provider.c \
- eap_sim_file_triplets.h eap_sim_file_triplets.c
-libstrongswan_eap_sim_file_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/eap_simaka_pseudonym/Makefile.am b/src/charon/plugins/eap_simaka_pseudonym/Makefile.am
deleted file mode 100644
index fe87d6d62..000000000
--- a/src/charon/plugins/eap_simaka_pseudonym/Makefile.am
+++ /dev/null
@@ -1,13 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la
-
-libstrongswan_eap_simaka_pseudonym_la_SOURCES = \
- eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \
- eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \
- eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c
-libstrongswan_eap_simaka_pseudonym_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/eap_simaka_reauth/Makefile.am b/src/charon/plugins/eap_simaka_reauth/Makefile.am
deleted file mode 100644
index 0ba727136..000000000
--- a/src/charon/plugins/eap_simaka_reauth/Makefile.am
+++ /dev/null
@@ -1,13 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la
-
-libstrongswan_eap_simaka_reauth_la_SOURCES = \
- eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \
- eap_simaka_reauth_card.h eap_simaka_reauth_card.c \
- eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c
-libstrongswan_eap_simaka_reauth_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/kernel_klips/Makefile.am b/src/charon/plugins/kernel_klips/Makefile.am
deleted file mode 100644
index a7ae06df1..000000000
--- a/src/charon/plugins/kernel_klips/Makefile.am
+++ /dev/null
@@ -1,10 +0,0 @@
-
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-kernel-klips.la
-
-libstrongswan_kernel_klips_la_SOURCES = kernel_klips_plugin.h kernel_klips_plugin.c \
- kernel_klips_ipsec.h kernel_klips_ipsec.c pfkeyv2.h
-libstrongswan_kernel_klips_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/load_tester/Makefile.am b/src/charon/plugins/load_tester/Makefile.am
deleted file mode 100644
index e6e04229a..000000000
--- a/src/charon/plugins/load_tester/Makefile.am
+++ /dev/null
@@ -1,17 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-load-tester.la
-
-libstrongswan_load_tester_la_SOURCES = \
- load_tester_plugin.c load_tester_plugin.h \
- load_tester_config.c load_tester_config.h \
- load_tester_creds.c load_tester_creds.h \
- load_tester_ipsec.c load_tester_ipsec.h \
- load_tester_listener.c load_tester_listener.h \
- load_tester_diffie_hellman.c load_tester_diffie_hellman.h
-
-libstrongswan_load_tester_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/medcli/Makefile.am b/src/charon/plugins/medcli/Makefile.am
deleted file mode 100644
index a5f018f82..000000000
--- a/src/charon/plugins/medcli/Makefile.am
+++ /dev/null
@@ -1,12 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-medcli.la
-libstrongswan_medcli_la_SOURCES = medcli_plugin.h medcli_plugin.c \
- medcli_creds.h medcli_creds.c \
- medcli_config.h medcli_config.c \
- medcli_listener.h medcli_listener.c
-libstrongswan_medcli_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/medsrv/Makefile.am b/src/charon/plugins/medsrv/Makefile.am
deleted file mode 100644
index f3611a79e..000000000
--- a/src/charon/plugins/medsrv/Makefile.am
+++ /dev/null
@@ -1,11 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-medsrv.la
-libstrongswan_medsrv_la_SOURCES = medsrv_plugin.h medsrv_plugin.c \
- medsrv_creds.h medsrv_creds.c \
- medsrv_config.h medsrv_config.c
-libstrongswan_medsrv_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/nm/Makefile.am b/src/charon/plugins/nm/Makefile.am
deleted file mode 100644
index 56eae6e00..000000000
--- a/src/charon/plugins/nm/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${nm_CFLAGS}
-
-AM_CFLAGS = -rdynamic \
- -DNM_CA_DIR=\"${nm_ca_dir}\"
-
-plugin_LTLIBRARIES = libstrongswan-nm.la
-libstrongswan_nm_la_SOURCES = \
- nm_plugin.h nm_plugin.c \
- nm_service.h nm_service.c \
- nm_creds.h nm_creds.c \
- nm_handler.h nm_handler.c
-libstrongswan_nm_la_LDFLAGS = -module -avoid-version
-libstrongswan_nm_la_LIBADD = ${nm_LIBS}
diff --git a/src/charon/plugins/stroke/Makefile.am b/src/charon/plugins/stroke/Makefile.am
deleted file mode 100644
index 94d311609..000000000
--- a/src/charon/plugins/stroke/Makefile.am
+++ /dev/null
@@ -1,22 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke
-
-AM_CFLAGS = \
--rdynamic \
--DIPSEC_CONFDIR=\"${sysconfdir}\" \
--DIPSEC_PIDDIR=\"${piddir}\"
-
-plugin_LTLIBRARIES = libstrongswan-stroke.la
-
-libstrongswan_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \
- stroke_socket.h stroke_socket.c \
- stroke_config.h stroke_config.c \
- stroke_control.h stroke_control.c \
- stroke_cred.h stroke_cred.c \
- stroke_ca.h stroke_ca.c \
- stroke_attribute.h stroke_attribute.c \
- stroke_list.h stroke_list.c \
- stroke_shared_key.h stroke_shared_key.c
-
-libstrongswan_stroke_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c
deleted file mode 100644
index 7a5ce683e..000000000
--- a/src/charon/plugins/stroke/stroke_attribute.c
+++ /dev/null
@@ -1,546 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "stroke_attribute.h"
-
-#include <daemon.h>
-#include <utils/linked_list.h>
-#include <utils/hashtable.h>
-#include <threading/mutex.h>
-
-#define POOL_LIMIT (sizeof(uintptr_t)*8)
-
-typedef struct private_stroke_attribute_t private_stroke_attribute_t;
-
-/**
- * private data of stroke_attribute
- */
-struct private_stroke_attribute_t {
-
- /**
- * public functions
- */
- stroke_attribute_t public;
-
- /**
- * list of pools, contains pool_t
- */
- linked_list_t *pools;
-
- /**
- * mutex to lock access to pools
- */
- mutex_t *mutex;
-};
-
-typedef struct {
- /** name of the pool */
- char *name;
- /** base address of the pool */
- host_t *base;
- /** size of the pool */
- int size;
- /** next unused address */
- int unused;
- /** hashtable [identity => offset], for online leases */
- hashtable_t *online;
- /** hashtable [identity => offset], for offline leases */
- hashtable_t *offline;
- /** hashtable [identity => identity], handles identity references */
- hashtable_t *ids;
-} pool_t;
-
-/**
- * hashtable hash function for identities
- */
-static u_int id_hash(identification_t *id)
-{
- return chunk_hash(id->get_encoding(id));
-}
-
-/**
- * hashtable equals function for identities
- */
-static bool id_equals(identification_t *a, identification_t *b)
-{
- return a->equals(a, b);
-}
-
-/**
- * destroy a pool_t
- */
-static void pool_destroy(pool_t *this)
-{
- enumerator_t *enumerator;
- identification_t *id;
-
- enumerator = this->ids->create_enumerator(this->ids);
- while (enumerator->enumerate(enumerator, &id, NULL))
- {
- id->destroy(id);
- }
- enumerator->destroy(enumerator);
- this->ids->destroy(this->ids);
- this->online->destroy(this->online);
- this->offline->destroy(this->offline);
- DESTROY_IF(this->base);
- free(this->name);
- free(this);
-}
-
-/**
- * find a pool by name
- */
-static pool_t *find_pool(private_stroke_attribute_t *this, char *name)
-{
- enumerator_t *enumerator;
- pool_t *current, *found = NULL;
-
- enumerator = this->pools->create_enumerator(this->pools);
- while (enumerator->enumerate(enumerator, &current))
- {
- if (streq(name, current->name))
- {
- found = current;
- break;
- }
- }
- enumerator->destroy(enumerator);
- return found;
-}
-
-/**
- * convert an pool offset to an address
- */
-host_t* offset2host(pool_t *pool, int offset)
-{
- chunk_t addr;
- host_t *host;
- u_int32_t *pos;
-
- offset--;
- if (offset > pool->size)
- {
- return NULL;
- }
-
- addr = chunk_clone(pool->base->get_address(pool->base));
- if (pool->base->get_family(pool->base) == AF_INET6)
- {
- pos = (u_int32_t*)(addr.ptr + 12);
- }
- else
- {
- pos = (u_int32_t*)addr.ptr;
- }
- *pos = htonl(offset + ntohl(*pos));
- host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0);
- free(addr.ptr);
- return host;
-}
-
-/**
- * convert a host to a pool offset
- */
-int host2offset(pool_t *pool, host_t *addr)
-{
- chunk_t host, base;
- u_int32_t hosti, basei;
-
- if (addr->get_family(addr) != pool->base->get_family(pool->base))
- {
- return -1;
- }
- host = addr->get_address(addr);
- base = pool->base->get_address(pool->base);
- if (addr->get_family(addr) == AF_INET6)
- {
- /* only look at last /32 block */
- if (!memeq(host.ptr, base.ptr, 12))
- {
- return -1;
- }
- host = chunk_skip(host, 12);
- base = chunk_skip(base, 12);
- }
- hosti = ntohl(*(u_int32_t*)(host.ptr));
- basei = ntohl(*(u_int32_t*)(base.ptr));
- if (hosti > basei + pool->size)
- {
- return -1;
- }
- return hosti - basei + 1;
-}
-
-/**
- * Implementation of attribute_provider_t.acquire_address
- */
-static host_t* acquire_address(private_stroke_attribute_t *this,
- char *name, identification_t *id,
- host_t *requested)
-{
- pool_t *pool;
- uintptr_t offset = 0;
- enumerator_t *enumerator;
- identification_t *old_id;
-
- this->mutex->lock(this->mutex);
- pool = find_pool(this, name);
- while (pool)
- {
- /* handle %config case by mirroring requested address */
- if (pool->size == 0)
- {
- this->mutex->unlock(this->mutex);
- return requested->clone(requested);
- }
-
- if (!requested->is_anyaddr(requested) &&
- requested->get_family(requested) !=
- pool->base->get_family(pool->base))
- {
- DBG1(DBG_CFG, "IP pool address family mismatch");
- break;
- }
-
- /* check for a valid offline lease, refresh */
- offset = (uintptr_t)pool->offline->remove(pool->offline, id);
- if (offset)
- {
- id = pool->ids->get(pool->ids, id);
- if (id)
- {
- DBG1(DBG_CFG, "reassigning offline lease to '%Y'", id);
- pool->online->put(pool->online, id, (void*)offset);
- break;
- }
- }
-
- /* check for a valid online lease, reassign */
- offset = (uintptr_t)pool->online->get(pool->online, id);
- if (offset && offset == host2offset(pool, requested))
- {
- DBG1(DBG_CFG, "reassigning online lease to '%Y'", id);
- break;
- }
-
- if (pool->unused < pool->size)
- {
- /* assigning offset, starting by 1. Handling 0 in hashtable
- * is difficult. */
- offset = ++pool->unused;
- id = id->clone(id);
- pool->ids->put(pool->ids, id, id);
- pool->online->put(pool->online, id, (void*)offset);
- DBG1(DBG_CFG, "assigning new lease to '%Y'", id);
- break;
- }
- /* no more addresses, replace the first found offline lease */
- enumerator = pool->offline->create_enumerator(pool->offline);
- if (enumerator->enumerate(enumerator, &old_id, &offset))
- {
- offset = (uintptr_t)pool->offline->remove(pool->offline, old_id);
- if (offset)
- {
- /* destroy reference to old ID */
- old_id = pool->ids->remove(pool->ids, old_id);
- DBG1(DBG_CFG, "reassigning existing offline lease by '%Y' to '%Y'",
- old_id, id);
- if (old_id)
- {
- old_id->destroy(old_id);
- }
- id = id->clone(id);
- pool->ids->put(pool->ids, id, id);
- pool->online->put(pool->online, id, (void*)offset);
- enumerator->destroy(enumerator);
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- DBG1(DBG_CFG, "pool '%s' is full, unable to assign address", name);
- break;
- }
- this->mutex->unlock(this->mutex);
- if (offset)
- {
- return offset2host(pool, offset);
- }
- return NULL;
-}
-
-/**
- * Implementation of attribute_provider_t.release_address
- */
-static bool release_address(private_stroke_attribute_t *this,
- char *name, host_t *address, identification_t *id)
-{
- pool_t *pool;
- bool found = FALSE;
- uintptr_t offset;
-
- this->mutex->lock(this->mutex);
- pool = find_pool(this, name);
- if (pool)
- {
- if (pool->size != 0)
- {
- offset = (uintptr_t)pool->online->remove(pool->online, id);
- if (offset)
- {
- id = pool->ids->get(pool->ids, id);
- if (id)
- {
- DBG1(DBG_CFG, "lease %H by '%Y' went offline", address, id);
- pool->offline->put(pool->offline, id, (void*)offset);
- found = TRUE;
- }
- }
- }
- }
- this->mutex->unlock(this->mutex);
- return found;
-}
-
-/**
- * Implementation of stroke_attribute_t.add_pool.
- */
-static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg)
-{
- if (msg->add_conn.other.sourceip_mask)
- {
- pool_t *pool;
-
- pool = malloc_thing(pool_t);
- pool->base = NULL;
- pool->size = 0;
- pool->unused = 0;
- pool->name = strdup(msg->add_conn.name);
- pool->online = hashtable_create((hashtable_hash_t)id_hash,
- (hashtable_equals_t)id_equals, 16);
- pool->offline = hashtable_create((hashtable_hash_t)id_hash,
- (hashtable_equals_t)id_equals, 16);
- pool->ids = hashtable_create((hashtable_hash_t)id_hash,
- (hashtable_equals_t)id_equals, 16);
-
- /* if %config, add an empty pool, otherwise */
- if (msg->add_conn.other.sourceip)
- {
- u_int32_t bits;
- int family;
-
- DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d",
- msg->add_conn.name, msg->add_conn.other.sourceip,
- msg->add_conn.other.sourceip_mask);
-
- pool->base = host_create_from_string(msg->add_conn.other.sourceip, 0);
- if (!pool->base)
- {
- pool_destroy(pool);
- DBG1(DBG_CFG, "virtual IP address invalid, discarded");
- return;
- }
- family = pool->base->get_family(pool->base);
- bits = (family == AF_INET ? 32 : 128) - msg->add_conn.other.sourceip_mask;
- if (bits > POOL_LIMIT)
- {
- bits = POOL_LIMIT;
- DBG1(DBG_CFG, "virtual IP pool to large, limiting to %s/%d",
- msg->add_conn.other.sourceip,
- (family == AF_INET ? 32 : 128) - bits);
- }
- pool->size = 1 << (bits);
-
- if (pool->size > 2)
- { /* do not use first and last addresses of a block */
- pool->unused++;
- pool->size--;
- }
- }
- this->mutex->lock(this->mutex);
- this->pools->insert_last(this->pools, pool);
- this->mutex->unlock(this->mutex);
- }
-}
-
-/**
- * Implementation of stroke_attribute_t.del_pool.
- */
-static void del_pool(private_stroke_attribute_t *this, stroke_msg_t *msg)
-{
- enumerator_t *enumerator;
- pool_t *pool;
-
- this->mutex->lock(this->mutex);
- enumerator = this->pools->create_enumerator(this->pools);
- while (enumerator->enumerate(enumerator, &pool))
- {
- if (streq(msg->del_conn.name, pool->name))
- {
- this->pools->remove_at(this->pools, enumerator);
- pool_destroy(pool);
- break;
- }
- }
- enumerator->destroy(enumerator);
- this->mutex->unlock(this->mutex);
-}
-
-/**
- * Pool enumerator filter function, converts pool_t to name, size, ...
- */
-static bool pool_filter(void *mutex, pool_t **poolp, char **name,
- void *d1, u_int *size, void *d2, u_int *online,
- void *d3, u_int *offline)
-{
- pool_t *pool = *poolp;
-
- *name = pool->name;
- *size = pool->size;
- *online = pool->online->get_count(pool->online);
- *offline = pool->offline->get_count(pool->offline);
- return TRUE;
-}
-
-/**
- * Implementation of stroke_attribute_t.create_pool_enumerator
- */
-static enumerator_t* create_pool_enumerator(private_stroke_attribute_t *this)
-{
- this->mutex->lock(this->mutex);
- return enumerator_create_filter(this->pools->create_enumerator(this->pools),
- (void*)pool_filter,
- this->mutex, (void*)this->mutex->unlock);
-}
-
-/**
- * lease enumerator
- */
-typedef struct {
- /** implemented enumerator interface */
- enumerator_t public;
- /** inner hash-table enumerator */
- enumerator_t *inner;
- /** enumerated pool */
- pool_t *pool;
- /** mutex to unlock on destruction */
- mutex_t *mutex;
- /** currently enumerated lease address */
- host_t *current;
-} lease_enumerator_t;
-
-/**
- * Implementation of lease_enumerator_t.enumerate
- */
-static bool lease_enumerate(lease_enumerator_t *this, identification_t **id_out,
- host_t **addr_out, bool *online)
-{
- identification_t *id;
- uintptr_t offset;
-
- DESTROY_IF(this->current);
- this->current = NULL;
-
- if (this->inner->enumerate(this->inner, &id, NULL))
- {
- offset = (uintptr_t)this->pool->online->get(this->pool->online, id);
- if (offset)
- {
- *id_out = id;
- *addr_out = this->current = offset2host(this->pool, offset);
- *online = TRUE;
- return TRUE;
- }
- offset = (uintptr_t)this->pool->offline->get(this->pool->offline, id);
- if (offset)
- {
- *id_out = id;
- *addr_out = this->current = offset2host(this->pool, offset);
- *online = FALSE;
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- * Implementation of lease_enumerator_t.destroy
- */
-static void lease_enumerator_destroy(lease_enumerator_t *this)
-{
- DESTROY_IF(this->current);
- this->inner->destroy(this->inner);
- this->mutex->unlock(this->mutex);
- free(this);
-}
-
-/**
- * Implementation of stroke_attribute_t.create_lease_enumerator
- */
-static enumerator_t* create_lease_enumerator(private_stroke_attribute_t *this,
- char *pool)
-{
- lease_enumerator_t *enumerator;
-
- this->mutex->lock(this->mutex);
- enumerator = malloc_thing(lease_enumerator_t);
- enumerator->pool = find_pool(this, pool);
- if (!enumerator->pool)
- {
- this->mutex->unlock(this->mutex);
- free(enumerator);
- return NULL;
- }
- enumerator->public.enumerate = (void*)lease_enumerate;
- enumerator->public.destroy = (void*)lease_enumerator_destroy;
- enumerator->inner = enumerator->pool->ids->create_enumerator(enumerator->pool->ids);
- enumerator->mutex = this->mutex;
- enumerator->current = NULL;
- return &enumerator->public;
-}
-
-/**
- * Implementation of stroke_attribute_t.destroy
- */
-static void destroy(private_stroke_attribute_t *this)
-{
- this->mutex->destroy(this->mutex);
- this->pools->destroy_function(this->pools, (void*)pool_destroy);
- free(this);
-}
-
-/*
- * see header file
- */
-stroke_attribute_t *stroke_attribute_create()
-{
- private_stroke_attribute_t *this = malloc_thing(private_stroke_attribute_t);
-
- this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *,host_t *))acquire_address;
- this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address;
- this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id, host_t *vip))enumerator_create_empty;
- this->public.add_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))add_pool;
- this->public.del_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))del_pool;
- this->public.create_pool_enumerator = (enumerator_t*(*)(stroke_attribute_t*))create_pool_enumerator;
- this->public.create_lease_enumerator = (enumerator_t*(*)(stroke_attribute_t*, char *pool))create_lease_enumerator;
- this->public.destroy = (void(*)(stroke_attribute_t*))destroy;
-
- this->pools = linked_list_create();
- this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
-
- return &this->public;
-}
-
diff --git a/src/charon/plugins/uci/Makefile.am b/src/charon/plugins/uci/Makefile.am
deleted file mode 100644
index 9fdbfb709..000000000
--- a/src/charon/plugins/uci/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-uci.la
-libstrongswan_uci_la_SOURCES = \
- uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \
- uci_config.h uci_config.c uci_creds.h uci_creds.c \
- uci_control.h uci_control.c
-libstrongswan_uci_la_LDFLAGS = -module -avoid-version
-libstrongswan_uci_la_LIBADD = -luci
-
-
diff --git a/src/charon/plugins/unit_tester/Makefile.am b/src/charon/plugins/unit_tester/Makefile.am
deleted file mode 100644
index 64846f995..000000000
--- a/src/charon/plugins/unit_tester/Makefile.am
+++ /dev/null
@@ -1,24 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-unit-tester.la
-
-libstrongswan_unit_tester_la_SOURCES = unit_tester.c unit_tester.h tests.h \
- tests/test_enumerator.c \
- tests/test_auth_info.c \
- tests/test_curl.c \
- tests/test_mysql.c \
- tests/test_sqlite.c \
- tests/test_mutex.c \
- tests/test_rsa_gen.c \
- tests/test_cert.c \
- tests/test_med_db.c \
- tests/test_chunk.c \
- tests/test_pool.c \
- tests/test_agent.c \
- tests/test_id.c
-
-libstrongswan_unit_tester_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am
index d0413e64e..27d615dab 100644
--- a/src/checksum/Makefile.am
+++ b/src/checksum/Makefile.am
@@ -5,17 +5,28 @@ nodist_libchecksum_la_SOURCES = checksum.c
libchecksum_la_LDFLAGS = -module -avoid-version
checksum_builder_SOURCES = checksum_builder.c
-checksum_builder_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+checksum_builder_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ $(DLLIB)
BUILT_SOURCES = checksum.c
CLEANFILES = checksum.c
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-libs = $(shell find $(top_builddir)/src/libstrongswan $(top_builddir)/src/charon \
+libs = $(shell find $(top_builddir)/src/libstrongswan \
+ $(top_builddir)/src/libcharon \
+ $(top_builddir)/src/libhydra \
-name 'libstrongswan*.so')
+if USE_LIBHYDRA
+ libs += $(top_builddir)/src/libhydra/.libs/libhydra.so
+endif
+
if USE_CHARON
+ libs += $(top_builddir)/src/libcharon/.libs/libcharon.so
libs += $(top_builddir)/src/charon/.libs/charon
endif
@@ -30,7 +41,7 @@ if USE_TOOLS
endif
if USE_ATTR_SQL
- libs += $(top_builddir)/src/libstrongswan/plugins/attr_sql/.libs/pool
+ libs += $(top_builddir)/src/libhydra/plugins/attr_sql/.libs/pool
endif
checksum.c : checksum_builder $(libs)
diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in
index 6769c2601..3e0ab1e69 100644
--- a/src/checksum/Makefile.in
+++ b/src/checksum/Makefile.in
@@ -36,13 +36,15 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
noinst_PROGRAMS = checksum_builder$(EXEEXT)
-@USE_CHARON_TRUE@am__append_1 = $(top_builddir)/src/charon/.libs/charon
-@USE_PLUTO_TRUE@am__append_2 = $(top_builddir)/src/pluto/.libs/pluto
-@USE_TOOLS_TRUE@am__append_3 = \
+@USE_LIBHYDRA_TRUE@am__append_1 = $(top_builddir)/src/libhydra/.libs/libhydra.so
+@USE_CHARON_TRUE@am__append_2 = $(top_builddir)/src/libcharon/.libs/libcharon.so \
+@USE_CHARON_TRUE@ $(top_builddir)/src/charon/.libs/charon
+@USE_PLUTO_TRUE@am__append_3 = $(top_builddir)/src/pluto/.libs/pluto
+@USE_TOOLS_TRUE@am__append_4 = \
@USE_TOOLS_TRUE@ $(top_builddir)/src/openac/.libs/openac \
@USE_TOOLS_TRUE@ $(top_builddir)/src/pki/.libs/pki \
@USE_TOOLS_TRUE@ $(top_builddir)/src/scepclient/.libs/scepclient
-@USE_ATTR_SQL_TRUE@am__append_4 = $(top_builddir)/src/libstrongswan/plugins/attr_sql/.libs/pool
+@USE_ATTR_SQL_TRUE@am__append_5 = $(top_builddir)/src/libhydra/plugins/attr_sql/.libs/pool
subdir = src/checksum
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -91,8 +93,12 @@ libchecksum_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
PROGRAMS = $(noinst_PROGRAMS)
am_checksum_builder_OBJECTS = checksum_builder.$(OBJEXT)
checksum_builder_OBJECTS = $(am_checksum_builder_OBJECTS)
+am__DEPENDENCIES_1 =
checksum_builder_DEPENDENCIES = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ $(am__DEPENDENCIES_1)
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -231,6 +237,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -269,15 +276,20 @@ ipsec_LTLIBRARIES = libchecksum.la
nodist_libchecksum_la_SOURCES = checksum.c
libchecksum_la_LDFLAGS = -module -avoid-version
checksum_builder_SOURCES = checksum_builder.c
-checksum_builder_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+checksum_builder_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ $(DLLIB)
+
BUILT_SOURCES = checksum.c
CLEANFILES = checksum.c
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
libs = $(shell find $(top_builddir)/src/libstrongswan \
- $(top_builddir)/src/charon -name 'libstrongswan*.so') \
- $(am__append_1) $(am__append_2) $(am__append_3) \
- $(am__append_4)
+ $(top_builddir)/src/libcharon $(top_builddir)/src/libhydra \
+ -name 'libstrongswan*.so') $(am__append_1) $(am__append_2) \
+ $(am__append_3) $(am__append_4) $(am__append_5)
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-am
diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c
index 54f4539ff..b68a25a19 100644
--- a/src/checksum/checksum_builder.c
+++ b/src/checksum/checksum_builder.c
@@ -13,17 +13,13 @@
* for more details.
*/
+#define _GNU_SOURCE
#include <stdlib.h>
#include <stdio.h>
#include <dlfcn.h>
#include <library.h>
-/* we need to fake some charon symbols to dlopen() its plugins */
-void *charon, *eap_type_names, *auth_class_names, *protocol_id_names,
-*action_names, *ipsec_mode_names, *ike_sa_state_names, *child_sa_state_names,
-*policy_dir_names, *ipcomp_transform_names, *debug_names, *controller_cb_empty;
-
int main(int argc, char* argv[])
{
int i;
@@ -62,12 +58,30 @@ int main(int argc, char* argv[])
name[strlen(name) - 3] = '"';
name[strlen(name) - 2] = ',';
name[strlen(name) - 1] = '\0';
- sname = "plugin_create";
+ if (asprintf(&sname, "%.*s_plugin_create", strlen(name) - 2,
+ name) < 0)
+ {
+ fprintf(stderr, "failed to format plugin constructor "
+ "for '%s', ignored", path);
+ free(name);
+ continue;
+ }
+ translate(sname, "-", "_");
}
else if (strstr(path, "libstrongswan.so"))
{
name = strdup("libstrongswan\",");
- sname = "library_init";
+ sname = strdup("library_init");
+ }
+ else if (strstr(path, "libhydra.so"))
+ {
+ name = strdup("libhydra\",");
+ sname = strdup("libhydra_init");
+ }
+ else if (strstr(path, "libcharon.so"))
+ {
+ name = strdup("libcharon\",");
+ sname = strdup("libcharon_init");
}
else if (strstr(path, "pool"))
{
@@ -126,6 +140,7 @@ int main(int argc, char* argv[])
name, fsize, fsum, ssize, ssum);
fprintf(stderr, "\"%-20s%7u / 0x%08x %6u / 0x%08x\n",
name, fsize, fsum, ssize, ssum);
+ free(sname);
free(name);
}
printf("};\n");
diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in
index 8bc08e2c1..36fdbff28 100644
--- a/src/dumm/Makefile.in
+++ b/src/dumm/Makefile.in
@@ -226,6 +226,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
diff --git a/src/dumm/bridge.c b/src/dumm/bridge.c
index 592fecefd..9c63beed9 100644
--- a/src/dumm/bridge.c
+++ b/src/dumm/bridge.c
@@ -69,8 +69,8 @@ static bool disconnect_iface(private_bridge_t *this, iface_t *iface)
{
if (br_del_interface(this->name, iface->get_hostif(iface)) != 0)
{
- DBG1("removing iface '%s' from bridge '%s' in kernel failed: %m",
- iface->get_hostif(iface), this->name);
+ DBG1(DBG_LIB, "removing iface '%s' from bridge '%s' in kernel"
+ " failed: %m", iface->get_hostif(iface), this->name);
}
else
{
@@ -83,8 +83,8 @@ static bool disconnect_iface(private_bridge_t *this, iface_t *iface)
}
if (iface != current)
{
- DBG1("iface '%s' not found on bridge '%s'", iface->get_hostif(iface),
- this->name);
+ DBG1(DBG_LIB, "iface '%s' not found on bridge '%s'",
+ iface->get_hostif(iface), this->name);
}
enumerator->destroy(enumerator);
return good;
@@ -97,7 +97,7 @@ static bool connect_iface(private_bridge_t *this, iface_t *iface)
{
if (br_add_interface(this->name, iface->get_hostif(iface)) != 0)
{
- DBG1("adding iface '%s' to bridge '%s' failed: %m",
+ DBG1(DBG_LIB, "adding iface '%s' to bridge '%s' failed: %m",
iface->get_hostif(iface), this->name);
return FALSE;
}
@@ -124,7 +124,8 @@ static void destroy(private_bridge_t *this)
{
if (br_del_interface(this->name, iface->get_hostif(iface)) != 0)
{
- DBG1("disconnecting iface '%s' failed: %m", iface->get_hostif(iface));
+ DBG1(DBG_LIB, "disconnecting iface '%s' failed: %m",
+ iface->get_hostif(iface));
}
iface->set_bridge(iface, NULL);
}
@@ -133,7 +134,8 @@ static void destroy(private_bridge_t *this)
iface_control(this->name, FALSE);
if (br_del_bridge(this->name) != 0)
{
- DBG1("deleting bridge '%s' from kernel failed: %m", this->name);
+ DBG1(DBG_LIB, "deleting bridge '%s' from kernel failed: %m",
+ this->name);
}
free(this->name);
free(this);
@@ -154,7 +156,7 @@ bridge_t *bridge_create(char *name)
{
if (br_init() != 0)
{
- DBG1("libbridge initialization failed: %m");
+ DBG1(DBG_LIB, "libbridge initialization failed: %m");
return NULL;
}
}
@@ -168,13 +170,13 @@ bridge_t *bridge_create(char *name)
if (br_add_bridge(name) != 0)
{
- DBG1("creating bridge '%s' failed: %m", name);
+ DBG1(DBG_LIB, "creating bridge '%s' failed: %m", name);
free(this);
return NULL;
}
if (!iface_control(name, TRUE))
{
- DBG1("bringing bridge '%s' up failed: %m", name);
+ DBG1(DBG_LIB, "bringing bridge '%s' up failed: %m", name);
}
this->name = strdup(name);
diff --git a/src/dumm/cowfs.c b/src/dumm/cowfs.c
index f7b6b0cf3..70767890b 100644
--- a/src/dumm/cowfs.c
+++ b/src/dumm/cowfs.c
@@ -493,12 +493,12 @@ static int cowfs_link(const char *from, const char *to)
if (!clone_path(rd, wr, to))
{
- DBG1("cloning path '%s' failed", to);
+ DBG1(DBG_LIB, "cloning path '%s' failed", to);
return -errno;
}
if (linkat(rd, from, wr, to, 0) < 0)
{
- DBG1("linking '%s' to '%s' failed", from, to);
+ DBG1(DBG_LIB, "linking '%s' to '%s' failed", from, to);
return -errno;
}
return 0;
@@ -777,7 +777,7 @@ static bool set_overlay(private_cowfs_t *this, char *path)
this->over_fd = open(path, O_RDONLY | O_DIRECTORY);
if (this->over_fd < 0)
{
- DBG1("failed to open overlay directory '%s': %m", path);
+ DBG1(DBG_LIB, "failed to open overlay directory '%s': %m", path);
return FALSE;
}
this->over = strdup(path);
@@ -821,14 +821,14 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount)
this->master_fd = open(master, O_RDONLY | O_DIRECTORY);
if (this->master_fd < 0)
{
- DBG1("failed to open master filesystem '%s'", master);
+ DBG1(DBG_LIB, "failed to open master filesystem '%s'", master);
free(this);
return NULL;
}
this->host_fd = open(host, O_RDONLY | O_DIRECTORY);
if (this->host_fd < 0)
{
- DBG1("failed to open host filesystem '%s'", host);
+ DBG1(DBG_LIB, "failed to open host filesystem '%s'", host);
close(this->master_fd);
free(this);
return NULL;
@@ -838,7 +838,7 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount)
this->chan = fuse_mount(mount, &args);
if (this->chan == NULL)
{
- DBG1("mounting cowfs FUSE on '%s' failed", mount);
+ DBG1(DBG_LIB, "mounting cowfs FUSE on '%s' failed", mount);
close(this->master_fd);
close(this->host_fd);
free(this);
@@ -849,7 +849,7 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount)
sizeof(cowfs_operations), this);
if (this->fuse == NULL)
{
- DBG1("creating cowfs FUSE handle failed");
+ DBG1(DBG_LIB, "creating cowfs FUSE handle failed");
close(this->master_fd);
close(this->host_fd);
fuse_unmount(mount, this->chan);
@@ -865,7 +865,7 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount)
this->thread = thread_create((thread_main_t)fuse_loop, this->fuse);
if (!this->thread)
{
- DBG1("creating thread to handle FUSE failed");
+ DBG1(DBG_LIB, "creating thread to handle FUSE failed");
fuse_unmount(mount, this->chan);
free(this->mount);
free(this->master);
diff --git a/src/dumm/dumm.c b/src/dumm/dumm.c
index 0e8ab43f3..7ec340089 100644
--- a/src/dumm/dumm.c
+++ b/src/dumm/dumm.c
@@ -162,7 +162,7 @@ static bool load_template(private_dumm_t *this, char *dir)
}
if (strlen(dir) > PATH_MAX)
{
- DBG1("template directory string '%s' is too long", dir);
+ DBG1(DBG_LIB, "template directory string '%s' is too long", dir);
return FALSE;
}
@@ -175,7 +175,8 @@ static bool load_template(private_dumm_t *this, char *dir)
{ /* does not exist, create template */
if (!mkdir_p(this->template, PERME))
{
- DBG1("creating template directory '%s' failed: %m", this->template);
+ DBG1(DBG_LIB, "creating template directory '%s' failed: %m",
+ this->template);
return FALSE;
}
}
@@ -302,7 +303,8 @@ static void load_guests(private_dumm_t *this)
}
else
{
- DBG1("loading guest in directory '%s' failed, skipped", ent->d_name);
+ DBG1(DBG_LIB, "loading guest in directory '%s' failed, skipped",
+ ent->d_name);
}
}
closedir(dir);
@@ -360,7 +362,8 @@ dumm_t *dumm_create(char *dir)
if (this->dir == NULL || this->guest_dir == NULL ||
(mkdir(this->guest_dir, PERME) < 0 && errno != EEXIST))
{
- DBG1("creating guest directory '%s' failed: %m", this->guest_dir);
+ DBG1(DBG_LIB, "creating guest directory '%s' failed: %m",
+ this->guest_dir);
destroy(this);
return NULL;
}
diff --git a/src/dumm/guest.c b/src/dumm/guest.c
index 112adb441..ebd87769a 100644
--- a/src/dumm/guest.c
+++ b/src/dumm/guest.c
@@ -100,7 +100,8 @@ static iface_t* create_iface(private_guest_t *this, char *name)
if (this->state != GUEST_RUNNING)
{
- DBG1("guest '%s' not running, unable to add interface", this->name);
+ DBG1(DBG_LIB, "guest '%s' not running, unable to add interface",
+ this->name);
return NULL;
}
@@ -109,7 +110,8 @@ static iface_t* create_iface(private_guest_t *this, char *name)
{
if (streq(name, iface->get_guestif(iface)))
{
- DBG1("guest '%s' already has an interface '%s'", this->name, name);
+ DBG1(DBG_LIB, "guest '%s' already has an interface '%s'",
+ this->name, name);
enumerator->destroy(enumerator);
return NULL;
}
@@ -251,7 +253,8 @@ static bool start(private_guest_t *this, invoke_function_t invoke, void* data,
if (this->state != GUEST_STOPPED)
{
- DBG1("unable to start guest in state %N", guest_state_names, this->state);
+ DBG1(DBG_LIB, "unable to start guest in state %N", guest_state_names,
+ this->state);
return FALSE;
}
this->state = GUEST_STARTING;
@@ -284,7 +287,7 @@ static bool start(private_guest_t *this, invoke_function_t invoke, void* data,
this->mconsole = mconsole_create(notify, idle);
if (this->mconsole == NULL)
{
- DBG1("opening mconsole at '%s' failed, stopping guest", buf);
+ DBG1(DBG_LIB, "opening mconsole at '%s' failed, stopping guest", buf);
stop(this, NULL);
return FALSE;
}
@@ -315,7 +318,8 @@ static bool load_template(private_guest_t *this, char *path)
{
if (!mkdir_p(dir, PERME))
{
- DBG1("creating overlay for guest '%s' failed: %m", this->name);
+ DBG1(DBG_LIB, "creating overlay for guest '%s' failed: %m",
+ this->name);
return FALSE;
}
}
@@ -595,7 +599,7 @@ static private_guest_t *guest_create_generic(char *parent, char *name,
this->dir = open(this->dirname, O_DIRECTORY, PERME);
if (this->dir < 0)
{
- DBG1("opening guest directory '%s' failed: %m", this->dirname);
+ DBG1(DBG_LIB, "opening guest directory '%s' failed: %m", this->dirname);
free(this->dirname);
free(this);
return NULL;
@@ -647,7 +651,7 @@ guest_t *guest_create(char *parent, char *name, char *kernel,
if (!make_symlink(this, master, MASTER_DIR) ||
!make_symlink(this, kernel, KERNEL_FILE))
{
- DBG1("creating master/kernel symlink failed: %m");
+ DBG1(DBG_LIB, "creating master/kernel symlink failed: %m");
destroy(this);
return NULL;
}
@@ -655,7 +659,7 @@ guest_t *guest_create(char *parent, char *name, char *kernel,
if (mkdirat(this->dir, UNION_DIR, PERME) != 0 ||
mkdirat(this->dir, DIFF_DIR, PERME) != 0)
{
- DBG1("unable to create directories for '%s': %m", name);
+ DBG1(DBG_LIB, "unable to create directories for '%s': %m", name);
destroy(this);
return NULL;
}
diff --git a/src/dumm/iface.c b/src/dumm/iface.c
index 9910c392e..1b5b7d717 100644
--- a/src/dumm/iface.c
+++ b/src/dumm/iface.c
@@ -196,7 +196,7 @@ static bool destroy_tap(private_iface_t *this)
if (!iface_control(this->hostif, FALSE))
{
- DBG1("bringing iface down failed: %m");
+ DBG1(DBG_LIB, "bringing iface down failed: %m");
}
memset(&ifr, 0, sizeof(ifr));
ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
@@ -205,13 +205,13 @@ static bool destroy_tap(private_iface_t *this)
tap = open(TAP_DEVICE, O_RDWR);
if (tap < 0)
{
- DBG1("unable to open tap device %s: %m", TAP_DEVICE);
+ DBG1(DBG_LIB, "unable to open tap device %s: %m", TAP_DEVICE);
return FALSE;
}
if (ioctl(tap, TUNSETIFF, &ifr) < 0 ||
ioctl(tap, TUNSETPERSIST, 0) < 0)
{
- DBG1("removing %s failed: %m", this->hostif);
+ DBG1(DBG_LIB, "removing %s failed: %m", this->hostif);
close(tap);
return FALSE;
}
@@ -235,14 +235,14 @@ static char* create_tap(private_iface_t *this)
tap = open(TAP_DEVICE, O_RDWR);
if (tap < 0)
{
- DBG1("unable to open tap device %s: %m", TAP_DEVICE);
+ DBG1(DBG_LIB, "unable to open tap device %s: %m", TAP_DEVICE);
return NULL;
}
if (ioctl(tap, TUNSETIFF, &ifr) < 0 ||
ioctl(tap, TUNSETPERSIST, 1) < 0 ||
ioctl(tap, TUNSETOWNER, 0))
{
- DBG1("creating new tap device failed: %m");
+ DBG1(DBG_LIB, "creating new tap device failed: %m");
close(tap);
return NULL;
}
@@ -299,7 +299,7 @@ iface_t *iface_create(char *name, guest_t *guest, mconsole_t *mconsole)
}
if (!this->mconsole->add_iface(this->mconsole, this->guestif, this->hostif))
{
- DBG1("creating interface '%s' in guest failed", this->guestif);
+ DBG1(DBG_LIB, "creating interface '%s' in guest failed", this->guestif);
destroy_tap(this);
free(this->guestif);
free(this->hostif);
@@ -308,7 +308,7 @@ iface_t *iface_create(char *name, guest_t *guest, mconsole_t *mconsole)
}
if (!iface_control(this->hostif, TRUE))
{
- DBG1("bringing iface '%s' up failed: %m", this->hostif);
+ DBG1(DBG_LIB, "bringing iface '%s' up failed: %m", this->hostif);
}
return &this->public;
}
diff --git a/src/dumm/mconsole.c b/src/dumm/mconsole.c
index 35984bdd5..7d982a54c 100644
--- a/src/dumm/mconsole.c
+++ b/src/dumm/mconsole.c
@@ -120,7 +120,7 @@ static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t),
if (len < 0)
{
- DBG1("sending mconsole command to UML failed: %m");
+ DBG1(DBG_LIB, "sending mconsole command to UML failed: %m");
return -1;
}
do
@@ -136,7 +136,7 @@ static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t),
}
if (len < 0)
{
- DBG1("receiving from mconsole failed: %m");
+ DBG1(DBG_LIB, "receiving from mconsole failed: %m");
return -1;
}
if (len > 0)
@@ -149,7 +149,7 @@ static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t),
{
if (reply.len && *reply.data)
{
- DBG1("received mconsole error %d: %.*s",
+ DBG1(DBG_LIB, "received mconsole error %d: %.*s",
reply.err, reply.len, reply.data);
}
break;
@@ -245,7 +245,7 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock)
this->notify = socket(AF_UNIX, SOCK_DGRAM, 0);
if (this->notify < 0)
{
- DBG1("opening mconsole notify socket failed: %m");
+ DBG1(DBG_LIB, "opening mconsole notify socket failed: %m");
return FALSE;
}
memset(&addr, 0, sizeof(addr));
@@ -253,7 +253,8 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock)
strncpy(addr.sun_path, nsock, sizeof(addr.sun_path));
if (bind(this->notify, (struct sockaddr*)&addr, sizeof(addr)) < 0)
{
- DBG1("binding mconsole notify socket to '%s' failed: %m", nsock);
+ DBG1(DBG_LIB, "binding mconsole notify socket to '%s' failed: %m",
+ nsock);
close(this->notify);
return FALSE;
}
@@ -273,7 +274,7 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock)
if (len < 0 || len >= sizeof(notify))
{
- DBG1("reading from mconsole notify socket failed: %m");
+ DBG1(DBG_LIB, "reading from mconsole notify socket failed: %m");
close(this->notify);
unlink(nsock);
return FALSE;
@@ -282,8 +283,8 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock)
notify.version != MCONSOLE_VERSION ||
notify.type != MCONSOLE_SOCKET)
{
- DBG1("received unexpected message from mconsole notify socket: %b",
- &notify, sizeof(notify));
+ DBG1(DBG_LIB, "received unexpected message from mconsole notify"
+ " socket: %b", &notify, sizeof(notify));
close(this->notify);
unlink(nsock);
return FALSE;
@@ -304,7 +305,7 @@ static bool setup_console(private_mconsole_t *this)
this->console = socket(AF_UNIX, SOCK_DGRAM, 0);
if (this->console < 0)
{
- DBG1("opening mconsole socket failed: %m");
+ DBG1(DBG_LIB, "opening mconsole socket failed: %m");
return FALSE;
}
memset(&addr, 0, sizeof(addr));
@@ -313,7 +314,8 @@ static bool setup_console(private_mconsole_t *this)
getpid(), this->console);
if (bind(this->console, (struct sockaddr*)&addr, sizeof(addr)) < 0)
{
- DBG1("binding mconsole socket to '%s' failed: %m", &addr.sun_path[1]);
+ DBG1(DBG_LIB, "binding mconsole socket to '%s' failed: %m",
+ &addr.sun_path[1]);
close(this->console);
return FALSE;
}
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index 6aeb84bae..9edad1141 100644
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -1,3 +1,3 @@
EXTRA_DIST = linux/ipsec.h linux/netlink.h linux/rtnetlink.h \
linux/pfkeyv2.h linux/udp.h linux/xfrm.h linux/types.h \
- sys/queue.h
+ linux/jhash.h sys/queue.h
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index 762b32649..720ba3a11 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -172,6 +172,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -208,7 +209,7 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
EXTRA_DIST = linux/ipsec.h linux/netlink.h linux/rtnetlink.h \
linux/pfkeyv2.h linux/udp.h linux/xfrm.h linux/types.h \
- sys/queue.h
+ linux/jhash.h sys/queue.h
all: all-am
diff --git a/src/include/linux/jhash.h b/src/include/linux/jhash.h
new file mode 100644
index 000000000..2a2f99fbc
--- /dev/null
+++ b/src/include/linux/jhash.h
@@ -0,0 +1,143 @@
+#ifndef _LINUX_JHASH_H
+#define _LINUX_JHASH_H
+
+/* jhash.h: Jenkins hash support.
+ *
+ * Copyright (C) 1996 Bob Jenkins (bob_jenkins@burtleburtle.net)
+ *
+ * http://burtleburtle.net/bob/hash/
+ *
+ * These are the credits from Bob's sources:
+ *
+ * lookup2.c, by Bob Jenkins, December 1996, Public Domain.
+ * hash(), hash2(), hash3, and mix() are externally useful functions.
+ * Routines to test the hash are included if SELF_TEST is defined.
+ * You can use this free for any purpose. It has no warranty.
+ *
+ * Copyright (C) 2003 David S. Miller (davem@redhat.com)
+ *
+ * I've modified Bob's hash to be useful in the Linux kernel, and
+ * any bugs present are surely my fault. -DaveM
+ */
+
+/* NOTE: Arguments are modified. */
+#define __jhash_mix(a, b, c) \
+{ \
+ a -= b; a -= c; a ^= (c>>13); \
+ b -= c; b -= a; b ^= (a<<8); \
+ c -= a; c -= b; c ^= (b>>13); \
+ a -= b; a -= c; a ^= (c>>12); \
+ b -= c; b -= a; b ^= (a<<16); \
+ c -= a; c -= b; c ^= (b>>5); \
+ a -= b; a -= c; a ^= (c>>3); \
+ b -= c; b -= a; b ^= (a<<10); \
+ c -= a; c -= b; c ^= (b>>15); \
+}
+
+/* The golden ration: an arbitrary value */
+#define JHASH_GOLDEN_RATIO 0x9e3779b9
+
+/* The most generic version, hashes an arbitrary sequence
+ * of bytes. No alignment or length assumptions are made about
+ * the input key.
+ */
+static inline u32 jhash(const void *key, u32 length, u32 initval)
+{
+ u32 a, b, c, len;
+ const u8 *k = key;
+
+ len = length;
+ a = b = JHASH_GOLDEN_RATIO;
+ c = initval;
+
+ while (len >= 12) {
+ a += (k[0] +((u32)k[1]<<8) +((u32)k[2]<<16) +((u32)k[3]<<24));
+ b += (k[4] +((u32)k[5]<<8) +((u32)k[6]<<16) +((u32)k[7]<<24));
+ c += (k[8] +((u32)k[9]<<8) +((u32)k[10]<<16)+((u32)k[11]<<24));
+
+ __jhash_mix(a,b,c);
+
+ k += 12;
+ len -= 12;
+ }
+
+ c += length;
+ switch (len) {
+ case 11: c += ((u32)k[10]<<24);
+ case 10: c += ((u32)k[9]<<16);
+ case 9 : c += ((u32)k[8]<<8);
+ case 8 : b += ((u32)k[7]<<24);
+ case 7 : b += ((u32)k[6]<<16);
+ case 6 : b += ((u32)k[5]<<8);
+ case 5 : b += k[4];
+ case 4 : a += ((u32)k[3]<<24);
+ case 3 : a += ((u32)k[2]<<16);
+ case 2 : a += ((u32)k[1]<<8);
+ case 1 : a += k[0];
+ };
+
+ __jhash_mix(a,b,c);
+
+ return c;
+}
+
+/* A special optimized version that handles 1 or more of u32s.
+ * The length parameter here is the number of u32s in the key.
+ */
+static inline u32 jhash2(const u32 *k, u32 length, u32 initval)
+{
+ u32 a, b, c, len;
+
+ a = b = JHASH_GOLDEN_RATIO;
+ c = initval;
+ len = length;
+
+ while (len >= 3) {
+ a += k[0];
+ b += k[1];
+ c += k[2];
+ __jhash_mix(a, b, c);
+ k += 3; len -= 3;
+ }
+
+ c += length * 4;
+
+ switch (len) {
+ case 2 : b += k[1];
+ case 1 : a += k[0];
+ };
+
+ __jhash_mix(a,b,c);
+
+ return c;
+}
+
+
+/* A special ultra-optimized versions that knows they are hashing exactly
+ * 3, 2 or 1 word(s).
+ *
+ * NOTE: In partilar the "c += length; __jhash_mix(a,b,c);" normally
+ * done at the end is not done here.
+ */
+static inline u32 jhash_3words(u32 a, u32 b, u32 c, u32 initval)
+{
+ a += JHASH_GOLDEN_RATIO;
+ b += JHASH_GOLDEN_RATIO;
+ c += initval;
+
+ __jhash_mix(a, b, c);
+
+ return c;
+}
+
+static inline u32 jhash_2words(u32 a, u32 b, u32 initval)
+{
+ return jhash_3words(a, b, 0, initval);
+}
+
+static inline u32 jhash_1word(u32 a, u32 initval)
+{
+ return jhash_3words(a, 0, 0, initval);
+}
+
+#endif /* _LINUX_JHASH_H */
diff --git a/src/include/linux/pfkeyv2.h b/src/include/linux/pfkeyv2.h
index b4b0712a4..7379d1a94 100644
--- a/src/include/linux/pfkeyv2.h
+++ b/src/include/linux/pfkeyv2.h
@@ -315,6 +315,7 @@ struct sadb_x_kmaddress {
#define SADB_X_EALG_AES_GCM_ICV12 19
#define SADB_X_EALG_AES_GCM_ICV16 20
#define SADB_X_EALG_CAMELLIACBC 22
+#define SADB_X_EALG_NULL_AES_GMAC 23
#define SADB_EALG_MAX 253 /* last EALG */
/* private allocations should use 249-255 (RFC2407) */
#define SADB_X_EALG_SERPENTCBC 252 /* draft-ietf-ipsec-ciph-aes-cbc-00 */
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
index ff88ed1ff..3834b672a 100644
--- a/src/ipsec/Makefile.in
+++ b/src/ipsec/Makefile.in
@@ -200,6 +200,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
diff --git a/src/ipsec/ipsec.in b/src/ipsec/ipsec.in
index 1da3c2d90..0bddc201a 100755
--- a/src/ipsec/ipsec.in
+++ b/src/ipsec/ipsec.in
@@ -2,13 +2,13 @@
# prefix command to run stuff from our programs directory
# Copyright (C) 1998-2002 Henry Spencer.
# Copyright (C) 2006 Andreas Steffen
-# Copyright (C) 2006 Martin Willi
-#
+# Copyright (C) 2006 Martin Willi
+#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-#
+#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
@@ -67,7 +67,7 @@ case "$1" in
echo " rereadacerts|rereadcrls|rereadall"
echo " purgeocsp|purgeike"
echo " scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
- echo " openac"
+ echo " openac"
echo " pluto"
echo " scepclient"
echo " secrets"
@@ -138,17 +138,26 @@ listcards|rereadgroups)
$IPSEC_WHACK "$@" "--$op"
rc="$?"
fi
- if [ -e $IPSEC_CHARON_PID ]
- then
- exit 3
- else
- exit 7
- fi
+ if [ -e $IPSEC_CHARON_PID ]
+ then
+ exit 3
+ else
+ exit 7
+ fi
;;
leases)
op="$1"
rc=7
shift
+ if [ -e $IPSEC_PLUTO_PID ]
+ then
+ case "$#" in
+ 0) $IPSEC_WHACK "--$op" ;;
+ 1) $IPSEC_WHACK "--$op" --name "$1" ;;
+ *) $IPSEC_WHACK "--$op" --name "$1" --lease-addr "$2" ;;
+ esac
+ rc="$?"
+ fi
if [ -e $IPSEC_CHARON_PID ]
then
case "$#" in
@@ -330,7 +339,7 @@ stop)
fi
fi
else
- echo "Stopping strongSwan IPsec failed: starter is not running" >&2
+ echo "Stopping strongSwan IPsec failed: starter is not running" >&2
fi
if [ -d /var/lock/subsys ]; then
rm -f /var/lock/subsys/ipsec
diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk
new file mode 100644
index 000000000..d473b455e
--- /dev/null
+++ b/src/libcharon/Android.mk
@@ -0,0 +1,174 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# copy-n-paste from Makefile.am
+LOCAL_SRC_FILES := \
+bus/bus.c bus/bus.h \
+bus/listeners/listener.h \
+bus/listeners/file_logger.c bus/listeners/file_logger.h \
+bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
+config/backend_manager.c config/backend_manager.h config/backend.h \
+config/child_cfg.c config/child_cfg.h \
+config/ike_cfg.c config/ike_cfg.h \
+config/peer_cfg.c config/peer_cfg.h \
+config/proposal.c config/proposal.h \
+config/auth_cfg.c config/auth_cfg.h \
+control/controller.c control/controller.h \
+daemon.c daemon.h \
+encoding/generator.c encoding/generator.h \
+encoding/message.c encoding/message.h \
+encoding/parser.c encoding/parser.h \
+encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \
+encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \
+encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \
+encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \
+encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
+encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
+encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
+encoding/payloads/encodings.c encoding/payloads/encodings.h \
+encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \
+encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
+encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
+encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
+encoding/payloads/nonce_payload.c encoding/payloads/nonce_payload.h \
+encoding/payloads/notify_payload.c encoding/payloads/notify_payload.h \
+encoding/payloads/payload.c encoding/payloads/payload.h \
+encoding/payloads/proposal_substructure.c encoding/payloads/proposal_substructure.h \
+encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
+encoding/payloads/traffic_selector_substructure.c encoding/payloads/traffic_selector_substructure.h \
+encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \
+encoding/payloads/transform_substructure.c encoding/payloads/transform_substructure.h \
+encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
+encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \
+encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \
+kernel/kernel_interface.c kernel/kernel_interface.h \
+kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
+kernel/kernel_net.h \
+network/packet.c network/packet.h \
+network/receiver.c network/receiver.h \
+network/sender.c network/sender.h \
+network/socket_manager.c network/socket_manager.h network/socket.h \
+processing/jobs/job.h \
+processing/jobs/acquire_job.c processing/jobs/acquire_job.h \
+processing/jobs/callback_job.c processing/jobs/callback_job.h \
+processing/jobs/delete_child_sa_job.c processing/jobs/delete_child_sa_job.h \
+processing/jobs/delete_ike_sa_job.c processing/jobs/delete_ike_sa_job.h \
+processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
+processing/jobs/process_message_job.c processing/jobs/process_message_job.h \
+processing/jobs/rekey_child_sa_job.c processing/jobs/rekey_child_sa_job.h \
+processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \
+processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \
+processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
+processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \
+processing/jobs/roam_job.c processing/jobs/roam_job.h \
+processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \
+processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \
+processing/scheduler.c processing/scheduler.h \
+processing/processor.c processing/processor.h \
+sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
+sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
+sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
+sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \
+sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \
+sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
+sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \
+sa/child_sa.c sa/child_sa.h \
+sa/ike_sa.c sa/ike_sa.h \
+sa/ike_sa_id.c sa/ike_sa_id.h \
+sa/ike_sa_manager.c sa/ike_sa_manager.h \
+sa/task_manager.c sa/task_manager.h \
+sa/keymat.c sa/keymat.h \
+sa/trap_manager.c sa/trap_manager.h \
+sa/tasks/child_create.c sa/tasks/child_create.h \
+sa/tasks/child_delete.c sa/tasks/child_delete.h \
+sa/tasks/child_rekey.c sa/tasks/child_rekey.h \
+sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
+sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
+sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
+sa/tasks/ike_config.c sa/tasks/ike_config.h \
+sa/tasks/ike_delete.c sa/tasks/ike_delete.h \
+sa/tasks/ike_dpd.c sa/tasks/ike_dpd.h \
+sa/tasks/ike_init.c sa/tasks/ike_init.h \
+sa/tasks/ike_natd.c sa/tasks/ike_natd.h \
+sa/tasks/ike_mobike.c sa/tasks/ike_mobike.h \
+sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
+sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \
+sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \
+sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \
+sa/tasks/task.c sa/tasks/task.h \
+credentials/credential_manager.c credentials/credential_manager.h \
+credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \
+credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \
+credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
+credentials/credential_set.h
+
+# adding the plugin source files
+
+LOCAL_SRC_FILES += $(call add_plugin, android)
+ifneq ($(call plugin_enabled, android)),)
+LOCAL_SHARED_LIBRARIES += libcutils
+endif
+
+LOCAL_SRC_FILES += $(call add_plugin, attr)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-aka)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-aka-3gpp2)
+ifneq ($(call plugin_enabled, eap-aka-3gpp2)),)
+LOCAL_C_INCLUDES += $(libgmp_PATH)
+LOCAL_SHARED_LIBRARIES += libgmp
+endif
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-gtc)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-identity)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-md5)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-mschapv2)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-sim)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-simaka-pseudonym)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-simaka-reauth)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-sim-file)
+
+# adding libakasim if either eap-aka or eap-sim is enabled
+ifneq ($(or $(call plugin_enabled, eap-aka), $(call plugin_enabled, eap-sim)),)
+LOCAL_C_INCLUDES += $(LOCAL_PATH)/../libsimaka/
+LOCAL_SRC_FILES += $(addprefix ../libsimaka/, \
+ simaka_message.h simaka_message.c \
+ simaka_crypto.h simaka_crypto.c \
+ )
+endif
+
+LOCAL_SRC_FILES += $(call add_plugin, kernel-netlink)
+
+LOCAL_SRC_FILES += $(call add_plugin, load-tester)
+
+LOCAL_SRC_FILES += $(call add_plugin, socket-default)
+
+LOCAL_SRC_FILES += $(call add_plugin, socket-dynamic)
+
+# build libcharon --------------------------------------------------------------
+
+LOCAL_C_INCLUDES += \
+ $(libvstr_PATH) \
+ $(strongswan_PATH)/src/include \
+ $(strongswan_PATH)/src/libhydra \
+ $(strongswan_PATH)/src/libstrongswan
+
+LOCAL_CFLAGS := $(strongswan_CFLAGS)
+
+LOCAL_MODULE := libcharon
+
+LOCAL_ARM_MODE := arm
+
+LOCAL_PRELINK_MODULE := false
+
+LOCAL_SHARED_LIBRARIES += libstrongswan libhydra
+
+include $(BUILD_SHARED_LIBRARY)
+
diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am
new file mode 100644
index 000000000..0eaccf7a0
--- /dev/null
+++ b/src/libcharon/Makefile.am
@@ -0,0 +1,418 @@
+lib_LTLIBRARIES = libcharon.la
+
+libcharon_la_SOURCES = \
+bus/bus.c bus/bus.h \
+bus/listeners/listener.h \
+bus/listeners/file_logger.c bus/listeners/file_logger.h \
+bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
+config/backend_manager.c config/backend_manager.h config/backend.h \
+config/child_cfg.c config/child_cfg.h \
+config/ike_cfg.c config/ike_cfg.h \
+config/peer_cfg.c config/peer_cfg.h \
+config/proposal.c config/proposal.h \
+config/auth_cfg.c config/auth_cfg.h \
+control/controller.c control/controller.h \
+daemon.c daemon.h \
+encoding/generator.c encoding/generator.h \
+encoding/message.c encoding/message.h \
+encoding/parser.c encoding/parser.h \
+encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \
+encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \
+encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \
+encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \
+encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
+encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
+encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
+encoding/payloads/encodings.c encoding/payloads/encodings.h \
+encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \
+encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
+encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
+encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
+encoding/payloads/nonce_payload.c encoding/payloads/nonce_payload.h \
+encoding/payloads/notify_payload.c encoding/payloads/notify_payload.h \
+encoding/payloads/payload.c encoding/payloads/payload.h \
+encoding/payloads/proposal_substructure.c encoding/payloads/proposal_substructure.h \
+encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
+encoding/payloads/traffic_selector_substructure.c encoding/payloads/traffic_selector_substructure.h \
+encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \
+encoding/payloads/transform_substructure.c encoding/payloads/transform_substructure.h \
+encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
+encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \
+encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \
+kernel/kernel_interface.c kernel/kernel_interface.h \
+kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
+kernel/kernel_net.h \
+network/packet.c network/packet.h \
+network/receiver.c network/receiver.h \
+network/sender.c network/sender.h \
+network/socket_manager.c network/socket_manager.h network/socket.h \
+processing/jobs/job.h \
+processing/jobs/acquire_job.c processing/jobs/acquire_job.h \
+processing/jobs/callback_job.c processing/jobs/callback_job.h \
+processing/jobs/delete_child_sa_job.c processing/jobs/delete_child_sa_job.h \
+processing/jobs/delete_ike_sa_job.c processing/jobs/delete_ike_sa_job.h \
+processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
+processing/jobs/process_message_job.c processing/jobs/process_message_job.h \
+processing/jobs/rekey_child_sa_job.c processing/jobs/rekey_child_sa_job.h \
+processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \
+processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \
+processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
+processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \
+processing/jobs/roam_job.c processing/jobs/roam_job.h \
+processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \
+processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \
+processing/scheduler.c processing/scheduler.h \
+processing/processor.c processing/processor.h \
+sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
+sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
+sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
+sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \
+sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \
+sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
+sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \
+sa/child_sa.c sa/child_sa.h \
+sa/ike_sa.c sa/ike_sa.h \
+sa/ike_sa_id.c sa/ike_sa_id.h \
+sa/ike_sa_manager.c sa/ike_sa_manager.h \
+sa/task_manager.c sa/task_manager.h \
+sa/keymat.c sa/keymat.h \
+sa/trap_manager.c sa/trap_manager.h \
+sa/tasks/child_create.c sa/tasks/child_create.h \
+sa/tasks/child_delete.c sa/tasks/child_delete.h \
+sa/tasks/child_rekey.c sa/tasks/child_rekey.h \
+sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
+sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
+sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
+sa/tasks/ike_config.c sa/tasks/ike_config.h \
+sa/tasks/ike_delete.c sa/tasks/ike_delete.h \
+sa/tasks/ike_dpd.c sa/tasks/ike_dpd.h \
+sa/tasks/ike_init.c sa/tasks/ike_init.h \
+sa/tasks/ike_natd.c sa/tasks/ike_natd.h \
+sa/tasks/ike_mobike.c sa/tasks/ike_mobike.h \
+sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
+sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \
+sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \
+sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \
+sa/tasks/task.c sa/tasks/task.h \
+credentials/credential_manager.c credentials/credential_manager.h \
+credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \
+credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \
+credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
+credentials/credential_set.h
+
+daemon.lo : $(top_builddir)/config.status
+
+INCLUDES = \
+ -I${linux_headers} \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = \
+ -DIPSEC_DIR=\"${ipsecdir}\" \
+ -DIPSEC_PIDDIR=\"${piddir}\"
+
+libcharon_la_LIBADD = -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB)
+
+EXTRA_DIST = Android.mk
+
+# compile options
+#################
+
+if USE_ME
+ libcharon_la_SOURCES += encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \
+ processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \
+ processing/jobs/mediation_job.c processing/jobs/mediation_job.h \
+ sa/connect_manager.c sa/connect_manager.h \
+ sa/mediation_manager.c sa/mediation_manager.h \
+ sa/tasks/ike_me.c sa/tasks/ike_me.h
+endif
+
+if USE_CAPABILITIES
+ libcharon_la_LIBADD += -lcap
+endif
+
+# build optional plugins
+########################
+
+if MONOLITHIC
+SUBDIRS =
+else
+SUBDIRS = .
+endif
+
+PLUGINS = ${libstrongswan_plugins} ${libhydra_plugins}
+
+if USE_LOAD_TESTER
+ SUBDIRS += plugins/load_tester
+ PLUGINS += load-tester
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/load_tester/libstrongswan-load-tester.la
+endif
+endif
+
+if USE_KERNEL_PFKEY
+ SUBDIRS += plugins/kernel_pfkey
+ PLUGINS += kernel-pfkey
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la
+endif
+endif
+
+if USE_KERNEL_PFROUTE
+ SUBDIRS += plugins/kernel_pfroute
+ PLUGINS += kernel-pfroute
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la
+endif
+endif
+
+if USE_KERNEL_KLIPS
+ SUBDIRS += plugins/kernel_klips
+ PLUGINS += kernel-klips
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/kernel_klips/libstrongswan-kernel-klips.la
+endif
+endif
+
+if USE_KERNEL_NETLINK
+ SUBDIRS += plugins/kernel_netlink
+ PLUGINS += kernel-netlink
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/kernel_netlink/libstrongswan-kernel-netlink.la
+endif
+endif
+
+if USE_SOCKET_DEFAULT
+ SUBDIRS += plugins/socket_default
+ PLUGINS += socket-default
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/socket_default/libstrongswan-socket-default.la
+endif
+endif
+
+if USE_SOCKET_RAW
+ SUBDIRS += plugins/socket_raw
+ PLUGINS += socket-raw
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/socket_raw/libstrongswan-socket-raw.la
+endif
+endif
+
+if USE_SOCKET_DYNAMIC
+ SUBDIRS += plugins/socket_dynamic
+ PLUGINS += socket-dynamic
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/socket_dynamic/libstrongswan-socket-dynamic.la
+endif
+endif
+
+if USE_FARP
+ SUBDIRS += plugins/farp
+ PLUGINS += farp
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/farp/libstrongswan-farp.la
+endif
+endif
+
+if USE_STROKE
+ SUBDIRS += plugins/stroke
+ PLUGINS += stroke
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/stroke/libstrongswan-stroke.la
+endif
+endif
+
+if USE_SMP
+ SUBDIRS += plugins/smp
+ PLUGINS += smp
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/smp/libstrongswan-smp.la
+endif
+endif
+
+if USE_SQL
+ SUBDIRS += plugins/sql
+ PLUGINS += sql
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/sql/libstrongswan-sql.la
+endif
+endif
+
+if USE_UPDOWN
+ SUBDIRS += plugins/updown
+ PLUGINS += updown
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/updown/libstrongswan-updown.la
+endif
+endif
+
+if USE_EAP_IDENTITY
+ SUBDIRS += plugins/eap_identity
+ PLUGINS += eap-identity
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/eap_identity/libstrongswan-eap-identity.la
+endif
+endif
+
+if USE_EAP_SIM
+ SUBDIRS += plugins/eap_sim
+ PLUGINS += eap-sim
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/eap_sim/libstrongswan-eap-sim.la
+endif
+endif
+
+if USE_EAP_SIM_FILE
+ SUBDIRS += plugins/eap_sim_file
+ PLUGINS += eap-sim-file
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/eap_sim_file/libstrongswan-eap-sim-file.la
+endif
+endif
+
+if USE_EAP_SIMAKA_PSEUDONYM
+ SUBDIRS += plugins/eap_simaka_pseudonym
+ PLUGINS += eap-simaka-pseudonym
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la
+endif
+endif
+
+if USE_EAP_SIMAKA_REAUTH
+ SUBDIRS += plugins/eap_simaka_reauth
+ PLUGINS += eap-simaka-reauth
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la
+endif
+endif
+
+if USE_EAP_AKA
+ SUBDIRS += plugins/eap_aka
+ PLUGINS += eap-aka
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/eap_aka/libstrongswan-eap-aka.la
+endif
+endif
+
+if USE_EAP_AKA_3GPP2
+ SUBDIRS += plugins/eap_aka_3gpp2
+ PLUGINS += eap-aka-3gpp2
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la
+endif
+endif
+
+if USE_SIMAKA
+if MONOLITHIC
+ # otherwise this library is linked to both the eap_aka and the eap_sim plugin
+ libcharon_la_LIBADD += $(top_builddir)/src/libsimaka/libsimaka.la
+endif
+endif
+
+if USE_EAP_MD5
+ SUBDIRS += plugins/eap_md5
+ PLUGINS += eap-md5
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/eap_md5/libstrongswan-eap-md5.la
+endif
+endif
+
+if USE_EAP_GTC
+ SUBDIRS += plugins/eap_gtc
+ PLUGINS += eap-gtc
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/eap_gtc/libstrongswan-eap-gtc.la
+endif
+endif
+
+if USE_EAP_MSCHAPV2
+ SUBDIRS += plugins/eap_mschapv2
+ PLUGINS += eap-mschapv2
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la
+endif
+endif
+
+if USE_EAP_RADIUS
+ SUBDIRS += plugins/eap_radius
+ PLUGINS += eap-radius
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/eap_radius/libstrongswan-eap-radius.la
+endif
+endif
+
+if USE_MEDSRV
+ SUBDIRS += plugins/medsrv
+ PLUGINS += medsrv
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/medsrv/libstrongswan-medsrv.la
+endif
+endif
+
+if USE_MEDCLI
+ SUBDIRS += plugins/medcli
+ PLUGINS += medcli
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/medcli/libstrongswan-medcli.la
+endif
+endif
+
+if USE_NM
+ SUBDIRS += plugins/nm
+ PLUGINS += nm
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/nm/libstrongswan-nm.la
+endif
+endif
+
+if USE_DHCP
+ SUBDIRS += plugins/dhcp
+ PLUGINS += dhcp
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/dhcp/libstrongswan-dhcp.la
+endif
+endif
+
+if USE_RESOLVE
+ SUBDIRS += plugins/resolve
+ PLUGINS += resolve
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/resolve/libstrongswan-resolve.la
+endif
+endif
+
+if USE_ANDROID
+ SUBDIRS += plugins/android
+ PLUGINS += android
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/android/libstrongswan-android.la
+endif
+endif
+
+if USE_HA
+ SUBDIRS += plugins/ha
+ PLUGINS += ha
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/ha/libstrongswan-ha.la
+endif
+endif
+
+if USE_UCI
+ SUBDIRS += plugins/uci
+ PLUGINS += uci
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/uci/libstrongswan-uci.la
+endif
+endif
+
+if USE_UNIT_TESTS
+ SUBDIRS += plugins/unit_tester
+ PLUGINS += unit-tester
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/unit_tester/libstrongswan-unit-tester.la
+endif
+endif
+
+AM_CFLAGS += -DPLUGINS=\""${PLUGINS}\""
+
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
new file mode 100644
index 000000000..0eb6f36f4
--- /dev/null
+++ b/src/libcharon/Makefile.in
@@ -0,0 +1,1994 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+
+# compile options
+#################
+@USE_ME_TRUE@am__append_1 = encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \
+@USE_ME_TRUE@ processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \
+@USE_ME_TRUE@ processing/jobs/mediation_job.c processing/jobs/mediation_job.h \
+@USE_ME_TRUE@ sa/connect_manager.c sa/connect_manager.h \
+@USE_ME_TRUE@ sa/mediation_manager.c sa/mediation_manager.h \
+@USE_ME_TRUE@ sa/tasks/ike_me.c sa/tasks/ike_me.h
+
+@USE_CAPABILITIES_TRUE@am__append_2 = -lcap
+@USE_LOAD_TESTER_TRUE@am__append_3 = plugins/load_tester
+@USE_LOAD_TESTER_TRUE@am__append_4 = load-tester
+@MONOLITHIC_TRUE@@USE_LOAD_TESTER_TRUE@am__append_5 = plugins/load_tester/libstrongswan-load-tester.la
+@USE_KERNEL_PFKEY_TRUE@am__append_6 = plugins/kernel_pfkey
+@USE_KERNEL_PFKEY_TRUE@am__append_7 = kernel-pfkey
+@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_8 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la
+@USE_KERNEL_PFROUTE_TRUE@am__append_9 = plugins/kernel_pfroute
+@USE_KERNEL_PFROUTE_TRUE@am__append_10 = kernel-pfroute
+@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_11 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la
+@USE_KERNEL_KLIPS_TRUE@am__append_12 = plugins/kernel_klips
+@USE_KERNEL_KLIPS_TRUE@am__append_13 = kernel-klips
+@MONOLITHIC_TRUE@@USE_KERNEL_KLIPS_TRUE@am__append_14 = plugins/kernel_klips/libstrongswan-kernel-klips.la
+@USE_KERNEL_NETLINK_TRUE@am__append_15 = plugins/kernel_netlink
+@USE_KERNEL_NETLINK_TRUE@am__append_16 = kernel-netlink
+@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_17 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la
+@USE_SOCKET_DEFAULT_TRUE@am__append_18 = plugins/socket_default
+@USE_SOCKET_DEFAULT_TRUE@am__append_19 = socket-default
+@MONOLITHIC_TRUE@@USE_SOCKET_DEFAULT_TRUE@am__append_20 = plugins/socket_default/libstrongswan-socket-default.la
+@USE_SOCKET_RAW_TRUE@am__append_21 = plugins/socket_raw
+@USE_SOCKET_RAW_TRUE@am__append_22 = socket-raw
+@MONOLITHIC_TRUE@@USE_SOCKET_RAW_TRUE@am__append_23 = plugins/socket_raw/libstrongswan-socket-raw.la
+@USE_SOCKET_DYNAMIC_TRUE@am__append_24 = plugins/socket_dynamic
+@USE_SOCKET_DYNAMIC_TRUE@am__append_25 = socket-dynamic
+@MONOLITHIC_TRUE@@USE_SOCKET_DYNAMIC_TRUE@am__append_26 = plugins/socket_dynamic/libstrongswan-socket-dynamic.la
+@USE_FARP_TRUE@am__append_27 = plugins/farp
+@USE_FARP_TRUE@am__append_28 = farp
+@MONOLITHIC_TRUE@@USE_FARP_TRUE@am__append_29 = plugins/farp/libstrongswan-farp.la
+@USE_STROKE_TRUE@am__append_30 = plugins/stroke
+@USE_STROKE_TRUE@am__append_31 = stroke
+@MONOLITHIC_TRUE@@USE_STROKE_TRUE@am__append_32 = plugins/stroke/libstrongswan-stroke.la
+@USE_SMP_TRUE@am__append_33 = plugins/smp
+@USE_SMP_TRUE@am__append_34 = smp
+@MONOLITHIC_TRUE@@USE_SMP_TRUE@am__append_35 = plugins/smp/libstrongswan-smp.la
+@USE_SQL_TRUE@am__append_36 = plugins/sql
+@USE_SQL_TRUE@am__append_37 = sql
+@MONOLITHIC_TRUE@@USE_SQL_TRUE@am__append_38 = plugins/sql/libstrongswan-sql.la
+@USE_UPDOWN_TRUE@am__append_39 = plugins/updown
+@USE_UPDOWN_TRUE@am__append_40 = updown
+@MONOLITHIC_TRUE@@USE_UPDOWN_TRUE@am__append_41 = plugins/updown/libstrongswan-updown.la
+@USE_EAP_IDENTITY_TRUE@am__append_42 = plugins/eap_identity
+@USE_EAP_IDENTITY_TRUE@am__append_43 = eap-identity
+@MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE@am__append_44 = plugins/eap_identity/libstrongswan-eap-identity.la
+@USE_EAP_SIM_TRUE@am__append_45 = plugins/eap_sim
+@USE_EAP_SIM_TRUE@am__append_46 = eap-sim
+@MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_47 = plugins/eap_sim/libstrongswan-eap-sim.la
+@USE_EAP_SIM_FILE_TRUE@am__append_48 = plugins/eap_sim_file
+@USE_EAP_SIM_FILE_TRUE@am__append_49 = eap-sim-file
+@MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_50 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la
+@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_51 = plugins/eap_simaka_pseudonym
+@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_52 = eap-simaka-pseudonym
+@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_53 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la
+@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_54 = plugins/eap_simaka_reauth
+@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_55 = eap-simaka-reauth
+@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_56 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la
+@USE_EAP_AKA_TRUE@am__append_57 = plugins/eap_aka
+@USE_EAP_AKA_TRUE@am__append_58 = eap-aka
+@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_59 = plugins/eap_aka/libstrongswan-eap-aka.la
+@USE_EAP_AKA_3GPP2_TRUE@am__append_60 = plugins/eap_aka_3gpp2
+@USE_EAP_AKA_3GPP2_TRUE@am__append_61 = eap-aka-3gpp2
+@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_62 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la
+@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_63 = $(top_builddir)/src/libsimaka/libsimaka.la
+@USE_EAP_MD5_TRUE@am__append_64 = plugins/eap_md5
+@USE_EAP_MD5_TRUE@am__append_65 = eap-md5
+@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_66 = plugins/eap_md5/libstrongswan-eap-md5.la
+@USE_EAP_GTC_TRUE@am__append_67 = plugins/eap_gtc
+@USE_EAP_GTC_TRUE@am__append_68 = eap-gtc
+@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_69 = plugins/eap_gtc/libstrongswan-eap-gtc.la
+@USE_EAP_MSCHAPV2_TRUE@am__append_70 = plugins/eap_mschapv2
+@USE_EAP_MSCHAPV2_TRUE@am__append_71 = eap-mschapv2
+@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_72 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la
+@USE_EAP_RADIUS_TRUE@am__append_73 = plugins/eap_radius
+@USE_EAP_RADIUS_TRUE@am__append_74 = eap-radius
+@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_75 = plugins/eap_radius/libstrongswan-eap-radius.la
+@USE_MEDSRV_TRUE@am__append_76 = plugins/medsrv
+@USE_MEDSRV_TRUE@am__append_77 = medsrv
+@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_78 = plugins/medsrv/libstrongswan-medsrv.la
+@USE_MEDCLI_TRUE@am__append_79 = plugins/medcli
+@USE_MEDCLI_TRUE@am__append_80 = medcli
+@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_81 = plugins/medcli/libstrongswan-medcli.la
+@USE_NM_TRUE@am__append_82 = plugins/nm
+@USE_NM_TRUE@am__append_83 = nm
+@MONOLITHIC_TRUE@@USE_NM_TRUE@am__append_84 = plugins/nm/libstrongswan-nm.la
+@USE_DHCP_TRUE@am__append_85 = plugins/dhcp
+@USE_DHCP_TRUE@am__append_86 = dhcp
+@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_87 = plugins/dhcp/libstrongswan-dhcp.la
+@USE_RESOLVE_TRUE@am__append_88 = plugins/resolve
+@USE_RESOLVE_TRUE@am__append_89 = resolve
+@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_90 = plugins/resolve/libstrongswan-resolve.la
+@USE_ANDROID_TRUE@am__append_91 = plugins/android
+@USE_ANDROID_TRUE@am__append_92 = android
+@MONOLITHIC_TRUE@@USE_ANDROID_TRUE@am__append_93 = plugins/android/libstrongswan-android.la
+@USE_HA_TRUE@am__append_94 = plugins/ha
+@USE_HA_TRUE@am__append_95 = ha
+@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_96 = plugins/ha/libstrongswan-ha.la
+@USE_UCI_TRUE@am__append_97 = plugins/uci
+@USE_UCI_TRUE@am__append_98 = uci
+@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_99 = plugins/uci/libstrongswan-uci.la
+@USE_UNIT_TESTS_TRUE@am__append_100 = plugins/unit_tester
+@USE_UNIT_TESTS_TRUE@am__append_101 = unit-tester
+@MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_102 = plugins/unit_tester/libstrongswan-unit-tester.la
+subdir = src/libcharon
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(libdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libcharon_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__append_5) $(am__append_8) \
+ $(am__append_11) $(am__append_14) $(am__append_17) \
+ $(am__append_20) $(am__append_23) $(am__append_26) \
+ $(am__append_29) $(am__append_32) $(am__append_35) \
+ $(am__append_38) $(am__append_41) $(am__append_44) \
+ $(am__append_47) $(am__append_50) $(am__append_53) \
+ $(am__append_56) $(am__append_59) $(am__append_62) \
+ $(am__append_63) $(am__append_66) $(am__append_69) \
+ $(am__append_72) $(am__append_75) $(am__append_78) \
+ $(am__append_81) $(am__append_84) $(am__append_87) \
+ $(am__append_90) $(am__append_93) $(am__append_96) \
+ $(am__append_99) $(am__append_102)
+am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \
+ bus/listeners/listener.h bus/listeners/file_logger.c \
+ bus/listeners/file_logger.h bus/listeners/sys_logger.c \
+ bus/listeners/sys_logger.h config/backend_manager.c \
+ config/backend_manager.h config/backend.h config/child_cfg.c \
+ config/child_cfg.h config/ike_cfg.c config/ike_cfg.h \
+ config/peer_cfg.c config/peer_cfg.h config/proposal.c \
+ config/proposal.h config/auth_cfg.c config/auth_cfg.h \
+ control/controller.c control/controller.h daemon.c daemon.h \
+ encoding/generator.c encoding/generator.h encoding/message.c \
+ encoding/message.h encoding/parser.c encoding/parser.h \
+ encoding/payloads/auth_payload.c \
+ encoding/payloads/auth_payload.h \
+ encoding/payloads/cert_payload.c \
+ encoding/payloads/cert_payload.h \
+ encoding/payloads/certreq_payload.c \
+ encoding/payloads/certreq_payload.h \
+ encoding/payloads/configuration_attribute.c \
+ encoding/payloads/configuration_attribute.h \
+ encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
+ encoding/payloads/delete_payload.c \
+ encoding/payloads/delete_payload.h \
+ encoding/payloads/eap_payload.c \
+ encoding/payloads/eap_payload.h encoding/payloads/encodings.c \
+ encoding/payloads/encodings.h \
+ encoding/payloads/encryption_payload.c \
+ encoding/payloads/encryption_payload.h \
+ encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
+ encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
+ encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
+ encoding/payloads/nonce_payload.c \
+ encoding/payloads/nonce_payload.h \
+ encoding/payloads/notify_payload.c \
+ encoding/payloads/notify_payload.h encoding/payloads/payload.c \
+ encoding/payloads/payload.h \
+ encoding/payloads/proposal_substructure.c \
+ encoding/payloads/proposal_substructure.h \
+ encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
+ encoding/payloads/traffic_selector_substructure.c \
+ encoding/payloads/traffic_selector_substructure.h \
+ encoding/payloads/transform_attribute.c \
+ encoding/payloads/transform_attribute.h \
+ encoding/payloads/transform_substructure.c \
+ encoding/payloads/transform_substructure.h \
+ encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
+ encoding/payloads/unknown_payload.c \
+ encoding/payloads/unknown_payload.h \
+ encoding/payloads/vendor_id_payload.c \
+ encoding/payloads/vendor_id_payload.h \
+ kernel/kernel_interface.c kernel/kernel_interface.h \
+ kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
+ kernel/kernel_net.h network/packet.c network/packet.h \
+ network/receiver.c network/receiver.h network/sender.c \
+ network/sender.h network/socket_manager.c \
+ network/socket_manager.h network/socket.h \
+ processing/jobs/job.h processing/jobs/acquire_job.c \
+ processing/jobs/acquire_job.h processing/jobs/callback_job.c \
+ processing/jobs/callback_job.h \
+ processing/jobs/delete_child_sa_job.c \
+ processing/jobs/delete_child_sa_job.h \
+ processing/jobs/delete_ike_sa_job.c \
+ processing/jobs/delete_ike_sa_job.h \
+ processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
+ processing/jobs/process_message_job.c \
+ processing/jobs/process_message_job.h \
+ processing/jobs/rekey_child_sa_job.c \
+ processing/jobs/rekey_child_sa_job.h \
+ processing/jobs/rekey_ike_sa_job.c \
+ processing/jobs/rekey_ike_sa_job.h \
+ processing/jobs/retransmit_job.c \
+ processing/jobs/retransmit_job.h \
+ processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
+ processing/jobs/send_keepalive_job.c \
+ processing/jobs/send_keepalive_job.h \
+ processing/jobs/roam_job.c processing/jobs/roam_job.h \
+ processing/jobs/update_sa_job.c \
+ processing/jobs/update_sa_job.h \
+ processing/jobs/inactivity_job.c \
+ processing/jobs/inactivity_job.h processing/scheduler.c \
+ processing/scheduler.h processing/processor.c \
+ processing/processor.h sa/authenticators/authenticator.c \
+ sa/authenticators/authenticator.h \
+ sa/authenticators/eap_authenticator.c \
+ sa/authenticators/eap_authenticator.h \
+ sa/authenticators/eap/eap_method.c \
+ sa/authenticators/eap/eap_method.h \
+ sa/authenticators/eap/eap_manager.c \
+ sa/authenticators/eap/eap_manager.h \
+ sa/authenticators/eap/sim_manager.c \
+ sa/authenticators/eap/sim_manager.h \
+ sa/authenticators/psk_authenticator.c \
+ sa/authenticators/psk_authenticator.h \
+ sa/authenticators/pubkey_authenticator.c \
+ sa/authenticators/pubkey_authenticator.h sa/child_sa.c \
+ sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_id.c \
+ sa/ike_sa_id.h sa/ike_sa_manager.c sa/ike_sa_manager.h \
+ sa/task_manager.c sa/task_manager.h sa/keymat.c sa/keymat.h \
+ sa/trap_manager.c sa/trap_manager.h sa/tasks/child_create.c \
+ sa/tasks/child_create.h sa/tasks/child_delete.c \
+ sa/tasks/child_delete.h sa/tasks/child_rekey.c \
+ sa/tasks/child_rekey.h sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
+ sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
+ sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
+ sa/tasks/ike_config.c sa/tasks/ike_config.h \
+ sa/tasks/ike_delete.c sa/tasks/ike_delete.h sa/tasks/ike_dpd.c \
+ sa/tasks/ike_dpd.h sa/tasks/ike_init.c sa/tasks/ike_init.h \
+ sa/tasks/ike_natd.c sa/tasks/ike_natd.h sa/tasks/ike_mobike.c \
+ sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \
+ sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \
+ sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \
+ sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \
+ sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \
+ credentials/credential_manager.c \
+ credentials/credential_manager.h \
+ credentials/sets/auth_cfg_wrapper.c \
+ credentials/sets/auth_cfg_wrapper.h \
+ credentials/sets/ocsp_response_wrapper.c \
+ credentials/sets/ocsp_response_wrapper.h \
+ credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
+ credentials/credential_set.h \
+ encoding/payloads/endpoint_notify.c \
+ encoding/payloads/endpoint_notify.h \
+ processing/jobs/initiate_mediation_job.c \
+ processing/jobs/initiate_mediation_job.h \
+ processing/jobs/mediation_job.c \
+ processing/jobs/mediation_job.h sa/connect_manager.c \
+ sa/connect_manager.h sa/mediation_manager.c \
+ sa/mediation_manager.h sa/tasks/ike_me.c sa/tasks/ike_me.h
+@USE_ME_TRUE@am__objects_1 = endpoint_notify.lo \
+@USE_ME_TRUE@ initiate_mediation_job.lo mediation_job.lo \
+@USE_ME_TRUE@ connect_manager.lo mediation_manager.lo ike_me.lo
+am_libcharon_la_OBJECTS = bus.lo file_logger.lo sys_logger.lo \
+ backend_manager.lo child_cfg.lo ike_cfg.lo peer_cfg.lo \
+ proposal.lo auth_cfg.lo controller.lo daemon.lo generator.lo \
+ message.lo parser.lo auth_payload.lo cert_payload.lo \
+ certreq_payload.lo configuration_attribute.lo cp_payload.lo \
+ delete_payload.lo eap_payload.lo encodings.lo \
+ encryption_payload.lo id_payload.lo ike_header.lo \
+ ke_payload.lo nonce_payload.lo notify_payload.lo payload.lo \
+ proposal_substructure.lo sa_payload.lo \
+ traffic_selector_substructure.lo transform_attribute.lo \
+ transform_substructure.lo ts_payload.lo unknown_payload.lo \
+ vendor_id_payload.lo kernel_interface.lo kernel_ipsec.lo \
+ packet.lo receiver.lo sender.lo socket_manager.lo \
+ acquire_job.lo callback_job.lo delete_child_sa_job.lo \
+ delete_ike_sa_job.lo migrate_job.lo process_message_job.lo \
+ rekey_child_sa_job.lo rekey_ike_sa_job.lo retransmit_job.lo \
+ send_dpd_job.lo send_keepalive_job.lo roam_job.lo \
+ update_sa_job.lo inactivity_job.lo scheduler.lo processor.lo \
+ authenticator.lo eap_authenticator.lo eap_method.lo \
+ eap_manager.lo sim_manager.lo psk_authenticator.lo \
+ pubkey_authenticator.lo child_sa.lo ike_sa.lo ike_sa_id.lo \
+ ike_sa_manager.lo task_manager.lo keymat.lo trap_manager.lo \
+ child_create.lo child_delete.lo child_rekey.lo ike_auth.lo \
+ ike_cert_pre.lo ike_cert_post.lo ike_config.lo ike_delete.lo \
+ ike_dpd.lo ike_init.lo ike_natd.lo ike_mobike.lo ike_rekey.lo \
+ ike_reauth.lo ike_auth_lifetime.lo ike_vendor.lo task.lo \
+ credential_manager.lo auth_cfg_wrapper.lo \
+ ocsp_response_wrapper.lo cert_cache.lo $(am__objects_1)
+libcharon_la_OBJECTS = $(am_libcharon_la_OBJECTS)
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libcharon_la_SOURCES)
+DIST_SOURCES = $(am__libcharon_la_SOURCES_DIST)
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = . plugins/load_tester plugins/kernel_pfkey \
+ plugins/kernel_pfroute plugins/kernel_klips \
+ plugins/kernel_netlink plugins/socket_default \
+ plugins/socket_raw plugins/socket_dynamic plugins/farp \
+ plugins/stroke plugins/smp plugins/sql plugins/updown \
+ plugins/eap_identity plugins/eap_sim plugins/eap_sim_file \
+ plugins/eap_simaka_pseudonym plugins/eap_simaka_reauth \
+ plugins/eap_aka plugins/eap_aka_3gpp2 plugins/eap_md5 \
+ plugins/eap_gtc plugins/eap_mschapv2 plugins/eap_radius \
+ plugins/medsrv plugins/medcli plugins/nm plugins/dhcp \
+ plugins/resolve plugins/android plugins/ha plugins/uci \
+ plugins/unit_tester
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+lib_LTLIBRARIES = libcharon.la
+libcharon_la_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \
+ bus/listeners/file_logger.c bus/listeners/file_logger.h \
+ bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
+ config/backend_manager.c config/backend_manager.h \
+ config/backend.h config/child_cfg.c config/child_cfg.h \
+ config/ike_cfg.c config/ike_cfg.h config/peer_cfg.c \
+ config/peer_cfg.h config/proposal.c config/proposal.h \
+ config/auth_cfg.c config/auth_cfg.h control/controller.c \
+ control/controller.h daemon.c daemon.h encoding/generator.c \
+ encoding/generator.h encoding/message.c encoding/message.h \
+ encoding/parser.c encoding/parser.h \
+ encoding/payloads/auth_payload.c \
+ encoding/payloads/auth_payload.h \
+ encoding/payloads/cert_payload.c \
+ encoding/payloads/cert_payload.h \
+ encoding/payloads/certreq_payload.c \
+ encoding/payloads/certreq_payload.h \
+ encoding/payloads/configuration_attribute.c \
+ encoding/payloads/configuration_attribute.h \
+ encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
+ encoding/payloads/delete_payload.c \
+ encoding/payloads/delete_payload.h \
+ encoding/payloads/eap_payload.c \
+ encoding/payloads/eap_payload.h encoding/payloads/encodings.c \
+ encoding/payloads/encodings.h \
+ encoding/payloads/encryption_payload.c \
+ encoding/payloads/encryption_payload.h \
+ encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
+ encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
+ encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
+ encoding/payloads/nonce_payload.c \
+ encoding/payloads/nonce_payload.h \
+ encoding/payloads/notify_payload.c \
+ encoding/payloads/notify_payload.h encoding/payloads/payload.c \
+ encoding/payloads/payload.h \
+ encoding/payloads/proposal_substructure.c \
+ encoding/payloads/proposal_substructure.h \
+ encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
+ encoding/payloads/traffic_selector_substructure.c \
+ encoding/payloads/traffic_selector_substructure.h \
+ encoding/payloads/transform_attribute.c \
+ encoding/payloads/transform_attribute.h \
+ encoding/payloads/transform_substructure.c \
+ encoding/payloads/transform_substructure.h \
+ encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
+ encoding/payloads/unknown_payload.c \
+ encoding/payloads/unknown_payload.h \
+ encoding/payloads/vendor_id_payload.c \
+ encoding/payloads/vendor_id_payload.h \
+ kernel/kernel_interface.c kernel/kernel_interface.h \
+ kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
+ kernel/kernel_net.h network/packet.c network/packet.h \
+ network/receiver.c network/receiver.h network/sender.c \
+ network/sender.h network/socket_manager.c \
+ network/socket_manager.h network/socket.h \
+ processing/jobs/job.h processing/jobs/acquire_job.c \
+ processing/jobs/acquire_job.h processing/jobs/callback_job.c \
+ processing/jobs/callback_job.h \
+ processing/jobs/delete_child_sa_job.c \
+ processing/jobs/delete_child_sa_job.h \
+ processing/jobs/delete_ike_sa_job.c \
+ processing/jobs/delete_ike_sa_job.h \
+ processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
+ processing/jobs/process_message_job.c \
+ processing/jobs/process_message_job.h \
+ processing/jobs/rekey_child_sa_job.c \
+ processing/jobs/rekey_child_sa_job.h \
+ processing/jobs/rekey_ike_sa_job.c \
+ processing/jobs/rekey_ike_sa_job.h \
+ processing/jobs/retransmit_job.c \
+ processing/jobs/retransmit_job.h \
+ processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
+ processing/jobs/send_keepalive_job.c \
+ processing/jobs/send_keepalive_job.h \
+ processing/jobs/roam_job.c processing/jobs/roam_job.h \
+ processing/jobs/update_sa_job.c \
+ processing/jobs/update_sa_job.h \
+ processing/jobs/inactivity_job.c \
+ processing/jobs/inactivity_job.h processing/scheduler.c \
+ processing/scheduler.h processing/processor.c \
+ processing/processor.h sa/authenticators/authenticator.c \
+ sa/authenticators/authenticator.h \
+ sa/authenticators/eap_authenticator.c \
+ sa/authenticators/eap_authenticator.h \
+ sa/authenticators/eap/eap_method.c \
+ sa/authenticators/eap/eap_method.h \
+ sa/authenticators/eap/eap_manager.c \
+ sa/authenticators/eap/eap_manager.h \
+ sa/authenticators/eap/sim_manager.c \
+ sa/authenticators/eap/sim_manager.h \
+ sa/authenticators/psk_authenticator.c \
+ sa/authenticators/psk_authenticator.h \
+ sa/authenticators/pubkey_authenticator.c \
+ sa/authenticators/pubkey_authenticator.h sa/child_sa.c \
+ sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_id.c \
+ sa/ike_sa_id.h sa/ike_sa_manager.c sa/ike_sa_manager.h \
+ sa/task_manager.c sa/task_manager.h sa/keymat.c sa/keymat.h \
+ sa/trap_manager.c sa/trap_manager.h sa/tasks/child_create.c \
+ sa/tasks/child_create.h sa/tasks/child_delete.c \
+ sa/tasks/child_delete.h sa/tasks/child_rekey.c \
+ sa/tasks/child_rekey.h sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
+ sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
+ sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
+ sa/tasks/ike_config.c sa/tasks/ike_config.h \
+ sa/tasks/ike_delete.c sa/tasks/ike_delete.h sa/tasks/ike_dpd.c \
+ sa/tasks/ike_dpd.h sa/tasks/ike_init.c sa/tasks/ike_init.h \
+ sa/tasks/ike_natd.c sa/tasks/ike_natd.h sa/tasks/ike_mobike.c \
+ sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \
+ sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \
+ sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \
+ sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \
+ sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \
+ credentials/credential_manager.c \
+ credentials/credential_manager.h \
+ credentials/sets/auth_cfg_wrapper.c \
+ credentials/sets/auth_cfg_wrapper.h \
+ credentials/sets/ocsp_response_wrapper.c \
+ credentials/sets/ocsp_response_wrapper.h \
+ credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
+ credentials/credential_set.h $(am__append_1)
+INCLUDES = \
+ -I${linux_headers} \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_PIDDIR=\"${piddir}\" \
+ -DPLUGINS=\""${PLUGINS}\""
+libcharon_la_LIBADD = -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) \
+ $(am__append_2) $(am__append_5) $(am__append_8) \
+ $(am__append_11) $(am__append_14) $(am__append_17) \
+ $(am__append_20) $(am__append_23) $(am__append_26) \
+ $(am__append_29) $(am__append_32) $(am__append_35) \
+ $(am__append_38) $(am__append_41) $(am__append_44) \
+ $(am__append_47) $(am__append_50) $(am__append_53) \
+ $(am__append_56) $(am__append_59) $(am__append_62) \
+ $(am__append_63) $(am__append_66) $(am__append_69) \
+ $(am__append_72) $(am__append_75) $(am__append_78) \
+ $(am__append_81) $(am__append_84) $(am__append_87) \
+ $(am__append_90) $(am__append_93) $(am__append_96) \
+ $(am__append_99) $(am__append_102)
+EXTRA_DIST = Android.mk
+@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_3) $(am__append_6) \
+@MONOLITHIC_FALSE@ $(am__append_9) $(am__append_12) \
+@MONOLITHIC_FALSE@ $(am__append_15) $(am__append_18) \
+@MONOLITHIC_FALSE@ $(am__append_21) $(am__append_24) \
+@MONOLITHIC_FALSE@ $(am__append_27) $(am__append_30) \
+@MONOLITHIC_FALSE@ $(am__append_33) $(am__append_36) \
+@MONOLITHIC_FALSE@ $(am__append_39) $(am__append_42) \
+@MONOLITHIC_FALSE@ $(am__append_45) $(am__append_48) \
+@MONOLITHIC_FALSE@ $(am__append_51) $(am__append_54) \
+@MONOLITHIC_FALSE@ $(am__append_57) $(am__append_60) \
+@MONOLITHIC_FALSE@ $(am__append_64) $(am__append_67) \
+@MONOLITHIC_FALSE@ $(am__append_70) $(am__append_73) \
+@MONOLITHIC_FALSE@ $(am__append_76) $(am__append_79) \
+@MONOLITHIC_FALSE@ $(am__append_82) $(am__append_85) \
+@MONOLITHIC_FALSE@ $(am__append_88) $(am__append_91) \
+@MONOLITHIC_FALSE@ $(am__append_94) $(am__append_97) \
+@MONOLITHIC_FALSE@ $(am__append_100)
+
+# build optional plugins
+########################
+@MONOLITHIC_TRUE@SUBDIRS = $(am__append_3) $(am__append_6) \
+@MONOLITHIC_TRUE@ $(am__append_9) $(am__append_12) \
+@MONOLITHIC_TRUE@ $(am__append_15) $(am__append_18) \
+@MONOLITHIC_TRUE@ $(am__append_21) $(am__append_24) \
+@MONOLITHIC_TRUE@ $(am__append_27) $(am__append_30) \
+@MONOLITHIC_TRUE@ $(am__append_33) $(am__append_36) \
+@MONOLITHIC_TRUE@ $(am__append_39) $(am__append_42) \
+@MONOLITHIC_TRUE@ $(am__append_45) $(am__append_48) \
+@MONOLITHIC_TRUE@ $(am__append_51) $(am__append_54) \
+@MONOLITHIC_TRUE@ $(am__append_57) $(am__append_60) \
+@MONOLITHIC_TRUE@ $(am__append_64) $(am__append_67) \
+@MONOLITHIC_TRUE@ $(am__append_70) $(am__append_73) \
+@MONOLITHIC_TRUE@ $(am__append_76) $(am__append_79) \
+@MONOLITHIC_TRUE@ $(am__append_82) $(am__append_85) \
+@MONOLITHIC_TRUE@ $(am__append_88) $(am__append_91) \
+@MONOLITHIC_TRUE@ $(am__append_94) $(am__append_97) \
+@MONOLITHIC_TRUE@ $(am__append_100)
+PLUGINS = ${libstrongswan_plugins} ${libhydra_plugins} $(am__append_4) \
+ $(am__append_7) $(am__append_10) $(am__append_13) \
+ $(am__append_16) $(am__append_19) $(am__append_22) \
+ $(am__append_25) $(am__append_28) $(am__append_31) \
+ $(am__append_34) $(am__append_37) $(am__append_40) \
+ $(am__append_43) $(am__append_46) $(am__append_49) \
+ $(am__append_52) $(am__append_55) $(am__append_58) \
+ $(am__append_61) $(am__append_65) $(am__append_68) \
+ $(am__append_71) $(am__append_74) $(am__append_77) \
+ $(am__append_80) $(am__append_83) $(am__append_86) \
+ $(am__append_89) $(am__append_92) $(am__append_95) \
+ $(am__append_98) $(am__append_101)
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libcharon/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libcharon.la: $(libcharon_la_OBJECTS) $(libcharon_la_DEPENDENCIES)
+ $(LINK) -rpath $(libdir) $(libcharon_la_OBJECTS) $(libcharon_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/acquire_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg_wrapper.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authenticator.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/backend_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bus.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callback_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_cache.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certreq_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_cfg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_create.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_delete.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_rekey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_sa.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/configuration_attribute.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/connect_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/controller.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cp_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/credential_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/daemon.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_child_sa_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_ike_sa_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_authenticator.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_method.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encodings.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encryption_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/endpoint_notify.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/file_logger.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/generator.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth_lifetime.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cert_post.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cert_pre.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cfg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_config.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_delete.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_dpd.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_header.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_init.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_me.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_mobike.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_natd.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_reauth.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_rekey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_id.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_vendor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/inactivity_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initiate_mediation_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ke_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_interface.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_ipsec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keymat.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mediation_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mediation_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/message.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/migrate_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nonce_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/notify_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp_response_wrapper.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parser.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/peer_cfg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/process_message_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal_substructure.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/psk_authenticator.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_authenticator.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/receiver.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_child_sa_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_ike_sa_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/retransmit_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/roam_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sa_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scheduler.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_dpd_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_keepalive_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sender.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sim_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sys_logger.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector_substructure.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_attribute.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_substructure.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trap_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ts_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unknown_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/update_sa_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vendor_id_payload.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+bus.lo: bus/bus.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bus.lo -MD -MP -MF $(DEPDIR)/bus.Tpo -c -o bus.lo `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bus.Tpo $(DEPDIR)/bus.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/bus.c' object='bus.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bus.lo `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c
+
+file_logger.lo: bus/listeners/file_logger.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT file_logger.lo -MD -MP -MF $(DEPDIR)/file_logger.Tpo -c -o file_logger.lo `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/file_logger.Tpo $(DEPDIR)/file_logger.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/file_logger.c' object='file_logger.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o file_logger.lo `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c
+
+sys_logger.lo: bus/listeners/sys_logger.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.lo -MD -MP -MF $(DEPDIR)/sys_logger.Tpo -c -o sys_logger.lo `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sys_logger.Tpo $(DEPDIR)/sys_logger.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/sys_logger.c' object='sys_logger.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.lo `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c
+
+backend_manager.lo: config/backend_manager.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backend_manager.lo -MD -MP -MF $(DEPDIR)/backend_manager.Tpo -c -o backend_manager.lo `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/backend_manager.Tpo $(DEPDIR)/backend_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/backend_manager.c' object='backend_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backend_manager.lo `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c
+
+child_cfg.lo: config/child_cfg.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_cfg.lo -MD -MP -MF $(DEPDIR)/child_cfg.Tpo -c -o child_cfg.lo `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_cfg.Tpo $(DEPDIR)/child_cfg.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/child_cfg.c' object='child_cfg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_cfg.lo `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c
+
+ike_cfg.lo: config/ike_cfg.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cfg.lo -MD -MP -MF $(DEPDIR)/ike_cfg.Tpo -c -o ike_cfg.lo `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cfg.Tpo $(DEPDIR)/ike_cfg.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/ike_cfg.c' object='ike_cfg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cfg.lo `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c
+
+peer_cfg.lo: config/peer_cfg.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_cfg.lo -MD -MP -MF $(DEPDIR)/peer_cfg.Tpo -c -o peer_cfg.lo `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/peer_cfg.Tpo $(DEPDIR)/peer_cfg.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/peer_cfg.c' object='peer_cfg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_cfg.lo `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c
+
+proposal.lo: config/proposal.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal.lo -MD -MP -MF $(DEPDIR)/proposal.Tpo -c -o proposal.lo `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal.Tpo $(DEPDIR)/proposal.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/proposal.c' object='proposal.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal.lo `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c
+
+auth_cfg.lo: config/auth_cfg.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg.lo -MD -MP -MF $(DEPDIR)/auth_cfg.Tpo -c -o auth_cfg.lo `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/auth_cfg.c' object='auth_cfg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg.lo `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c
+
+controller.lo: control/controller.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT controller.lo -MD -MP -MF $(DEPDIR)/controller.Tpo -c -o controller.lo `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/controller.Tpo $(DEPDIR)/controller.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='control/controller.c' object='controller.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o controller.lo `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c
+
+generator.lo: encoding/generator.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.lo -MD -MP -MF $(DEPDIR)/generator.Tpo -c -o generator.lo `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/generator.Tpo $(DEPDIR)/generator.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/generator.c' object='generator.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.lo `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c
+
+message.lo: encoding/message.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.lo -MD -MP -MF $(DEPDIR)/message.Tpo -c -o message.lo `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/message.Tpo $(DEPDIR)/message.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/message.c' object='message.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.lo `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c
+
+parser.lo: encoding/parser.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.lo -MD -MP -MF $(DEPDIR)/parser.Tpo -c -o parser.lo `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/parser.Tpo $(DEPDIR)/parser.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/parser.c' object='parser.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.lo `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c
+
+auth_payload.lo: encoding/payloads/auth_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.lo -MD -MP -MF $(DEPDIR)/auth_payload.Tpo -c -o auth_payload.lo `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_payload.Tpo $(DEPDIR)/auth_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/auth_payload.c' object='auth_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.lo `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c
+
+cert_payload.lo: encoding/payloads/cert_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.lo -MD -MP -MF $(DEPDIR)/cert_payload.Tpo -c -o cert_payload.lo `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_payload.Tpo $(DEPDIR)/cert_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cert_payload.c' object='cert_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.lo `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c
+
+certreq_payload.lo: encoding/payloads/certreq_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.lo -MD -MP -MF $(DEPDIR)/certreq_payload.Tpo -c -o certreq_payload.lo `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/certreq_payload.Tpo $(DEPDIR)/certreq_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/certreq_payload.c' object='certreq_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.lo `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c
+
+configuration_attribute.lo: encoding/payloads/configuration_attribute.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.lo -MD -MP -MF $(DEPDIR)/configuration_attribute.Tpo -c -o configuration_attribute.lo `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/configuration_attribute.Tpo $(DEPDIR)/configuration_attribute.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.lo `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c
+
+cp_payload.lo: encoding/payloads/cp_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.lo -MD -MP -MF $(DEPDIR)/cp_payload.Tpo -c -o cp_payload.lo `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cp_payload.Tpo $(DEPDIR)/cp_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cp_payload.c' object='cp_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.lo `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c
+
+delete_payload.lo: encoding/payloads/delete_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.lo -MD -MP -MF $(DEPDIR)/delete_payload.Tpo -c -o delete_payload.lo `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_payload.Tpo $(DEPDIR)/delete_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/delete_payload.c' object='delete_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.lo `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c
+
+eap_payload.lo: encoding/payloads/eap_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.lo -MD -MP -MF $(DEPDIR)/eap_payload.Tpo -c -o eap_payload.lo `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_payload.Tpo $(DEPDIR)/eap_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/eap_payload.c' object='eap_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.lo `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c
+
+encodings.lo: encoding/payloads/encodings.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.lo -MD -MP -MF $(DEPDIR)/encodings.Tpo -c -o encodings.lo `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encodings.Tpo $(DEPDIR)/encodings.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encodings.c' object='encodings.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.lo `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c
+
+encryption_payload.lo: encoding/payloads/encryption_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.lo -MD -MP -MF $(DEPDIR)/encryption_payload.Tpo -c -o encryption_payload.lo `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encryption_payload.Tpo $(DEPDIR)/encryption_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encryption_payload.c' object='encryption_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.lo `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c
+
+id_payload.lo: encoding/payloads/id_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.lo -MD -MP -MF $(DEPDIR)/id_payload.Tpo -c -o id_payload.lo `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/id_payload.Tpo $(DEPDIR)/id_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/id_payload.c' object='id_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.lo `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c
+
+ike_header.lo: encoding/payloads/ike_header.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.lo -MD -MP -MF $(DEPDIR)/ike_header.Tpo -c -o ike_header.lo `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_header.Tpo $(DEPDIR)/ike_header.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ike_header.c' object='ike_header.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.lo `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c
+
+ke_payload.lo: encoding/payloads/ke_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.lo -MD -MP -MF $(DEPDIR)/ke_payload.Tpo -c -o ke_payload.lo `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ke_payload.Tpo $(DEPDIR)/ke_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ke_payload.c' object='ke_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.lo `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c
+
+nonce_payload.lo: encoding/payloads/nonce_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.lo -MD -MP -MF $(DEPDIR)/nonce_payload.Tpo -c -o nonce_payload.lo `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/nonce_payload.Tpo $(DEPDIR)/nonce_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/nonce_payload.c' object='nonce_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.lo `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c
+
+notify_payload.lo: encoding/payloads/notify_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.lo -MD -MP -MF $(DEPDIR)/notify_payload.Tpo -c -o notify_payload.lo `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/notify_payload.Tpo $(DEPDIR)/notify_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/notify_payload.c' object='notify_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.lo `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c
+
+payload.lo: encoding/payloads/payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.lo -MD -MP -MF $(DEPDIR)/payload.Tpo -c -o payload.lo `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/payload.Tpo $(DEPDIR)/payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/payload.c' object='payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.lo `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c
+
+proposal_substructure.lo: encoding/payloads/proposal_substructure.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.lo -MD -MP -MF $(DEPDIR)/proposal_substructure.Tpo -c -o proposal_substructure.lo `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal_substructure.Tpo $(DEPDIR)/proposal_substructure.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.lo `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c
+
+sa_payload.lo: encoding/payloads/sa_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.lo -MD -MP -MF $(DEPDIR)/sa_payload.Tpo -c -o sa_payload.lo `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sa_payload.Tpo $(DEPDIR)/sa_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/sa_payload.c' object='sa_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.lo `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c
+
+traffic_selector_substructure.lo: encoding/payloads/traffic_selector_substructure.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector_substructure.lo -MD -MP -MF $(DEPDIR)/traffic_selector_substructure.Tpo -c -o traffic_selector_substructure.lo `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/traffic_selector_substructure.Tpo $(DEPDIR)/traffic_selector_substructure.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/traffic_selector_substructure.c' object='traffic_selector_substructure.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector_substructure.lo `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c
+
+transform_attribute.lo: encoding/payloads/transform_attribute.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_attribute.lo -MD -MP -MF $(DEPDIR)/transform_attribute.Tpo -c -o transform_attribute.lo `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_attribute.Tpo $(DEPDIR)/transform_attribute.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_attribute.c' object='transform_attribute.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_attribute.lo `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c
+
+transform_substructure.lo: encoding/payloads/transform_substructure.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_substructure.lo -MD -MP -MF $(DEPDIR)/transform_substructure.Tpo -c -o transform_substructure.lo `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_substructure.Tpo $(DEPDIR)/transform_substructure.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_substructure.c' object='transform_substructure.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_substructure.lo `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c
+
+ts_payload.lo: encoding/payloads/ts_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.lo -MD -MP -MF $(DEPDIR)/ts_payload.Tpo -c -o ts_payload.lo `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ts_payload.Tpo $(DEPDIR)/ts_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ts_payload.c' object='ts_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.lo `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c
+
+unknown_payload.lo: encoding/payloads/unknown_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.lo -MD -MP -MF $(DEPDIR)/unknown_payload.Tpo -c -o unknown_payload.lo `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unknown_payload.Tpo $(DEPDIR)/unknown_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/unknown_payload.c' object='unknown_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.lo `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c
+
+vendor_id_payload.lo: encoding/payloads/vendor_id_payload.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.lo -MD -MP -MF $(DEPDIR)/vendor_id_payload.Tpo -c -o vendor_id_payload.lo `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/vendor_id_payload.Tpo $(DEPDIR)/vendor_id_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.lo `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c
+
+kernel_interface.lo: kernel/kernel_interface.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.lo -MD -MP -MF $(DEPDIR)/kernel_interface.Tpo -c -o kernel_interface.lo `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_interface.Tpo $(DEPDIR)/kernel_interface.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_interface.c' object='kernel_interface.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.lo `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c
+
+kernel_ipsec.lo: kernel/kernel_ipsec.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_ipsec.lo -MD -MP -MF $(DEPDIR)/kernel_ipsec.Tpo -c -o kernel_ipsec.lo `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_ipsec.Tpo $(DEPDIR)/kernel_ipsec.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_ipsec.c' object='kernel_ipsec.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_ipsec.lo `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c
+
+packet.lo: network/packet.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.lo -MD -MP -MF $(DEPDIR)/packet.Tpo -c -o packet.lo `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/packet.Tpo $(DEPDIR)/packet.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/packet.c' object='packet.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.lo `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c
+
+receiver.lo: network/receiver.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.lo -MD -MP -MF $(DEPDIR)/receiver.Tpo -c -o receiver.lo `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/receiver.Tpo $(DEPDIR)/receiver.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/receiver.c' object='receiver.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.lo `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c
+
+sender.lo: network/sender.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.lo -MD -MP -MF $(DEPDIR)/sender.Tpo -c -o sender.lo `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sender.Tpo $(DEPDIR)/sender.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/sender.c' object='sender.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.lo `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c
+
+socket_manager.lo: network/socket_manager.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket_manager.lo -MD -MP -MF $(DEPDIR)/socket_manager.Tpo -c -o socket_manager.lo `test -f 'network/socket_manager.c' || echo '$(srcdir)/'`network/socket_manager.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket_manager.Tpo $(DEPDIR)/socket_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket_manager.c' object='socket_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket_manager.lo `test -f 'network/socket_manager.c' || echo '$(srcdir)/'`network/socket_manager.c
+
+acquire_job.lo: processing/jobs/acquire_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.lo -MD -MP -MF $(DEPDIR)/acquire_job.Tpo -c -o acquire_job.lo `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/acquire_job.Tpo $(DEPDIR)/acquire_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/acquire_job.c' object='acquire_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.lo `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c
+
+callback_job.lo: processing/jobs/callback_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_job.lo -MD -MP -MF $(DEPDIR)/callback_job.Tpo -c -o callback_job.lo `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/callback_job.c' object='callback_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o callback_job.lo `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c
+
+delete_child_sa_job.lo: processing/jobs/delete_child_sa_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.lo -MD -MP -MF $(DEPDIR)/delete_child_sa_job.Tpo -c -o delete_child_sa_job.lo `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_child_sa_job.Tpo $(DEPDIR)/delete_child_sa_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_child_sa_job.c' object='delete_child_sa_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.lo `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c
+
+delete_ike_sa_job.lo: processing/jobs/delete_ike_sa_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.lo -MD -MP -MF $(DEPDIR)/delete_ike_sa_job.Tpo -c -o delete_ike_sa_job.lo `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_ike_sa_job.Tpo $(DEPDIR)/delete_ike_sa_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.lo `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c
+
+migrate_job.lo: processing/jobs/migrate_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT migrate_job.lo -MD -MP -MF $(DEPDIR)/migrate_job.Tpo -c -o migrate_job.lo `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/migrate_job.Tpo $(DEPDIR)/migrate_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/migrate_job.c' object='migrate_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o migrate_job.lo `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c
+
+process_message_job.lo: processing/jobs/process_message_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.lo -MD -MP -MF $(DEPDIR)/process_message_job.Tpo -c -o process_message_job.lo `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/process_message_job.Tpo $(DEPDIR)/process_message_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/process_message_job.c' object='process_message_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.lo `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c
+
+rekey_child_sa_job.lo: processing/jobs/rekey_child_sa_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.lo -MD -MP -MF $(DEPDIR)/rekey_child_sa_job.Tpo -c -o rekey_child_sa_job.lo `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_child_sa_job.Tpo $(DEPDIR)/rekey_child_sa_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.lo `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c
+
+rekey_ike_sa_job.lo: processing/jobs/rekey_ike_sa_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.lo -MD -MP -MF $(DEPDIR)/rekey_ike_sa_job.Tpo -c -o rekey_ike_sa_job.lo `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_ike_sa_job.Tpo $(DEPDIR)/rekey_ike_sa_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.lo `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c
+
+retransmit_job.lo: processing/jobs/retransmit_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.lo -MD -MP -MF $(DEPDIR)/retransmit_job.Tpo -c -o retransmit_job.lo `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/retransmit_job.Tpo $(DEPDIR)/retransmit_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/retransmit_job.c' object='retransmit_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.lo `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c
+
+send_dpd_job.lo: processing/jobs/send_dpd_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.lo -MD -MP -MF $(DEPDIR)/send_dpd_job.Tpo -c -o send_dpd_job.lo `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_dpd_job.Tpo $(DEPDIR)/send_dpd_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_dpd_job.c' object='send_dpd_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.lo `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c
+
+send_keepalive_job.lo: processing/jobs/send_keepalive_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.lo -MD -MP -MF $(DEPDIR)/send_keepalive_job.Tpo -c -o send_keepalive_job.lo `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_keepalive_job.Tpo $(DEPDIR)/send_keepalive_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_keepalive_job.c' object='send_keepalive_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.lo `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c
+
+roam_job.lo: processing/jobs/roam_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT roam_job.lo -MD -MP -MF $(DEPDIR)/roam_job.Tpo -c -o roam_job.lo `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/roam_job.c' object='roam_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o roam_job.lo `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c
+
+update_sa_job.lo: processing/jobs/update_sa_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT update_sa_job.lo -MD -MP -MF $(DEPDIR)/update_sa_job.Tpo -c -o update_sa_job.lo `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/update_sa_job.Tpo $(DEPDIR)/update_sa_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/update_sa_job.c' object='update_sa_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o update_sa_job.lo `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c
+
+inactivity_job.lo: processing/jobs/inactivity_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT inactivity_job.lo -MD -MP -MF $(DEPDIR)/inactivity_job.Tpo -c -o inactivity_job.lo `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/inactivity_job.Tpo $(DEPDIR)/inactivity_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/inactivity_job.c' object='inactivity_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o inactivity_job.lo `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c
+
+scheduler.lo: processing/scheduler.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.lo -MD -MP -MF $(DEPDIR)/scheduler.Tpo -c -o scheduler.lo `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/scheduler.c' object='scheduler.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.lo `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c
+
+processor.lo: processing/processor.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT processor.lo -MD -MP -MF $(DEPDIR)/processor.Tpo -c -o processor.lo `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/processor.c' object='processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o processor.lo `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c
+
+authenticator.lo: sa/authenticators/authenticator.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.lo -MD -MP -MF $(DEPDIR)/authenticator.Tpo -c -o authenticator.lo `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/authenticator.Tpo $(DEPDIR)/authenticator.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/authenticator.c' object='authenticator.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.lo `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c
+
+eap_authenticator.lo: sa/authenticators/eap_authenticator.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.lo -MD -MP -MF $(DEPDIR)/eap_authenticator.Tpo -c -o eap_authenticator.lo `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_authenticator.Tpo $(DEPDIR)/eap_authenticator.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.lo `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c
+
+eap_method.lo: sa/authenticators/eap/eap_method.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.lo -MD -MP -MF $(DEPDIR)/eap_method.Tpo -c -o eap_method.lo `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_method.Tpo $(DEPDIR)/eap_method.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_method.c' object='eap_method.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.lo `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c
+
+eap_manager.lo: sa/authenticators/eap/eap_manager.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_manager.lo -MD -MP -MF $(DEPDIR)/eap_manager.Tpo -c -o eap_manager.lo `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_manager.Tpo $(DEPDIR)/eap_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_manager.c' object='eap_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_manager.lo `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c
+
+sim_manager.lo: sa/authenticators/eap/sim_manager.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sim_manager.lo -MD -MP -MF $(DEPDIR)/sim_manager.Tpo -c -o sim_manager.lo `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sim_manager.Tpo $(DEPDIR)/sim_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/sim_manager.c' object='sim_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sim_manager.lo `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c
+
+psk_authenticator.lo: sa/authenticators/psk_authenticator.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.lo -MD -MP -MF $(DEPDIR)/psk_authenticator.Tpo -c -o psk_authenticator.lo `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/psk_authenticator.Tpo $(DEPDIR)/psk_authenticator.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.lo `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c
+
+pubkey_authenticator.lo: sa/authenticators/pubkey_authenticator.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pubkey_authenticator.lo -MD -MP -MF $(DEPDIR)/pubkey_authenticator.Tpo -c -o pubkey_authenticator.lo `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pubkey_authenticator.Tpo $(DEPDIR)/pubkey_authenticator.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/pubkey_authenticator.c' object='pubkey_authenticator.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pubkey_authenticator.lo `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c
+
+child_sa.lo: sa/child_sa.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.lo -MD -MP -MF $(DEPDIR)/child_sa.Tpo -c -o child_sa.lo `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_sa.Tpo $(DEPDIR)/child_sa.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/child_sa.c' object='child_sa.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.lo `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c
+
+ike_sa.lo: sa/ike_sa.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.lo -MD -MP -MF $(DEPDIR)/ike_sa.Tpo -c -o ike_sa.lo `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa.Tpo $(DEPDIR)/ike_sa.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa.c' object='ike_sa.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.lo `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c
+
+ike_sa_id.lo: sa/ike_sa_id.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.lo -MD -MP -MF $(DEPDIR)/ike_sa_id.Tpo -c -o ike_sa_id.lo `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_id.Tpo $(DEPDIR)/ike_sa_id.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_id.c' object='ike_sa_id.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.lo `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c
+
+ike_sa_manager.lo: sa/ike_sa_manager.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.lo -MD -MP -MF $(DEPDIR)/ike_sa_manager.Tpo -c -o ike_sa_manager.lo `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_manager.Tpo $(DEPDIR)/ike_sa_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_manager.c' object='ike_sa_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.lo `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c
+
+task_manager.lo: sa/task_manager.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.lo -MD -MP -MF $(DEPDIR)/task_manager.Tpo -c -o task_manager.lo `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task_manager.Tpo $(DEPDIR)/task_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/task_manager.c' object='task_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.lo `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c
+
+keymat.lo: sa/keymat.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keymat.lo -MD -MP -MF $(DEPDIR)/keymat.Tpo -c -o keymat.lo `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/keymat.Tpo $(DEPDIR)/keymat.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/keymat.c' object='keymat.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keymat.lo `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c
+
+trap_manager.lo: sa/trap_manager.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT trap_manager.lo -MD -MP -MF $(DEPDIR)/trap_manager.Tpo -c -o trap_manager.lo `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/trap_manager.Tpo $(DEPDIR)/trap_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/trap_manager.c' object='trap_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o trap_manager.lo `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c
+
+child_create.lo: sa/tasks/child_create.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.lo -MD -MP -MF $(DEPDIR)/child_create.Tpo -c -o child_create.lo `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_create.Tpo $(DEPDIR)/child_create.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_create.c' object='child_create.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.lo `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c
+
+child_delete.lo: sa/tasks/child_delete.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.lo -MD -MP -MF $(DEPDIR)/child_delete.Tpo -c -o child_delete.lo `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_delete.Tpo $(DEPDIR)/child_delete.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_delete.c' object='child_delete.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.lo `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c
+
+child_rekey.lo: sa/tasks/child_rekey.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.lo -MD -MP -MF $(DEPDIR)/child_rekey.Tpo -c -o child_rekey.lo `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_rekey.Tpo $(DEPDIR)/child_rekey.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_rekey.c' object='child_rekey.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.lo `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c
+
+ike_auth.lo: sa/tasks/ike_auth.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.lo -MD -MP -MF $(DEPDIR)/ike_auth.Tpo -c -o ike_auth.lo `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth.Tpo $(DEPDIR)/ike_auth.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth.c' object='ike_auth.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.lo `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c
+
+ike_cert_pre.lo: sa/tasks/ike_cert_pre.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_pre.lo -MD -MP -MF $(DEPDIR)/ike_cert_pre.Tpo -c -o ike_cert_pre.lo `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_pre.Tpo $(DEPDIR)/ike_cert_pre.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_pre.c' object='ike_cert_pre.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_pre.lo `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c
+
+ike_cert_post.lo: sa/tasks/ike_cert_post.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_post.lo -MD -MP -MF $(DEPDIR)/ike_cert_post.Tpo -c -o ike_cert_post.lo `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_post.Tpo $(DEPDIR)/ike_cert_post.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_post.c' object='ike_cert_post.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_post.lo `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c
+
+ike_config.lo: sa/tasks/ike_config.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.lo -MD -MP -MF $(DEPDIR)/ike_config.Tpo -c -o ike_config.lo `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_config.Tpo $(DEPDIR)/ike_config.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_config.c' object='ike_config.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.lo `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c
+
+ike_delete.lo: sa/tasks/ike_delete.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.lo -MD -MP -MF $(DEPDIR)/ike_delete.Tpo -c -o ike_delete.lo `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_delete.Tpo $(DEPDIR)/ike_delete.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_delete.c' object='ike_delete.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.lo `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c
+
+ike_dpd.lo: sa/tasks/ike_dpd.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.lo -MD -MP -MF $(DEPDIR)/ike_dpd.Tpo -c -o ike_dpd.lo `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_dpd.Tpo $(DEPDIR)/ike_dpd.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_dpd.c' object='ike_dpd.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.lo `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c
+
+ike_init.lo: sa/tasks/ike_init.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.lo -MD -MP -MF $(DEPDIR)/ike_init.Tpo -c -o ike_init.lo `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_init.Tpo $(DEPDIR)/ike_init.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_init.c' object='ike_init.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.lo `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c
+
+ike_natd.lo: sa/tasks/ike_natd.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.lo -MD -MP -MF $(DEPDIR)/ike_natd.Tpo -c -o ike_natd.lo `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_natd.Tpo $(DEPDIR)/ike_natd.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_natd.c' object='ike_natd.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.lo `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c
+
+ike_mobike.lo: sa/tasks/ike_mobike.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_mobike.lo -MD -MP -MF $(DEPDIR)/ike_mobike.Tpo -c -o ike_mobike.lo `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_mobike.Tpo $(DEPDIR)/ike_mobike.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_mobike.c' object='ike_mobike.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_mobike.lo `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c
+
+ike_rekey.lo: sa/tasks/ike_rekey.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.lo -MD -MP -MF $(DEPDIR)/ike_rekey.Tpo -c -o ike_rekey.lo `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_rekey.Tpo $(DEPDIR)/ike_rekey.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_rekey.c' object='ike_rekey.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.lo `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c
+
+ike_reauth.lo: sa/tasks/ike_reauth.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_reauth.lo -MD -MP -MF $(DEPDIR)/ike_reauth.Tpo -c -o ike_reauth.lo `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_reauth.Tpo $(DEPDIR)/ike_reauth.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_reauth.c' object='ike_reauth.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_reauth.lo `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c
+
+ike_auth_lifetime.lo: sa/tasks/ike_auth_lifetime.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth_lifetime.lo -MD -MP -MF $(DEPDIR)/ike_auth_lifetime.Tpo -c -o ike_auth_lifetime.lo `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth_lifetime.Tpo $(DEPDIR)/ike_auth_lifetime.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth_lifetime.c' object='ike_auth_lifetime.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth_lifetime.lo `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c
+
+ike_vendor.lo: sa/tasks/ike_vendor.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_vendor.lo -MD -MP -MF $(DEPDIR)/ike_vendor.Tpo -c -o ike_vendor.lo `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_vendor.Tpo $(DEPDIR)/ike_vendor.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_vendor.c' object='ike_vendor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_vendor.lo `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c
+
+task.lo: sa/tasks/task.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.lo -MD -MP -MF $(DEPDIR)/task.Tpo -c -o task.lo `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task.Tpo $(DEPDIR)/task.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/task.c' object='task.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.lo `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c
+
+credential_manager.lo: credentials/credential_manager.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_manager.lo -MD -MP -MF $(DEPDIR)/credential_manager.Tpo -c -o credential_manager.lo `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/credential_manager.Tpo $(DEPDIR)/credential_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/credential_manager.c' object='credential_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o credential_manager.lo `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c
+
+auth_cfg_wrapper.lo: credentials/sets/auth_cfg_wrapper.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg_wrapper.lo -MD -MP -MF $(DEPDIR)/auth_cfg_wrapper.Tpo -c -o auth_cfg_wrapper.lo `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg_wrapper.Tpo $(DEPDIR)/auth_cfg_wrapper.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/auth_cfg_wrapper.c' object='auth_cfg_wrapper.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg_wrapper.lo `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c
+
+ocsp_response_wrapper.lo: credentials/sets/ocsp_response_wrapper.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp_response_wrapper.lo -MD -MP -MF $(DEPDIR)/ocsp_response_wrapper.Tpo -c -o ocsp_response_wrapper.lo `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ocsp_response_wrapper.Tpo $(DEPDIR)/ocsp_response_wrapper.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/ocsp_response_wrapper.c' object='ocsp_response_wrapper.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response_wrapper.lo `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c
+
+cert_cache.lo: credentials/sets/cert_cache.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_cache.lo -MD -MP -MF $(DEPDIR)/cert_cache.Tpo -c -o cert_cache.lo `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_cache.Tpo $(DEPDIR)/cert_cache.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/cert_cache.c' object='cert_cache.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_cache.lo `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c
+
+endpoint_notify.lo: encoding/payloads/endpoint_notify.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT endpoint_notify.lo -MD -MP -MF $(DEPDIR)/endpoint_notify.Tpo -c -o endpoint_notify.lo `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/endpoint_notify.Tpo $(DEPDIR)/endpoint_notify.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/endpoint_notify.c' object='endpoint_notify.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o endpoint_notify.lo `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c
+
+initiate_mediation_job.lo: processing/jobs/initiate_mediation_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT initiate_mediation_job.lo -MD -MP -MF $(DEPDIR)/initiate_mediation_job.Tpo -c -o initiate_mediation_job.lo `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/initiate_mediation_job.Tpo $(DEPDIR)/initiate_mediation_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/initiate_mediation_job.c' object='initiate_mediation_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o initiate_mediation_job.lo `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c
+
+mediation_job.lo: processing/jobs/mediation_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_job.lo -MD -MP -MF $(DEPDIR)/mediation_job.Tpo -c -o mediation_job.lo `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_job.Tpo $(DEPDIR)/mediation_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/mediation_job.c' object='mediation_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_job.lo `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c
+
+connect_manager.lo: sa/connect_manager.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT connect_manager.lo -MD -MP -MF $(DEPDIR)/connect_manager.Tpo -c -o connect_manager.lo `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/connect_manager.Tpo $(DEPDIR)/connect_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/connect_manager.c' object='connect_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o connect_manager.lo `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c
+
+mediation_manager.lo: sa/mediation_manager.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_manager.lo -MD -MP -MF $(DEPDIR)/mediation_manager.Tpo -c -o mediation_manager.lo `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_manager.Tpo $(DEPDIR)/mediation_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/mediation_manager.c' object='mediation_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_manager.lo `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c
+
+ike_me.lo: sa/tasks/ike_me.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_me.lo -MD -MP -MF $(DEPDIR)/ike_me.Tpo -c -o ike_me.lo `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_me.Tpo $(DEPDIR)/ike_me.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_me.c' object='ike_me.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_me.lo `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(LTLIBRARIES)
+installdirs: installdirs-recursive
+installdirs-am:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
+ install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags ctags-recursive \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-libLTLIBRARIES install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs installdirs-am \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \
+ uninstall-libLTLIBRARIES
+
+
+daemon.lo : $(top_builddir)/config.status
+
+@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@ # otherwise this library is linked to both the eap_aka and the eap_sim plugin
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/charon/bus/bus.c b/src/libcharon/bus/bus.c
index 524a77682..764744a41 100644
--- a/src/charon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -23,32 +23,6 @@
#include <threading/condvar.h>
#include <threading/mutex.h>
-ENUM(debug_names, DBG_DMN, DBG_LIB,
- "DMN",
- "MGR",
- "IKE",
- "CHD",
- "JOB",
- "CFG",
- "KNL",
- "NET",
- "ENC",
- "LIB",
-);
-
-ENUM(debug_lower_names, DBG_DMN, DBG_LIB,
- "dmn",
- "mgr",
- "ike",
- "chd",
- "job",
- "cfg",
- "knl",
- "net",
- "enc",
- "lib",
-);
-
typedef struct private_bus_t private_bus_t;
/**
diff --git a/src/charon/bus/bus.h b/src/libcharon/bus/bus.h
index af59a14a1..8cf392eae 100644
--- a/src/charon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -15,81 +15,29 @@
/**
* @defgroup bus bus
- * @{ @ingroup charon
+ * @{ @ingroup libcharon
*/
#ifndef BUS_H_
#define BUS_H_
-typedef enum debug_t debug_t;
-typedef enum level_t level_t;
typedef enum alert_t alert_t;
typedef struct bus_t bus_t;
#include <stdarg.h>
+#include <debug.h>
#include <sa/ike_sa.h>
#include <sa/child_sa.h>
#include <processing/jobs/job.h>
#include <bus/listeners/listener.h>
-/**
- * Debug message group.
- */
-enum debug_t {
- /** daemon main loop */
- DBG_DMN,
- /** IKE_SA_MANAGER */
- DBG_MGR,
- /** IKE_SA */
- DBG_IKE,
- /** CHILD_SA */
- DBG_CHD,
- /** job processing */
- DBG_JOB,
- /** configuration backends */
- DBG_CFG,
- /** kernel interface */
- DBG_KNL,
- /** networking/sockets */
- DBG_NET,
- /** message encoding/decoding */
- DBG_ENC,
- /** libstrongswan via logging hook */
- DBG_LIB,
- /** number of groups */
- DBG_MAX,
- /** pseudo group with all groups */
- DBG_ANY = DBG_MAX,
-};
-
-/**
- * short names of debug message group.
- */
-extern enum_name_t *debug_names;
-
-/**
- * short names of debug message group, lower case.
- */
-extern enum_name_t *debug_lower_names;
-
-/**
- * Debug levels used to control output verbosity.
- */
-enum level_t {
- /** absolutely silent */
- LEVEL_SILENT = -1,
- /** most important auditing logs */
- LEVEL_AUDIT = 0,
- /** control flow */
- LEVEL_CTRL = 1,
- /** diagnose problems */
- LEVEL_DIAG = 2,
- /** raw binary blobs */
- LEVEL_RAW = 3,
- /** including sensitive data (private keys) */
- LEVEL_PRIVATE = 4,
-};
+/* undefine the definitions from libstrongswan */
+#undef DBG0
+#undef DBG1
+#undef DBG2
+#undef DBG3
+#undef DBG4
#ifndef DEBUG_LEVEL
# define DEBUG_LEVEL 4
diff --git a/src/charon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c
index 12587deaf..12587deaf 100644
--- a/src/charon/bus/listeners/file_logger.c
+++ b/src/libcharon/bus/listeners/file_logger.c
diff --git a/src/charon/bus/listeners/file_logger.h b/src/libcharon/bus/listeners/file_logger.h
index bd443fdb8..bd443fdb8 100644
--- a/src/charon/bus/listeners/file_logger.h
+++ b/src/libcharon/bus/listeners/file_logger.h
diff --git a/src/charon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index 67e36beeb..9a51a2ef4 100644
--- a/src/charon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -44,7 +44,7 @@ struct listener_t {
* @param ike_sa IKE_SA associated to the event
* @param format printf() style format string
* @param args vprintf() style va_list argument list
- " @return TRUE to stay registered, FALSE to unregister
+ * @return TRUE to stay registered, FALSE to unregister
*/
bool (*log)(listener_t *this, debug_t group, level_t level, int thread,
ike_sa_t *ike_sa, char* format, va_list args);
@@ -55,7 +55,7 @@ struct listener_t {
* @param ike_sa IKE_SA associated to the alert, if any
* @param alert kind of alert
* @param ... alert specific argument list
- " @return TRUE to stay registered, FALSE to unregister
+ * @return TRUE to stay registered, FALSE to unregister
*/
bool (*alert)(listener_t *this, ike_sa_t *ike_sa,
alert_t alert, va_list args);
diff --git a/src/charon/bus/listeners/sys_logger.c b/src/libcharon/bus/listeners/sys_logger.c
index 11421ad05..11421ad05 100644
--- a/src/charon/bus/listeners/sys_logger.c
+++ b/src/libcharon/bus/listeners/sys_logger.c
diff --git a/src/charon/bus/listeners/sys_logger.h b/src/libcharon/bus/listeners/sys_logger.h
index 730890d68..730890d68 100644
--- a/src/charon/bus/listeners/sys_logger.h
+++ b/src/libcharon/bus/listeners/sys_logger.h
diff --git a/src/charon/config/auth_cfg.c b/src/libcharon/config/auth_cfg.c
index 94362c756..94362c756 100644
--- a/src/charon/config/auth_cfg.c
+++ b/src/libcharon/config/auth_cfg.c
diff --git a/src/charon/config/auth_cfg.h b/src/libcharon/config/auth_cfg.h
index 5e6215a4a..5e6215a4a 100644
--- a/src/charon/config/auth_cfg.h
+++ b/src/libcharon/config/auth_cfg.h
diff --git a/src/charon/config/backend.h b/src/libcharon/config/backend.h
index 458abc37f..458abc37f 100644
--- a/src/charon/config/backend.h
+++ b/src/libcharon/config/backend.h
diff --git a/src/charon/config/backend_manager.c b/src/libcharon/config/backend_manager.c
index 90ef58563..90ef58563 100644
--- a/src/charon/config/backend_manager.c
+++ b/src/libcharon/config/backend_manager.c
diff --git a/src/charon/config/backend_manager.h b/src/libcharon/config/backend_manager.h
index 5b394f791..5b394f791 100644
--- a/src/charon/config/backend_manager.h
+++ b/src/libcharon/config/backend_manager.h
diff --git a/src/charon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index 8410b3fe5..8410b3fe5 100644
--- a/src/charon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
diff --git a/src/charon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index c6186ea36..c6186ea36 100644
--- a/src/charon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
diff --git a/src/charon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index 2e748f511..89dcd8022 100644
--- a/src/charon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -49,6 +49,16 @@ struct private_ike_cfg_t {
char *other;
/**
+ * our source port
+ */
+ u_int16_t my_port;
+
+ /**
+ * destination port
+ */
+ u_int16_t other_port;
+
+ /**
* should we send a certificate request?
*/
bool certreq;
@@ -64,71 +74,69 @@ struct private_ike_cfg_t {
linked_list_t *proposals;
};
-/**
- * Implementation of ike_cfg_t.certreq.
- */
-static bool send_certreq(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, send_certreq, bool,
+ private_ike_cfg_t *this)
{
return this->certreq;
}
-/**
- * Implementation of ike_cfg_t.force_encap.
- */
-static bool force_encap_meth(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, force_encap_, bool,
+ private_ike_cfg_t *this)
{
return this->force_encap;
}
-/**
- * Implementation of ike_cfg_t.get_my_addr.
- */
-static char *get_my_addr(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, get_my_addr, char*,
+ private_ike_cfg_t *this)
{
return this->me;
}
-/**
- * Implementation of ike_cfg_t.get_other_addr.
- */
-static char *get_other_addr(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, get_other_addr, char*,
+ private_ike_cfg_t *this)
{
return this->other;
}
-/**
- * Implementation of ike_cfg_t.add_proposal.
- */
-static void add_proposal(private_ike_cfg_t *this, proposal_t *proposal)
+METHOD(ike_cfg_t, get_my_port, u_int16_t,
+ private_ike_cfg_t *this)
+{
+ return this->my_port;
+}
+
+METHOD(ike_cfg_t, get_other_port, u_int16_t,
+ private_ike_cfg_t *this)
+{
+ return this->other_port;
+}
+
+METHOD(ike_cfg_t, add_proposal, void,
+ private_ike_cfg_t *this, proposal_t *proposal)
{
this->proposals->insert_last(this->proposals, proposal);
}
-/**
- * Implementation of ike_cfg_t.get_proposals.
- */
-static linked_list_t* get_proposals(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, get_proposals, linked_list_t*,
+ private_ike_cfg_t *this)
{
- iterator_t *iterator;
+ enumerator_t *enumerator;
proposal_t *current;
- linked_list_t *proposals = linked_list_create();
+ linked_list_t *proposals;
- iterator = this->proposals->create_iterator(this->proposals, TRUE);
- while (iterator->iterate(iterator, (void**)&current))
+ proposals = linked_list_create();
+ enumerator = this->proposals->create_enumerator(this->proposals);
+ while (enumerator->enumerate(enumerator, &current))
{
current = current->clone(current);
- proposals->insert_last(proposals, (void*)current);
+ proposals->insert_last(proposals, current);
}
- iterator->destroy(iterator);
+ enumerator->destroy(enumerator);
return proposals;
}
-/**
- * Implementation of ike_cfg_t.select_proposal.
- */
-static proposal_t *select_proposal(private_ike_cfg_t *this,
- linked_list_t *proposals, bool private)
+METHOD(ike_cfg_t, select_proposal, proposal_t*,
+ private_ike_cfg_t *this, linked_list_t *proposals, bool private)
{
iterator_t *stored_iter, *supplied_iter;
proposal_t *stored, *supplied, *selected;
@@ -166,10 +174,8 @@ static proposal_t *select_proposal(private_ike_cfg_t *this,
return NULL;
}
-/**
- * Implementation of ike_cfg_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t,
+ private_ike_cfg_t *this)
{
enumerator_t *enumerator;
proposal_t *proposal;
@@ -187,11 +193,10 @@ static diffie_hellman_group_t get_dh_group(private_ike_cfg_t *this)
return dh_group;
}
-/**
- * Implementation of ike_cfg_t.equals.
- */
-static bool equals(private_ike_cfg_t *this, private_ike_cfg_t *other)
+METHOD(ike_cfg_t, equals, bool,
+ private_ike_cfg_t *this, ike_cfg_t *other_public)
{
+ private_ike_cfg_t *other = (private_ike_cfg_t*)other_public;
enumerator_t *e1, *e2;
proposal_t *p1, *p2;
bool eq = TRUE;
@@ -226,22 +231,20 @@ static bool equals(private_ike_cfg_t *this, private_ike_cfg_t *other)
this->certreq == other->certreq &&
this->force_encap == other->force_encap &&
streq(this->me, other->me) &&
- streq(this->other, other->other));
+ streq(this->other, other->other) &&
+ this->my_port == other->my_port &&
+ this->other_port == other->other_port);
}
-/**
- * Implementation of ike_cfg_t.get_ref.
- */
-static ike_cfg_t* get_ref(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, get_ref, ike_cfg_t*,
+ private_ike_cfg_t *this)
{
ref_get(&this->refcount);
return &this->public;
}
-/**
- * Implementation of ike_cfg_t.destroy.
- */
-static void destroy(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, destroy, void,
+ private_ike_cfg_t *this)
{
if (ref_put(&this->refcount))
{
@@ -257,30 +260,35 @@ static void destroy(private_ike_cfg_t *this)
* Described in header.
*/
ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
- char *me, char *other)
+ char *me, u_int16_t my_port, char *other, u_int16_t other_port)
{
- private_ike_cfg_t *this = malloc_thing(private_ike_cfg_t);
-
- /* public functions */
- this->public.send_certreq = (bool(*)(ike_cfg_t*))send_certreq;
- this->public.force_encap = (bool (*) (ike_cfg_t *))force_encap_meth;
- this->public.get_my_addr = (char*(*)(ike_cfg_t*))get_my_addr;
- this->public.get_other_addr = (char*(*)(ike_cfg_t*))get_other_addr;
- this->public.add_proposal = (void(*)(ike_cfg_t*, proposal_t*)) add_proposal;
- this->public.get_proposals = (linked_list_t*(*)(ike_cfg_t*))get_proposals;
- this->public.select_proposal = (proposal_t*(*)(ike_cfg_t*,linked_list_t*,bool))select_proposal;
- this->public.get_dh_group = (diffie_hellman_group_t(*)(ike_cfg_t*)) get_dh_group;
- this->public.equals = (bool(*)(ike_cfg_t*,ike_cfg_t*)) equals;
- this->public.get_ref = (ike_cfg_t*(*)(ike_cfg_t*))get_ref;
- this->public.destroy = (void(*)(ike_cfg_t*))destroy;
-
- /* private variables */
- this->refcount = 1;
- this->certreq = certreq;
- this->force_encap = force_encap;
- this->me = strdup(me);
- this->other = strdup(other);
- this->proposals = linked_list_create();
+ private_ike_cfg_t *this;
+
+ INIT(this,
+ .public = {
+ .send_certreq = _send_certreq,
+ .force_encap = _force_encap_,
+ .get_my_addr = _get_my_addr,
+ .get_other_addr = _get_other_addr,
+ .get_my_port = _get_my_port,
+ .get_other_port = _get_other_port,
+ .add_proposal = _add_proposal,
+ .get_proposals = _get_proposals,
+ .select_proposal = _select_proposal,
+ .get_dh_group = _get_dh_group,
+ .equals = _equals,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .refcount = 1,
+ .certreq = certreq,
+ .force_encap = force_encap,
+ .me = strdup(me),
+ .other = strdup(other),
+ .my_port = my_port,
+ .other_port = other_port,
+ .proposals = linked_list_create(),
+ );
return &this->public;
}
diff --git a/src/charon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h
index eaac321b9..f1edde255 100644
--- a/src/charon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@@ -53,6 +53,20 @@ struct ike_cfg_t {
char* (*get_other_addr) (ike_cfg_t *this);
/**
+ * Get the port to use as our source port.
+ *
+ * @return source address port, host order
+ */
+ u_int16_t (*get_my_port)(ike_cfg_t *this);
+
+ /**
+ * Get the port to use as destination port.
+ *
+ * @return destination address, host order
+ */
+ u_int16_t (*get_other_port)(ike_cfg_t *this);
+
+ /**
* Adds a proposal to the list.
*
* The first added proposal has the highest priority, the last
@@ -136,10 +150,12 @@ struct ike_cfg_t {
* @param certreq TRUE to send a certificate request
* @param force_encap enforce UDP encapsulation by faking NATD notify
* @param me address/DNS name of local peer
+ * @param my_port IKE port to use as source, 500 uses IKEv2 port floating
* @param other address/DNS name of remote peer
+ * @param other_port IKE port to use as dest, 500 uses IKEv2 port floating
* @return ike_cfg_t object.
*/
ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
- char *me, char *other);
+ char *me, u_int16_t my_port, char *other, u_int16_t other_port);
#endif /** IKE_CFG_H_ @}*/
diff --git a/src/charon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c
index 9df14c9ae..9df14c9ae 100644
--- a/src/charon/config/peer_cfg.c
+++ b/src/libcharon/config/peer_cfg.c
diff --git a/src/charon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h
index 6855276f8..6855276f8 100644
--- a/src/charon/config/peer_cfg.h
+++ b/src/libcharon/config/peer_cfg.h
diff --git a/src/charon/config/proposal.c b/src/libcharon/config/proposal.c
index 6b3500b6e..e86393028 100644
--- a/src/charon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -269,6 +269,7 @@ static bool is_authenticated_encryption(u_int16_t alg)
case ENCR_CAMELLIA_CCM_ICV8:
case ENCR_CAMELLIA_CCM_ICV12:
case ENCR_CAMELLIA_CCM_ICV16:
+ case ENCR_NULL_AUTH_AES_GMAC:
return TRUE;
}
return FALSE;
@@ -857,6 +858,9 @@ static void proposal_add_supported_ike(private_proposal_t *this)
case ECP_256_BIT:
case ECP_384_BIT:
case ECP_521_BIT:
+ case MODP_1024_160:
+ case MODP_2048_224:
+ case MODP_2048_256:
case ECP_192_BIT:
case ECP_224_BIT:
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
diff --git a/src/charon/config/proposal.h b/src/libcharon/config/proposal.h
index 30f63b80d..30f63b80d 100644
--- a/src/charon/config/proposal.h
+++ b/src/libcharon/config/proposal.h
diff --git a/src/charon/control/controller.c b/src/libcharon/control/controller.c
index 94c64028c..94c64028c 100644
--- a/src/charon/control/controller.c
+++ b/src/libcharon/control/controller.c
diff --git a/src/charon/control/controller.h b/src/libcharon/control/controller.h
index 31b69c78c..31b69c78c 100644
--- a/src/charon/control/controller.h
+++ b/src/libcharon/control/controller.h
diff --git a/src/charon/credentials/credential_manager.c b/src/libcharon/credentials/credential_manager.c
index adea0b4be..adea0b4be 100644
--- a/src/charon/credentials/credential_manager.c
+++ b/src/libcharon/credentials/credential_manager.c
diff --git a/src/charon/credentials/credential_manager.h b/src/libcharon/credentials/credential_manager.h
index 0448da992..0448da992 100644
--- a/src/charon/credentials/credential_manager.h
+++ b/src/libcharon/credentials/credential_manager.h
diff --git a/src/charon/credentials/credential_set.h b/src/libcharon/credentials/credential_set.h
index 274eb3feb..274eb3feb 100644
--- a/src/charon/credentials/credential_set.h
+++ b/src/libcharon/credentials/credential_set.h
diff --git a/src/charon/credentials/sets/auth_cfg_wrapper.c b/src/libcharon/credentials/sets/auth_cfg_wrapper.c
index 82e33d283..82e33d283 100644
--- a/src/charon/credentials/sets/auth_cfg_wrapper.c
+++ b/src/libcharon/credentials/sets/auth_cfg_wrapper.c
diff --git a/src/charon/credentials/sets/auth_cfg_wrapper.h b/src/libcharon/credentials/sets/auth_cfg_wrapper.h
index 7653fcdbf..7653fcdbf 100644
--- a/src/charon/credentials/sets/auth_cfg_wrapper.h
+++ b/src/libcharon/credentials/sets/auth_cfg_wrapper.h
diff --git a/src/charon/credentials/sets/cert_cache.c b/src/libcharon/credentials/sets/cert_cache.c
index 176accce2..176accce2 100644
--- a/src/charon/credentials/sets/cert_cache.c
+++ b/src/libcharon/credentials/sets/cert_cache.c
diff --git a/src/charon/credentials/sets/cert_cache.h b/src/libcharon/credentials/sets/cert_cache.h
index d2721866e..d2721866e 100644
--- a/src/charon/credentials/sets/cert_cache.h
+++ b/src/libcharon/credentials/sets/cert_cache.h
diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.c b/src/libcharon/credentials/sets/ocsp_response_wrapper.c
index 82079209a..82079209a 100644
--- a/src/charon/credentials/sets/ocsp_response_wrapper.c
+++ b/src/libcharon/credentials/sets/ocsp_response_wrapper.c
diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.h b/src/libcharon/credentials/sets/ocsp_response_wrapper.h
index dc4b451df..dc4b451df 100644
--- a/src/charon/credentials/sets/ocsp_response_wrapper.h
+++ b/src/libcharon/credentials/sets/ocsp_response_wrapper.h
diff --git a/src/charon/daemon.c b/src/libcharon/daemon.c
index e71225fd1..11c94beb9 100644
--- a/src/charon/daemon.c
+++ b/src/libcharon/daemon.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2009 Tobias Brunner
+ * Copyright (C) 2006-2010 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
@@ -17,22 +17,10 @@
*/
#include <stdio.h>
-#ifdef HAVE_PRCTL
-#include <sys/prctl.h>
-#endif
-#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */
-#include <signal.h>
-#undef _POSIX_PTHREAD_SEMANTICS
-#include <pthread.h>
-#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <time.h>
-#include <string.h>
-#include <getopt.h>
#include <errno.h>
-#include <pwd.h>
-#include <grp.h>
#ifdef CAPABILITIES
#include <sys/capability.h>
#endif /* CAPABILITIES */
@@ -40,8 +28,6 @@
#include "daemon.h"
#include <library.h>
-#include <utils/backtrace.h>
-#include <threading/thread.h>
#include <selectors/traffic_selector.h>
#include <config/proposal.h>
@@ -60,16 +46,6 @@ struct private_daemon_t {
*/
daemon_t public;
- /**
- * Signal set used for signal handling.
- */
- sigset_t signal_set;
-
- /**
- * Reference to main thread.
- */
- thread_t *main_thread;
-
#ifdef CAPABILITIES
/**
* capabilities to keep
@@ -86,88 +62,23 @@ daemon_t *charon;
/**
* hook in library for debugging messages
*/
-extern void (*dbg) (int level, char *fmt, ...);
+extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
/**
- * Logging hook for library logs, spreads debug message over bus
+ * we store the previous debug function so we can reset it
*/
-static void dbg_bus(int level, char *fmt, ...)
-{
- va_list args;
-
- va_start(args, fmt);
- charon->bus->vlog(charon->bus, DBG_LIB, level, fmt, args);
- va_end(args);
-}
+static void (*dbg_old) (debug_t group, level_t level, char *fmt, ...);
/**
- * Logging hook for library logs, using stderr output
+ * Logging hook for library logs, spreads debug message over bus
*/
-static void dbg_stderr(int level, char *fmt, ...)
+static void dbg_bus(debug_t group, level_t level, char *fmt, ...)
{
va_list args;
- if (level <= 1)
- {
- va_start(args, fmt);
- fprintf(stderr, "00[LIB] ");
- vfprintf(stderr, fmt, args);
- fprintf(stderr, "\n");
- va_end(args);
- }
-}
-
-/**
- * Run the daemon and handle unix signals
- */
-static void run(private_daemon_t *this)
-{
- sigset_t set;
-
- /* handle SIGINT, SIGHUP ans SIGTERM in this handler */
- sigemptyset(&set);
- sigaddset(&set, SIGINT);
- sigaddset(&set, SIGHUP);
- sigaddset(&set, SIGTERM);
- sigprocmask(SIG_BLOCK, &set, NULL);
-
- while (TRUE)
- {
- int sig;
- int error;
-
- error = sigwait(&set, &sig);
- if (error)
- {
- DBG1(DBG_DMN, "error %d while waiting for a signal", error);
- return;
- }
- switch (sig)
- {
- case SIGHUP:
- {
- DBG1(DBG_DMN, "signal of type SIGHUP received. Ignored");
- break;
- }
- case SIGINT:
- {
- DBG1(DBG_DMN, "signal of type SIGINT received. Shutting down");
- charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
- return;
- }
- case SIGTERM:
- {
- DBG1(DBG_DMN, "signal of type SIGTERM received. Shutting down");
- charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
- return;
- }
- default:
- {
- DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
- break;
- }
- }
- }
+ va_start(args, fmt);
+ charon->bus->vlog(charon->bus, group, level, fmt, args);
+ va_end(args);
}
/**
@@ -185,6 +96,7 @@ static void destroy(private_daemon_t *this)
{
this->public.ike_sa_manager->flush(this->public.ike_sa_manager);
}
+ DESTROY_IF(this->public.receiver);
/* unload plugins to release threads */
lib->plugins->unload(lib->plugins);
#ifdef CAPABILITIES
@@ -204,13 +116,12 @@ static void destroy(private_daemon_t *this)
DESTROY_IF(this->public.backends);
DESTROY_IF(this->public.credentials);
DESTROY_IF(this->public.sender);
- DESTROY_IF(this->public.receiver);
DESTROY_IF(this->public.socket);
/* wait until all threads are gone */
DESTROY_IF(this->public.processor);
/* rehook library logging, shutdown logging */
- dbg = dbg_stderr;
+ dbg = dbg_old;
DESTROY_IF(this->public.bus);
this->public.file_loggers->destroy_offset(this->public.file_loggers,
offsetof(file_logger_t, destroy));
@@ -219,65 +130,8 @@ static void destroy(private_daemon_t *this)
free(this);
}
-/**
- * Enforce daemon shutdown, with a given reason to do so.
- */
-static void kill_daemon(private_daemon_t *this, char *reason)
-{
- /* we send SIGTERM, so the daemon can cleanly shut down */
- if (this->public.bus)
- {
- DBG1(DBG_DMN, "killing daemon: %s", reason);
- }
- else
- {
- fprintf(stderr, "killing daemon: %s\n", reason);
- }
- if (this->main_thread == thread_current())
- {
- /* initialization failed, terminate daemon */
- unlink(PID_FILE);
- exit(-1);
- }
- else
- {
- DBG1(DBG_DMN, "sending SIGTERM to ourself");
- this->main_thread->kill(this->main_thread, SIGTERM);
- /* thread must die, since he produced a ciritcal failure and can't continue */
- thread_exit(NULL);
- }
-}
-
-/**
- * drop daemon capabilities
- */
-static void drop_capabilities(private_daemon_t *this)
-{
-#ifdef HAVE_PRCTL
- prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
-#endif
-
- if (setgid(charon->gid) != 0)
- {
- kill_daemon(this, "change to unprivileged group failed");
- }
- if (setuid(charon->uid) != 0)
- {
- kill_daemon(this, "change to unprivileged user failed");
- }
-
-#ifdef CAPABILITIES
- if (cap_set_proc(this->caps) != 0)
- {
- kill_daemon(this, "unable to drop daemon capabilities");
- }
-#endif /* CAPABILITIES */
-}
-
-/**
- * Implementation of daemon_t.keep_cap
- */
-static void keep_cap(private_daemon_t *this, u_int cap)
+METHOD(daemon_t, keep_cap, void,
+ private_daemon_t *this, u_int cap)
{
#ifdef CAPABILITIES
cap_set_flag(this->caps, CAP_EFFECTIVE, 1, &cap, CAP_SET);
@@ -286,37 +140,25 @@ static void keep_cap(private_daemon_t *this, u_int cap)
#endif /* CAPABILITIES */
}
-/**
- * lookup UID and GID
- */
-static void lookup_uid_gid(private_daemon_t *this)
+METHOD(daemon_t, drop_capabilities, bool,
+ private_daemon_t *this)
{
-#ifdef IPSEC_USER
+#ifdef CAPABILITIES
+ if (cap_set_proc(this->caps) != 0)
{
- char buf[1024];
- struct passwd passwd, *pwp;
-
- if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
- pwp == NULL)
- {
- kill_daemon(this, "resolving user '"IPSEC_USER"' failed");
- }
- charon->uid = pwp->pw_uid;
+ return FALSE;
}
-#endif
-#ifdef IPSEC_GROUP
- {
- char buf[1024];
- struct group group, *grp;
+#endif /* CAPABILITIES */
+ return TRUE;
+}
- if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
- grp == NULL)
- {
- kill_daemon(this, "resolving group '"IPSEC_GROUP"' failed");
- }
- charon->gid = grp->gr_gid;
- }
-#endif
+METHOD(daemon_t, start, void,
+ private_daemon_t *this)
+{
+ /* start the engine, go multithreaded */
+ charon->processor->set_threads(charon->processor,
+ lib->settings->get_int(lib->settings, "charon.threads",
+ DEFAULT_THREADS));
}
/**
@@ -461,10 +303,8 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr,
}
}
-/**
- * Initialize the daemon
- */
-static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
+METHOD(daemon_t, initialize, bool,
+ private_daemon_t *this, bool syslog, level_t levels[])
{
/* for uncritical pseudo random numbers */
srandom(time(NULL) + getpid());
@@ -472,6 +312,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
/* setup bus and it's listeners first to enable log output */
this->public.bus = bus_create();
/* set up hook to log dbg message in library via charons message bus */
+ dbg_old = dbg;
dbg = dbg_bus;
initialize_loggers(this, !syslog, levels);
@@ -482,6 +323,8 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
{
DBG1(DBG_DMN, "integrity tests enabled:");
DBG1(DBG_DMN, "lib 'libstrongswan': passed file and segment integrity tests");
+ DBG1(DBG_DMN, "lib 'libhydra': passed file and segment integrity tests");
+ DBG1(DBG_DMN, "lib 'libcharon': passed file and segment integrity tests");
DBG1(DBG_DMN, "daemon 'charon': passed file integrity test");
}
@@ -494,7 +337,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
this->public.sim = sim_manager_create();
this->public.backends = backend_manager_create();
this->public.kernel_interface = kernel_interface_create();
- this->public.socket = socket_create();
+ this->public.socket = socket_manager_create();
this->public.traps = trap_manager_create();
/* load plugins, further infrastructure may need it */
@@ -531,58 +374,23 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
}
/**
- * Handle SIGSEGV/SIGILL signals raised by threads
- */
-static void segv_handler(int signal)
-{
- backtrace_t *backtrace;
-
- DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal);
- backtrace = backtrace_create(2);
- backtrace->log(backtrace, stderr);
- backtrace->destroy(backtrace);
-
- DBG1(DBG_DMN, "killing ourself, received critical signal");
- abort();
-}
-
-/**
* Create the daemon.
*/
-private_daemon_t *daemon_create(void)
+private_daemon_t *daemon_create()
{
- struct sigaction action;
- private_daemon_t *this = malloc_thing(private_daemon_t);
-
- /* assign methods */
- this->public.kill = (void (*) (daemon_t*,char*))kill_daemon;
- this->public.keep_cap = (void(*)(daemon_t*, u_int cap))keep_cap;
-
- /* NULL members for clean destruction */
- this->public.socket = NULL;
- this->public.ike_sa_manager = NULL;
- this->public.traps = NULL;
- this->public.credentials = NULL;
- this->public.backends = NULL;
- this->public.sender= NULL;
- this->public.receiver = NULL;
- this->public.scheduler = NULL;
- this->public.kernel_interface = NULL;
- this->public.processor = NULL;
- this->public.controller = NULL;
- this->public.eap = NULL;
- this->public.sim = NULL;
- this->public.bus = NULL;
- this->public.file_loggers = linked_list_create();
- this->public.sys_loggers = linked_list_create();
-#ifdef ME
- this->public.connect_manager = NULL;
- this->public.mediation_manager = NULL;
-#endif /* ME */
- this->public.uid = 0;
- this->public.gid = 0;
+ private_daemon_t *this;
+
+ INIT(this,
+ .public = {
+ .keep_cap = _keep_cap,
+ .drop_capabilities = _drop_capabilities,
+ .initialize = _initialize,
+ .start = _start,
+ .file_loggers = linked_list_create(),
+ .sys_loggers = linked_list_create(),
+ },
+ );
- this->main_thread = thread_current();
#ifdef CAPABILITIES
this->caps = cap_init();
keep_cap(this, CAP_NET_ADMIN);
@@ -592,116 +400,28 @@ private_daemon_t *daemon_create(void)
}
#endif /* CAPABILITIES */
- /* add handler for SEGV and ILL,
- * INT, TERM and HUP are handled by sigwait() in run() */
- action.sa_handler = segv_handler;
- action.sa_flags = 0;
- sigemptyset(&action.sa_mask);
- sigaddset(&action.sa_mask, SIGINT);
- sigaddset(&action.sa_mask, SIGTERM);
- sigaddset(&action.sa_mask, SIGHUP);
- sigaction(SIGSEGV, &action, NULL);
- sigaction(SIGILL, &action, NULL);
- sigaction(SIGBUS, &action, NULL);
- action.sa_handler = SIG_IGN;
- sigaction(SIGPIPE, &action, NULL);
-
- pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
-
return this;
}
/**
- * Check/create PID file, return TRUE if already running
+ * Described in header.
*/
-static bool check_pidfile()
+void libcharon_deinit()
{
- struct stat stb;
- FILE *file;
-
- if (stat(PID_FILE, &stb) == 0)
- {
- file = fopen(PID_FILE, "r");
- if (file)
- {
- char buf[64];
- pid_t pid = 0;
-
- memset(buf, 0, sizeof(buf));
- if (fread(buf, 1, sizeof(buf), file))
- {
- pid = atoi(buf);
- }
- fclose(file);
- if (pid && kill(pid, 0) == 0)
- { /* such a process is running */
- return TRUE;
- }
- }
- DBG1(DBG_DMN, "removing pidfile '"PID_FILE"', process not running");
- unlink(PID_FILE);
- }
- /* create new pidfile */
- file = fopen(PID_FILE, "w");
- if (file)
- {
- fprintf(file, "%d\n", getpid());
- ignore_result(fchown(fileno(file), charon->uid, charon->gid));
- fclose(file);
- }
- return FALSE;
+ destroy((private_daemon_t*)charon);
+ charon = NULL;
}
/**
- * print command line usage and exit
+ * Described in header.
*/
-static void usage(const char *msg)
+bool libcharon_init()
{
- if (msg != NULL && *msg != '\0')
- {
- fprintf(stderr, "%s\n", msg);
- }
- fprintf(stderr, "Usage: charon\n"
- " [--help]\n"
- " [--version]\n"
- " [--use-syslog]\n"
- " [--debug-<type> <level>]\n"
- " <type>: log context type (dmn|mgr|ike|chd|job|cfg|knl|net|enc|lib)\n"
- " <level>: log verbosity (-1 = silent, 0 = audit, 1 = control,\n"
- " 2 = controlmore, 3 = raw, 4 = private)\n"
- "\n"
- );
- exit(msg == NULL? 0 : 1);
-}
-
-/**
- * Main function, manages the daemon.
- */
-int main(int argc, char *argv[])
-{
- bool use_syslog = FALSE;
- private_daemon_t *private_charon;
- level_t levels[DBG_MAX];
- int group;
-
- /* logging for library during initialization, as we have no bus yet */
- dbg = dbg_stderr;
-
- /* initialize library */
- if (!library_init(NULL))
- {
- library_deinit();
- exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
- }
+ private_daemon_t *this;
- if (lib->integrity &&
- !lib->integrity->check_file(lib->integrity, "charon", argv[0]))
- {
- dbg_stderr(1, "integrity check of charon failed");
- library_deinit();
- exit(SS_RC_DAEMON_INTEGRITY);
- }
+ this = daemon_create();
+ charon = &this->public;
lib->printf_hook->add_handler(lib->printf_hook, 'R',
traffic_selector_printf_hook,
@@ -711,97 +431,13 @@ int main(int argc, char *argv[])
proposal_printf_hook,
PRINTF_HOOK_ARGTYPE_POINTER,
PRINTF_HOOK_ARGTYPE_END);
- private_charon = daemon_create();
- charon = (daemon_t*)private_charon;
-
- lookup_uid_gid(private_charon);
-
- /* use CTRL loglevel for default */
- for (group = 0; group < DBG_MAX; group++)
- {
- levels[group] = LEVEL_CTRL;
- }
-
- /* handle arguments */
- for (;;)
- {
- struct option long_opts[] = {
- { "help", no_argument, NULL, 'h' },
- { "version", no_argument, NULL, 'v' },
- { "use-syslog", no_argument, NULL, 'l' },
- /* TODO: handle "debug-all" */
- { "debug-dmn", required_argument, &group, DBG_DMN },
- { "debug-mgr", required_argument, &group, DBG_MGR },
- { "debug-ike", required_argument, &group, DBG_IKE },
- { "debug-chd", required_argument, &group, DBG_CHD },
- { "debug-job", required_argument, &group, DBG_JOB },
- { "debug-cfg", required_argument, &group, DBG_CFG },
- { "debug-knl", required_argument, &group, DBG_KNL },
- { "debug-net", required_argument, &group, DBG_NET },
- { "debug-enc", required_argument, &group, DBG_ENC },
- { "debug-lib", required_argument, &group, DBG_LIB },
- { 0,0,0,0 }
- };
-
- int c = getopt_long(argc, argv, "", long_opts, NULL);
- switch (c)
- {
- case EOF:
- break;
- case 'h':
- usage(NULL);
- break;
- case 'v':
- printf("Linux strongSwan %s\n", VERSION);
- exit(0);
- case 'l':
- use_syslog = TRUE;
- continue;
- case 0:
- /* option is in group */
- levels[group] = atoi(optarg);
- continue;
- default:
- usage("");
- break;
- }
- break;
- }
-
- /* initialize daemon */
- if (!initialize(private_charon, use_syslog, levels))
- {
- DBG1(DBG_DMN, "initialization failed - aborting charon");
- destroy(private_charon);
- library_deinit();
- exit(SS_RC_INITIALIZATION_FAILED);
- }
- if (check_pidfile())
+ if (lib->integrity &&
+ !lib->integrity->check(lib->integrity, "libcharon", libcharon_init))
{
- DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)");
- destroy(private_charon);
- library_deinit();
- exit(-1);
+ dbg(DBG_DMN, 1, "integrity check of libcharon failed");
+ return FALSE;
}
- /* drop the capabilities we won't need */
- drop_capabilities(private_charon);
-
- /* start the engine, go multithreaded */
- charon->processor->set_threads(charon->processor,
- lib->settings->get_int(lib->settings, "charon.threads",
- DEFAULT_THREADS));
-
- /* run daemon */
- run(private_charon);
-
- /* normal termination, cleanup and exit */
- destroy(private_charon);
- unlink(PID_FILE);
-
- library_deinit();
-
- return 0;
+ return TRUE;
}
-
diff --git a/src/charon/daemon.h b/src/libcharon/daemon.h
index cb5946d5d..9b6d97060 100644
--- a/src/charon/daemon.h
+++ b/src/libcharon/daemon.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2007 Tobias Brunner
+ * Copyright (C) 2006-2010 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
@@ -17,52 +17,49 @@
*/
/**
- * @defgroup charon charon
+ * @defgroup libcharon libcharon
*
* @defgroup bus bus
- * @ingroup charon
+ * @ingroup libcharon
*
* @defgroup listeners listeners
* @ingroup bus
*
* @defgroup config config
- * @ingroup charon
- *
- * @defgroup attributes attributes
- * @ingroup config
+ * @ingroup libcharon
*
* @defgroup control control
- * @ingroup charon
+ * @ingroup libcharon
*
* @defgroup ccredentials credentials
- * @ingroup charon
+ * @ingroup libcharon
*
* @defgroup sets sets
* @ingroup ccredentials
*
* @defgroup encoding encoding
- * @ingroup charon
+ * @ingroup libcharon
*
* @defgroup payloads payloads
* @ingroup encoding
*
* @defgroup kernel kernel
- * @ingroup charon
+ * @ingroup libcharon
*
* @defgroup network network
- * @ingroup charon
+ * @ingroup libcharon
*
* @defgroup cplugins plugins
- * @ingroup charon
+ * @ingroup libcharon
*
* @defgroup processing processing
- * @ingroup charon
+ * @ingroup libcharon
*
* @defgroup jobs jobs
* @ingroup processing
*
* @defgroup sa sa
- * @ingroup charon
+ * @ingroup libcharon
*
* @defgroup authenticators authenticators
* @ingroup sa
@@ -73,7 +70,7 @@
* @defgroup tasks tasks
* @ingroup sa
*
- * @addtogroup charon
+ * @addtogroup libcharon
* @{
*
* IKEv2 keying daemon.
@@ -148,7 +145,7 @@ typedef struct daemon_t daemon_t;
#include <network/sender.h>
#include <network/receiver.h>
-#include <network/socket.h>
+#include <network/socket_manager.h>
#include <processing/scheduler.h>
#include <processing/processor.h>
#include <kernel/kernel_interface.h>
@@ -169,11 +166,6 @@ typedef struct daemon_t daemon_t;
#endif /* ME */
/**
- * Name of the daemon.
- */
-#define DAEMON_NAME "charon"
-
-/**
* Number of threads in the thread pool, if not specified in config.
*/
#define DEFAULT_THREADS 16
@@ -189,20 +181,14 @@ typedef struct daemon_t daemon_t;
#define IKEV2_NATT_PORT 4500
/**
- * PID file, in which charon stores its process id
- */
-#define PID_FILE IPSEC_PIDDIR "/charon.pid"
-
-
-/**
* Main class of daemon, contains some globals.
*/
struct daemon_t {
/**
- * A socket_t instance.
+ * Socket manager instance
*/
- socket_t *socket;
+ socket_manager_t *socket;
/**
* A ike_sa_manager_t instance.
@@ -311,16 +297,45 @@ struct daemon_t {
void (*keep_cap)(daemon_t *this, u_int cap);
/**
- * Shut down the daemon.
+ * Drop all capabilities of the current process.
+ *
+ * Drops all capabalities, excect those exlcuded using keep_cap().
+ * This should be called after the initialization of the daemon because
+ * some plugins require the process to keep additional capabilities.
*
- * @param reason describtion why it will be killed
+ * @return TRUE if successful, FALSE otherwise
+ */
+ bool (*drop_capabilities)(daemon_t *this);
+
+ /**
+ * Initialize the daemon.
*/
- void (*kill) (daemon_t *this, char *reason);
+ bool (*initialize)(daemon_t *this, bool syslog, level_t levels[]);
+
+ /**
+ * Starts the daemon, i.e. spawns the threads of the thread pool.
+ */
+ void (*start)(daemon_t *this);
+
};
/**
* The one and only instance of the daemon.
+ *
+ * Set between libcharon_init() and libcharon_deinit() calls.
*/
extern daemon_t *charon;
+/**
+ * Initialize libcharon and create the "charon" instance of daemon_t.
+ *
+ * @return FALSE if integrity check failed
+ */
+bool libcharon_init();
+
+/**
+ * Deinitialize libcharon and destroy the "charon" instance of daemon_t.
+ */
+void libcharon_deinit();
+
#endif /** DAEMON_H_ @}*/
diff --git a/src/charon/encoding/generator.c b/src/libcharon/encoding/generator.c
index 6485da492..6485da492 100644
--- a/src/charon/encoding/generator.c
+++ b/src/libcharon/encoding/generator.c
diff --git a/src/charon/encoding/generator.h b/src/libcharon/encoding/generator.h
index 2221c84af..2221c84af 100644
--- a/src/charon/encoding/generator.h
+++ b/src/libcharon/encoding/generator.h
diff --git a/src/charon/encoding/message.c b/src/libcharon/encoding/message.c
index 397a3c609..acfc0fd44 100644
--- a/src/charon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1539,22 +1539,19 @@ static status_t verify(private_message_t *this)
}
}
}
+ enumerator->destroy(enumerator);
if (found_payloads < rule->min_occurence)
{
DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)",
payload_type_names, rule->payload_type, rule->min_occurence,
found_payloads);
- enumerator->destroy(enumerator);
return VERIFY_ERROR;
}
- if (rule->sufficient &&
- this->payloads->get_count(this->payloads) == total_found_payloads)
+ if (rule->sufficient)
{
- enumerator->destroy(enumerator);
return SUCCESS;
}
- enumerator->destroy(enumerator);
}
return SUCCESS;
}
diff --git a/src/charon/encoding/message.h b/src/libcharon/encoding/message.h
index 2c7718f49..2c7718f49 100644
--- a/src/charon/encoding/message.h
+++ b/src/libcharon/encoding/message.h
diff --git a/src/charon/encoding/parser.c b/src/libcharon/encoding/parser.c
index 9aa34b1bc..9aa34b1bc 100644
--- a/src/charon/encoding/parser.c
+++ b/src/libcharon/encoding/parser.c
diff --git a/src/charon/encoding/parser.h b/src/libcharon/encoding/parser.h
index 27c5f03fe..27c5f03fe 100644
--- a/src/charon/encoding/parser.h
+++ b/src/libcharon/encoding/parser.h
diff --git a/src/charon/encoding/payloads/auth_payload.c b/src/libcharon/encoding/payloads/auth_payload.c
index d31208abb..d31208abb 100644
--- a/src/charon/encoding/payloads/auth_payload.c
+++ b/src/libcharon/encoding/payloads/auth_payload.c
diff --git a/src/charon/encoding/payloads/auth_payload.h b/src/libcharon/encoding/payloads/auth_payload.h
index 37ee149db..37ee149db 100644
--- a/src/charon/encoding/payloads/auth_payload.h
+++ b/src/libcharon/encoding/payloads/auth_payload.h
diff --git a/src/charon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c
index 6dd3141f0..6dd3141f0 100644
--- a/src/charon/encoding/payloads/cert_payload.c
+++ b/src/libcharon/encoding/payloads/cert_payload.c
diff --git a/src/charon/encoding/payloads/cert_payload.h b/src/libcharon/encoding/payloads/cert_payload.h
index aa1c7bf5a..aa1c7bf5a 100644
--- a/src/charon/encoding/payloads/cert_payload.h
+++ b/src/libcharon/encoding/payloads/cert_payload.h
diff --git a/src/charon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c
index 9ff0bdde0..9ff0bdde0 100644
--- a/src/charon/encoding/payloads/certreq_payload.c
+++ b/src/libcharon/encoding/payloads/certreq_payload.c
diff --git a/src/charon/encoding/payloads/certreq_payload.h b/src/libcharon/encoding/payloads/certreq_payload.h
index 914063628..914063628 100644
--- a/src/charon/encoding/payloads/certreq_payload.h
+++ b/src/libcharon/encoding/payloads/certreq_payload.h
diff --git a/src/charon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c
index 9094fd44d..9094fd44d 100644
--- a/src/charon/encoding/payloads/configuration_attribute.c
+++ b/src/libcharon/encoding/payloads/configuration_attribute.c
diff --git a/src/charon/encoding/payloads/configuration_attribute.h b/src/libcharon/encoding/payloads/configuration_attribute.h
index 6e4b018bb..6e4b018bb 100644
--- a/src/charon/encoding/payloads/configuration_attribute.h
+++ b/src/libcharon/encoding/payloads/configuration_attribute.h
diff --git a/src/charon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c
index f0a26eee2..f0a26eee2 100644
--- a/src/charon/encoding/payloads/cp_payload.c
+++ b/src/libcharon/encoding/payloads/cp_payload.c
diff --git a/src/charon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h
index c0760885a..7dcf58f7e 100644
--- a/src/charon/encoding/payloads/cp_payload.h
+++ b/src/libcharon/encoding/payloads/cp_payload.h
@@ -100,8 +100,8 @@ cp_payload_t *cp_payload_create();
/**
* Creates an cp_payload_t with type and value
*
- * @param type type of configuration payload to create
- * @return created configuration payload
+ * @param config_type type of configuration payload to create
+ * @return created configuration payload
*/
cp_payload_t *cp_payload_create_type(config_type_t config_type);
diff --git a/src/charon/encoding/payloads/delete_payload.c b/src/libcharon/encoding/payloads/delete_payload.c
index 97b4743b2..97b4743b2 100644
--- a/src/charon/encoding/payloads/delete_payload.c
+++ b/src/libcharon/encoding/payloads/delete_payload.c
diff --git a/src/charon/encoding/payloads/delete_payload.h b/src/libcharon/encoding/payloads/delete_payload.h
index 3b62c1af1..3b62c1af1 100644
--- a/src/charon/encoding/payloads/delete_payload.h
+++ b/src/libcharon/encoding/payloads/delete_payload.h
diff --git a/src/charon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c
index 21f34a642..21f34a642 100644
--- a/src/charon/encoding/payloads/eap_payload.c
+++ b/src/libcharon/encoding/payloads/eap_payload.c
diff --git a/src/charon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h
index 0bde4b15e..0bde4b15e 100644
--- a/src/charon/encoding/payloads/eap_payload.h
+++ b/src/libcharon/encoding/payloads/eap_payload.h
diff --git a/src/charon/encoding/payloads/encodings.c b/src/libcharon/encoding/payloads/encodings.c
index 85caeda82..85caeda82 100644
--- a/src/charon/encoding/payloads/encodings.c
+++ b/src/libcharon/encoding/payloads/encodings.c
diff --git a/src/charon/encoding/payloads/encodings.h b/src/libcharon/encoding/payloads/encodings.h
index 52af4a984..52af4a984 100644
--- a/src/charon/encoding/payloads/encodings.h
+++ b/src/libcharon/encoding/payloads/encodings.h
diff --git a/src/charon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c
index 389ab09d7..2adbb88b9 100644
--- a/src/charon/encoding/payloads/encryption_payload.c
+++ b/src/libcharon/encoding/payloads/encryption_payload.c
@@ -95,19 +95,19 @@ struct private_encryption_payload_t {
*/
encoding_rule_t encryption_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */
- { U_INT_8, offsetof(private_encryption_payload_t, next_payload) },
+ { U_INT_8, offsetof(private_encryption_payload_t, next_payload) },
/* the critical bit */
- { FLAG, offsetof(private_encryption_payload_t, critical) },
+ { FLAG, offsetof(private_encryption_payload_t, critical) },
/* 7 Bit reserved bits, nowhere stored */
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
+ { RESERVED_BIT, 0 },
+ { RESERVED_BIT, 0 },
+ { RESERVED_BIT, 0 },
+ { RESERVED_BIT, 0 },
+ { RESERVED_BIT, 0 },
+ { RESERVED_BIT, 0 },
+ { RESERVED_BIT, 0 },
/* Length of the whole encryption payload*/
- { PAYLOAD_LENGTH, offsetof(private_encryption_payload_t, payload_length) },
+ { PAYLOAD_LENGTH, offsetof(private_encryption_payload_t, payload_length) },
/* encrypted data, stored in a chunk. contains iv, data, padding */
{ ENCRYPTED_DATA, offsetof(private_encryption_payload_t, encrypted) },
};
@@ -480,15 +480,15 @@ static status_t decrypt(private_encryption_payload_t *this)
/* add one byte to the padding length, since the padding_length field is
* not included */
padding_length++;
- this->decrypted.len -= padding_length;
/* check size again */
- if (padding_length > concatenated.len || this->decrypted.len < 0)
+ if (padding_length > concatenated.len || padding_length > this->decrypted.len)
{
DBG1(DBG_ENC, "decryption failed, invalid padding length found. Invalid key?");
/* decryption failed :-/ */
return FAILED;
}
+ this->decrypted.len -= padding_length;
/* free padding */
this->decrypted.ptr = realloc(this->decrypted.ptr, this->decrypted.len);
diff --git a/src/charon/encoding/payloads/encryption_payload.h b/src/libcharon/encoding/payloads/encryption_payload.h
index ac5326b87..ac5326b87 100644
--- a/src/charon/encoding/payloads/encryption_payload.h
+++ b/src/libcharon/encoding/payloads/encryption_payload.h
diff --git a/src/charon/encoding/payloads/endpoint_notify.c b/src/libcharon/encoding/payloads/endpoint_notify.c
index faec1ea71..faec1ea71 100644
--- a/src/charon/encoding/payloads/endpoint_notify.c
+++ b/src/libcharon/encoding/payloads/endpoint_notify.c
diff --git a/src/charon/encoding/payloads/endpoint_notify.h b/src/libcharon/encoding/payloads/endpoint_notify.h
index 120eef49a..120eef49a 100644
--- a/src/charon/encoding/payloads/endpoint_notify.h
+++ b/src/libcharon/encoding/payloads/endpoint_notify.h
diff --git a/src/charon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c
index 4158c3e07..4158c3e07 100644
--- a/src/charon/encoding/payloads/id_payload.c
+++ b/src/libcharon/encoding/payloads/id_payload.c
diff --git a/src/charon/encoding/payloads/id_payload.h b/src/libcharon/encoding/payloads/id_payload.h
index 5502dc961..5502dc961 100644
--- a/src/charon/encoding/payloads/id_payload.h
+++ b/src/libcharon/encoding/payloads/id_payload.h
diff --git a/src/charon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c
index 735f01304..735f01304 100644
--- a/src/charon/encoding/payloads/ike_header.c
+++ b/src/libcharon/encoding/payloads/ike_header.c
diff --git a/src/charon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h
index e63e8bf06..e63e8bf06 100644
--- a/src/charon/encoding/payloads/ike_header.h
+++ b/src/libcharon/encoding/payloads/ike_header.h
diff --git a/src/charon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c
index 1bc79f084..1bc79f084 100644
--- a/src/charon/encoding/payloads/ke_payload.c
+++ b/src/libcharon/encoding/payloads/ke_payload.c
diff --git a/src/charon/encoding/payloads/ke_payload.h b/src/libcharon/encoding/payloads/ke_payload.h
index 3ca05009e..3ca05009e 100644
--- a/src/charon/encoding/payloads/ke_payload.h
+++ b/src/libcharon/encoding/payloads/ke_payload.h
diff --git a/src/charon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c
index 4ad5ce9dd..4ad5ce9dd 100644
--- a/src/charon/encoding/payloads/nonce_payload.c
+++ b/src/libcharon/encoding/payloads/nonce_payload.c
diff --git a/src/charon/encoding/payloads/nonce_payload.h b/src/libcharon/encoding/payloads/nonce_payload.h
index e9212202e..e9212202e 100644
--- a/src/charon/encoding/payloads/nonce_payload.h
+++ b/src/libcharon/encoding/payloads/nonce_payload.h
diff --git a/src/charon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c
index 469698ef5..469698ef5 100644
--- a/src/charon/encoding/payloads/notify_payload.c
+++ b/src/libcharon/encoding/payloads/notify_payload.c
diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 0e1bc23b8..0e1bc23b8 100644
--- a/src/charon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
diff --git a/src/charon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c
index 1cee6d2aa..1cee6d2aa 100644
--- a/src/charon/encoding/payloads/payload.c
+++ b/src/libcharon/encoding/payloads/payload.c
diff --git a/src/charon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h
index 2e783cb30..2e783cb30 100644
--- a/src/charon/encoding/payloads/payload.h
+++ b/src/libcharon/encoding/payloads/payload.h
diff --git a/src/charon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index c93f73a68..c93f73a68 100644
--- a/src/charon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
diff --git a/src/charon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h
index 4934802af..4934802af 100644
--- a/src/charon/encoding/payloads/proposal_substructure.h
+++ b/src/libcharon/encoding/payloads/proposal_substructure.h
diff --git a/src/charon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c
index 187a8fee0..187a8fee0 100644
--- a/src/charon/encoding/payloads/sa_payload.c
+++ b/src/libcharon/encoding/payloads/sa_payload.c
diff --git a/src/charon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h
index 25f5a2407..25f5a2407 100644
--- a/src/charon/encoding/payloads/sa_payload.h
+++ b/src/libcharon/encoding/payloads/sa_payload.h
diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
index f24857591..f24857591 100644
--- a/src/charon/encoding/payloads/traffic_selector_substructure.c
+++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.h b/src/libcharon/encoding/payloads/traffic_selector_substructure.h
index 0109fd7f5..0109fd7f5 100644
--- a/src/charon/encoding/payloads/traffic_selector_substructure.h
+++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.h
diff --git a/src/charon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c
index 8bf2ddef4..8bf2ddef4 100644
--- a/src/charon/encoding/payloads/transform_attribute.c
+++ b/src/libcharon/encoding/payloads/transform_attribute.c
diff --git a/src/charon/encoding/payloads/transform_attribute.h b/src/libcharon/encoding/payloads/transform_attribute.h
index a5fe0154b..a5fe0154b 100644
--- a/src/charon/encoding/payloads/transform_attribute.h
+++ b/src/libcharon/encoding/payloads/transform_attribute.h
diff --git a/src/charon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c
index c94f6c1a2..c94f6c1a2 100644
--- a/src/charon/encoding/payloads/transform_substructure.c
+++ b/src/libcharon/encoding/payloads/transform_substructure.c
diff --git a/src/charon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h
index 5d31f8c0a..5d31f8c0a 100644
--- a/src/charon/encoding/payloads/transform_substructure.h
+++ b/src/libcharon/encoding/payloads/transform_substructure.h
diff --git a/src/charon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c
index 6bf3e4293..6bf3e4293 100644
--- a/src/charon/encoding/payloads/ts_payload.c
+++ b/src/libcharon/encoding/payloads/ts_payload.c
diff --git a/src/charon/encoding/payloads/ts_payload.h b/src/libcharon/encoding/payloads/ts_payload.h
index d322ff1a8..d322ff1a8 100644
--- a/src/charon/encoding/payloads/ts_payload.h
+++ b/src/libcharon/encoding/payloads/ts_payload.h
diff --git a/src/charon/encoding/payloads/unknown_payload.c b/src/libcharon/encoding/payloads/unknown_payload.c
index dd5547dc3..dd5547dc3 100644
--- a/src/charon/encoding/payloads/unknown_payload.c
+++ b/src/libcharon/encoding/payloads/unknown_payload.c
diff --git a/src/charon/encoding/payloads/unknown_payload.h b/src/libcharon/encoding/payloads/unknown_payload.h
index c761ed2b6..c761ed2b6 100644
--- a/src/charon/encoding/payloads/unknown_payload.h
+++ b/src/libcharon/encoding/payloads/unknown_payload.h
diff --git a/src/charon/encoding/payloads/vendor_id_payload.c b/src/libcharon/encoding/payloads/vendor_id_payload.c
index bf33d2418..bf33d2418 100644
--- a/src/charon/encoding/payloads/vendor_id_payload.c
+++ b/src/libcharon/encoding/payloads/vendor_id_payload.c
diff --git a/src/charon/encoding/payloads/vendor_id_payload.h b/src/libcharon/encoding/payloads/vendor_id_payload.h
index 241535cac..241535cac 100644
--- a/src/charon/encoding/payloads/vendor_id_payload.h
+++ b/src/libcharon/encoding/payloads/vendor_id_payload.h
diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c
new file mode 100644
index 000000000..64a43a7fc
--- /dev/null
+++ b/src/libcharon/kernel/kernel_interface.c
@@ -0,0 +1,386 @@
+/*
+ * Copyright (C) 2008-2009 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "kernel_interface.h"
+
+#include <daemon.h>
+
+typedef struct private_kernel_interface_t private_kernel_interface_t;
+
+/**
+ * Private data of a kernel_interface_t object.
+ */
+struct private_kernel_interface_t {
+
+ /**
+ * Public part of kernel_interface_t object.
+ */
+ kernel_interface_t public;
+
+ /**
+ * ipsec interface
+ */
+ kernel_ipsec_t *ipsec;
+
+ /**
+ * network interface
+ */
+ kernel_net_t *net;
+};
+
+METHOD(kernel_interface_t, get_spi, status_t,
+ private_kernel_interface_t *this, host_t *src, host_t *dst,
+ protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->get_spi(this->ipsec, src, dst, protocol, reqid, spi);
+}
+
+METHOD(kernel_interface_t, get_cpi, status_t,
+ private_kernel_interface_t *this, host_t *src, host_t *dst,
+ u_int32_t reqid, u_int16_t *cpi)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->get_cpi(this->ipsec, src, dst, reqid, cpi);
+}
+
+METHOD(kernel_interface_t, add_sa, status_t,
+ private_kernel_interface_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, protocol_id_t protocol, u_int32_t reqid,
+ lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
+ u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
+ u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
+ lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, cpi,
+ encap, inbound, src_ts, dst_ts);
+}
+
+METHOD(kernel_interface_t, update_sa, status_t,
+ private_kernel_interface_t *this, u_int32_t spi, protocol_id_t protocol,
+ u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
+ bool encap, bool new_encap)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst,
+ new_src, new_dst, encap, new_encap);
+}
+
+METHOD(kernel_interface_t, query_sa, status_t,
+ private_kernel_interface_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, bytes);
+}
+
+METHOD(kernel_interface_t, del_sa, status_t,
+ private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi,
+ protocol_id_t protocol, u_int16_t cpi)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi);
+}
+
+METHOD(kernel_interface_t, add_policy, status_t,
+ private_kernel_interface_t *this, host_t *src, host_t *dst,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+ u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
+ bool routed)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts,
+ direction, spi, protocol, reqid, mode, ipcomp, cpi, routed);
+}
+
+METHOD(kernel_interface_t, query_policy, status_t,
+ private_kernel_interface_t *this, traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts,
+ direction, use_time);
+}
+
+METHOD(kernel_interface_t, del_policy, status_t,
+ private_kernel_interface_t *this, traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts,
+ direction, unrouted);
+}
+
+METHOD(kernel_interface_t, get_source_addr, host_t*,
+ private_kernel_interface_t *this, host_t *dest, host_t *src)
+{
+ if (!this->net)
+ {
+ return NULL;
+ }
+ return this->net->get_source_addr(this->net, dest, src);
+}
+
+METHOD(kernel_interface_t, get_nexthop, host_t*,
+ private_kernel_interface_t *this, host_t *dest)
+{
+ if (!this->net)
+ {
+ return NULL;
+ }
+ return this->net->get_nexthop(this->net, dest);
+}
+
+METHOD(kernel_interface_t, get_interface, char*,
+ private_kernel_interface_t *this, host_t *host)
+{
+ if (!this->net)
+ {
+ return NULL;
+ }
+ return this->net->get_interface(this->net, host);
+}
+
+METHOD(kernel_interface_t, create_address_enumerator, enumerator_t*,
+ private_kernel_interface_t *this, bool include_down_ifaces,
+ bool include_virtual_ips)
+{
+ if (!this->net)
+ {
+ return enumerator_create_empty();
+ }
+ return this->net->create_address_enumerator(this->net, include_down_ifaces,
+ include_virtual_ips);
+}
+
+METHOD(kernel_interface_t, add_ip, status_t,
+ private_kernel_interface_t *this, host_t *virtual_ip, host_t *iface_ip)
+{
+ if (!this->net)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->net->add_ip(this->net, virtual_ip, iface_ip);
+}
+
+METHOD(kernel_interface_t, del_ip, status_t,
+ private_kernel_interface_t *this, host_t *virtual_ip)
+{
+ if (!this->net)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->net->del_ip(this->net, virtual_ip);
+}
+
+METHOD(kernel_interface_t, add_route, status_t,
+ private_kernel_interface_t *this, chunk_t dst_net,
+ u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+{
+ if (!this->net)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->net->add_route(this->net, dst_net, prefixlen, gateway,
+ src_ip, if_name);
+}
+
+METHOD(kernel_interface_t, del_route, status_t,
+ private_kernel_interface_t *this, chunk_t dst_net,
+ u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+{
+ if (!this->net)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->net->del_route(this->net, dst_net, prefixlen, gateway,
+ src_ip, if_name);
+}
+
+METHOD(kernel_interface_t, bypass_socket, bool,
+ private_kernel_interface_t *this, int fd, int family)
+{
+ if (!this->ipsec)
+ {
+ return FALSE;
+ }
+ return this->ipsec->bypass_socket(this->ipsec, fd, family);
+}
+
+METHOD(kernel_interface_t, get_address_by_ts, status_t,
+ private_kernel_interface_t *this, traffic_selector_t *ts, host_t **ip)
+{
+ enumerator_t *addrs;
+ host_t *host;
+ int family;
+ bool found = FALSE;
+
+ DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts);
+
+ /* if we have a family which includes localhost, we do not
+ * search for an IP, we use the default */
+ family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
+
+ if (family == AF_INET)
+ {
+ host = host_create_from_string("127.0.0.1", 0);
+ }
+ else
+ {
+ host = host_create_from_string("::1", 0);
+ }
+
+ if (ts->includes(ts, host))
+ {
+ *ip = host_create_any(family);
+ host->destroy(host);
+ DBG2(DBG_KNL, "using host %H", *ip);
+ return SUCCESS;
+ }
+ host->destroy(host);
+
+ addrs = create_address_enumerator(this, TRUE, TRUE);
+ while (addrs->enumerate(addrs, (void**)&host))
+ {
+ if (ts->includes(ts, host))
+ {
+ found = TRUE;
+ *ip = host->clone(host);
+ break;
+ }
+ }
+ addrs->destroy(addrs);
+
+ if (!found)
+ {
+ DBG1(DBG_KNL, "no local address found in traffic selector %R", ts);
+ return FAILED;
+ }
+
+ DBG2(DBG_KNL, "using host %H", *ip);
+ return SUCCESS;
+}
+
+
+METHOD(kernel_interface_t, add_ipsec_interface, void,
+ private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
+{
+ if (!this->ipsec)
+ {
+ this->ipsec = constructor();
+ }
+}
+
+METHOD(kernel_interface_t, remove_ipsec_interface, void,
+ private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
+{
+ /* TODO: replace if interface currently in use */
+}
+
+METHOD(kernel_interface_t, add_net_interface, void,
+ private_kernel_interface_t *this, kernel_net_constructor_t constructor)
+{
+ if (!this->net)
+ {
+ this->net = constructor();
+ }
+}
+
+METHOD(kernel_interface_t, remove_net_interface, void,
+ private_kernel_interface_t *this, kernel_net_constructor_t constructor)
+{
+ /* TODO: replace if interface currently in use */
+}
+
+METHOD(kernel_interface_t, destroy, void,
+ private_kernel_interface_t *this)
+{
+ DESTROY_IF(this->ipsec);
+ DESTROY_IF(this->net);
+ free(this);
+}
+
+/*
+ * Described in header-file
+ */
+kernel_interface_t *kernel_interface_create()
+{
+ private_kernel_interface_t *this;
+
+ INIT(this,
+ .public = {
+ .get_spi = _get_spi,
+ .get_cpi = _get_cpi,
+ .add_sa = _add_sa,
+ .update_sa = _update_sa,
+ .query_sa = _query_sa,
+ .del_sa = _del_sa,
+ .add_policy = _add_policy,
+ .query_policy = _query_policy,
+ .del_policy = _del_policy,
+ .get_source_addr = _get_source_addr,
+ .get_nexthop = _get_nexthop,
+ .get_interface = _get_interface,
+ .create_address_enumerator = _create_address_enumerator,
+ .add_ip = _add_ip,
+ .del_ip = _del_ip,
+ .add_route = _add_route,
+ .del_route = _del_route,
+ .bypass_socket = _bypass_socket,
+
+ .get_address_by_ts = _get_address_by_ts,
+ .add_ipsec_interface = _add_ipsec_interface,
+ .remove_ipsec_interface = _remove_ipsec_interface,
+ .add_net_interface = _add_net_interface,
+ .remove_net_interface = _remove_net_interface,
+ .destroy = _destroy,
+ },
+ );
+
+ return &this->public;
+}
+
diff --git a/src/charon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h
index c39246e72..4a62e76b8 100644
--- a/src/charon/kernel/kernel_interface.h
+++ b/src/libcharon/kernel/kernel_interface.h
@@ -333,6 +333,15 @@ struct kernel_interface_t {
host_t *gateway, host_t *src_ip, char *if_name);
/**
+ * Set up a bypass policy for a given socket.
+ *
+ * @param fd socket file descriptor to setup policy for
+ * @param family protocol family of the socket
+ * @return TRUE of policy set up successfully
+ */
+ bool (*bypass_socket)(kernel_interface_t *this, int fd, int family);
+
+ /**
* manager methods
*/
diff --git a/src/charon/kernel/kernel_ipsec.c b/src/libcharon/kernel/kernel_ipsec.c
index 5b0335b16..5b0335b16 100644
--- a/src/charon/kernel/kernel_ipsec.c
+++ b/src/libcharon/kernel/kernel_ipsec.c
diff --git a/src/charon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h
index 73ad29b0e..300464cf6 100644
--- a/src/charon/kernel/kernel_ipsec.h
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -265,6 +265,15 @@ struct kernel_ipsec_t {
bool unrouted);
/**
+ * Install a bypass policy for the given socket.
+ *
+ * @param fd socket file descriptor to setup policy for
+ * @param family protocol family of the socket
+ * @return TRUE of policy set up successfully
+ */
+ bool (*bypass_socket)(kernel_ipsec_t *this, int fd, int family);
+
+ /**
* Destroy the implementation.
*/
void (*destroy) (kernel_ipsec_t *this);
diff --git a/src/charon/kernel/kernel_net.h b/src/libcharon/kernel/kernel_net.h
index efb221f88..efb221f88 100644
--- a/src/charon/kernel/kernel_net.h
+++ b/src/libcharon/kernel/kernel_net.h
diff --git a/src/libcharon/network/packet.c b/src/libcharon/network/packet.c
new file mode 100644
index 000000000..19db362f7
--- /dev/null
+++ b/src/libcharon/network/packet.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "packet.h"
+
+typedef struct private_packet_t private_packet_t;
+
+/**
+ * Private data of an packet_t object.
+ */
+struct private_packet_t {
+
+ /**
+ * Public part of a packet_t object.
+ */
+ packet_t public;
+
+ /**
+ * source address
+ */
+ host_t *source;
+
+ /**
+ * destination address
+ */
+ host_t *destination;
+
+ /**
+ * message data
+ */
+ chunk_t data;
+};
+
+METHOD(packet_t, set_source, void,
+ private_packet_t *this, host_t *source)
+{
+ DESTROY_IF(this->source);
+ this->source = source;
+}
+
+METHOD(packet_t, set_destination, void,
+ private_packet_t *this, host_t *destination)
+{
+ DESTROY_IF(this->destination);
+ this->destination = destination;
+}
+
+METHOD(packet_t, get_source, host_t*,
+ private_packet_t *this)
+{
+ return this->source;
+}
+
+METHOD(packet_t, get_destination, host_t*,
+ private_packet_t *this)
+{
+ return this->destination;
+}
+
+METHOD(packet_t, get_data, chunk_t,
+ private_packet_t *this)
+{
+ return this->data;
+}
+
+METHOD(packet_t, set_data, void,
+ private_packet_t *this, chunk_t data)
+{
+ free(this->data.ptr);
+ this->data = data;
+}
+
+METHOD(packet_t, destroy, void,
+ private_packet_t *this)
+{
+ DESTROY_IF(this->source);
+ DESTROY_IF(this->destination);
+ free(this->data.ptr);
+ free(this);
+}
+
+METHOD(packet_t, clone_, packet_t*,
+ private_packet_t *this)
+{
+ packet_t *other;
+
+ other = packet_create();
+ if (this->destination != NULL)
+ {
+ other->set_destination(other, this->destination->clone(this->destination));
+ }
+ if (this->source != NULL)
+ {
+ other->set_source(other, this->source->clone(this->source));
+ }
+ if (this->data.ptr != NULL)
+ {
+ other->set_data(other, chunk_clone(this->data));
+ }
+ return other;
+}
+
+/*
+ * Documented in header
+ */
+packet_t *packet_create(void)
+{
+ private_packet_t *this;
+
+ INIT(this,
+ .public = {
+ .set_data = _set_data,
+ .get_data = _get_data,
+ .set_source = _set_source,
+ .get_source = _get_source,
+ .set_destination = _set_destination,
+ .get_destination = _get_destination,
+ .clone = _clone_,
+ .destroy = _destroy,
+ },
+ );
+
+ return &this->public;
+}
+
diff --git a/src/charon/network/packet.h b/src/libcharon/network/packet.h
index 18d82c6fc..18d82c6fc 100644
--- a/src/charon/network/packet.h
+++ b/src/libcharon/network/packet.h
diff --git a/src/charon/network/receiver.c b/src/libcharon/network/receiver.c
index 6cd99439b..df897021a 100644
--- a/src/charon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -99,6 +99,11 @@ struct private_receiver_t {
* how many half open IKE_SAs per peer before blocking
*/
u_int32_t block_threshold;
+
+ /**
+ * Delay for receiving incoming packets, to simulate larger RTT
+ */
+ u_int receive_delay;
};
/**
@@ -248,7 +253,7 @@ static bool peer_to_aggressive(private_receiver_t *this, message_t *message)
}
/**
- * Implementation of receiver_t.receive_packets.
+ * Job callback to receive packets
*/
static job_requeue_t receive_packets(private_receiver_t *this)
{
@@ -325,14 +330,20 @@ static job_requeue_t receive_packets(private_receiver_t *this)
}
}
job = (job_t*)process_message_job_create(message);
- charon->processor->queue_job(charon->processor, job);
+ if (this->receive_delay)
+ {
+ charon->scheduler->schedule_job_ms(charon->scheduler,
+ job, this->receive_delay);
+ }
+ else
+ {
+ charon->processor->queue_job(charon->processor, job);
+ }
return JOB_REQUEUE_DIRECT;
}
-/**
- * Implementation of receiver_t.destroy.
- */
-static void destroy(private_receiver_t *this)
+METHOD(receiver_t, destroy, void,
+ private_receiver_t *this)
{
this->job->cancel(this->job);
this->rng->destroy(this->rng);
@@ -345,10 +356,24 @@ static void destroy(private_receiver_t *this)
*/
receiver_t *receiver_create()
{
- private_receiver_t *this = malloc_thing(private_receiver_t);
+ private_receiver_t *this;
u_int32_t now = time_monotonic(NULL);
- this->public.destroy = (void(*)(receiver_t*)) destroy;
+ INIT(this,
+ .public.destroy = _destroy,
+ .secret_switch = now,
+ .secret_offset = random() % now,
+ );
+
+ if (lib->settings->get_bool(lib->settings, "charon.dos_protection", TRUE))
+ {
+ this->cookie_threshold = lib->settings->get_int(lib->settings,
+ "charon.cookie_threshold", COOKIE_THRESHOLD_DEFAULT);
+ this->block_threshold = lib->settings->get_int(lib->settings,
+ "charon.block_threshold", BLOCK_THRESHOLD_DEFAULT);
+ }
+ this->receive_delay = lib->settings->get_int(lib->settings,
+ "charon.receive_delay", 0);
this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_PREFERRED);
if (this->hasher == NULL)
@@ -365,20 +390,8 @@ receiver_t *receiver_create()
free(this);
return NULL;
}
- this->secret_switch = now;
- this->secret_offset = random() % now;
- this->secret_used = 0;
this->rng->get_bytes(this->rng, SECRET_LENGTH, this->secret);
memcpy(this->secret_old, this->secret, SECRET_LENGTH);
- this->cookie_threshold = lib->settings->get_int(lib->settings,
- "charon.cookie_threshold", COOKIE_THRESHOLD_DEFAULT);
- this->block_threshold = lib->settings->get_int(lib->settings,
- "charon.block_threshold", BLOCK_THRESHOLD_DEFAULT);
- if (!lib->settings->get_bool(lib->settings, "charon.dos_protection", TRUE))
- {
- this->cookie_threshold = 0;
- this->block_threshold = 0;
- }
this->job = callback_job_create((callback_job_cb_t)receive_packets,
this, NULL, NULL);
diff --git a/src/charon/network/receiver.h b/src/libcharon/network/receiver.h
index 690d8dbab..690d8dbab 100644
--- a/src/charon/network/receiver.h
+++ b/src/libcharon/network/receiver.h
diff --git a/src/charon/network/sender.c b/src/libcharon/network/sender.c
index 3be5861dd..c18f1138e 100644
--- a/src/charon/network/sender.c
+++ b/src/libcharon/network/sender.c
@@ -14,6 +14,7 @@
* for more details.
*/
+#include <unistd.h>
#include <stdlib.h>
#include "sender.h"
@@ -61,12 +62,15 @@ struct private_sender_t {
* condvar to signal for packets sent
*/
condvar_t *sent;
+
+ /**
+ * Delay for sending outgoing packets, to simulate larger RTT
+ */
+ int send_delay;
};
-/**
- * implements sender_t.send
- */
-static void send_(private_sender_t *this, packet_t *packet)
+METHOD(sender_t, send_, void,
+ private_sender_t *this, packet_t *packet)
{
host_t *src, *dst;
@@ -74,6 +78,11 @@ static void send_(private_sender_t *this, packet_t *packet)
dst = packet->get_destination(packet);
DBG1(DBG_NET, "sending packet: from %#H to %#H", src, dst);
+ if (this->send_delay)
+ {
+ usleep(this->send_delay * 1000);
+ }
+
this->mutex->lock(this->mutex);
this->list->insert_last(this->list, packet);
this->got->signal(this->got);
@@ -81,7 +90,7 @@ static void send_(private_sender_t *this, packet_t *packet)
}
/**
- * Implementation of private_sender_t.send_packets.
+ * Job callback function to send packets
*/
static job_requeue_t send_packets(private_sender_t * this)
{
@@ -109,10 +118,8 @@ static job_requeue_t send_packets(private_sender_t * this)
return JOB_REQUEUE_DIRECT;
}
-/**
- * Implementation of sender_t.destroy.
- */
-static void destroy(private_sender_t *this)
+METHOD(sender_t, destroy, void,
+ private_sender_t *this)
{
/* send all packets in the queue */
this->mutex->lock(this->mutex);
@@ -134,18 +141,23 @@ static void destroy(private_sender_t *this)
*/
sender_t * sender_create()
{
- private_sender_t *this = malloc_thing(private_sender_t);
-
- this->public.send = (void(*)(sender_t*,packet_t*))send_;
- this->public.destroy = (void(*)(sender_t*)) destroy;
-
- this->list = linked_list_create();
- this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
- this->got = condvar_create(CONDVAR_TYPE_DEFAULT);
- this->sent = condvar_create(CONDVAR_TYPE_DEFAULT);
+ private_sender_t *this;
+
+ INIT(this,
+ .public = {
+ .send = _send_,
+ .destroy = _destroy,
+ },
+ .list = linked_list_create(),
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .got = condvar_create(CONDVAR_TYPE_DEFAULT),
+ .sent = condvar_create(CONDVAR_TYPE_DEFAULT),
+ .job = callback_job_create((callback_job_cb_t)send_packets,
+ this, NULL, NULL),
+ .send_delay = lib->settings->get_int(lib->settings,
+ "charon.send_delay", 0),
+ );
- this->job = callback_job_create((callback_job_cb_t)send_packets,
- this, NULL, NULL);
charon->processor->queue_job(charon->processor, (job_t*)this->job);
return &this->public;
diff --git a/src/charon/network/sender.h b/src/libcharon/network/sender.h
index f77fadab2..f77fadab2 100644
--- a/src/charon/network/sender.h
+++ b/src/libcharon/network/sender.h
diff --git a/src/charon/network/socket.h b/src/libcharon/network/socket.h
index 83bb9d4c9..5c5a4edfb 100644
--- a/src/charon/network/socket.h
+++ b/src/libcharon/network/socket.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
- * Copyright (C) 2005-2008 Martin Willi
+ * Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -27,29 +27,10 @@ typedef struct socket_t socket_t;
#include <library.h>
#include <network/packet.h>
-#include <utils/host.h>
#include <utils/enumerator.h>
/**
- * Maximum size of a packet.
- *
- * 3000 Bytes should be sufficient, see IKEv2 RFC. However, to run our
- * multi-CA test with 2 intermediate CAs, we increase that to 5000 bytes.
- */
-#define MAX_PACKET 5000
-
-/**
- * Abstraction of all sockets (IPv4/IPv6 send/receive).
- *
- * All available sockets are bound and the receive function
- * reads from them. There are actually two implementations:
- * The first uses raw sockets to allow binding of other daemons (pluto) to
- * UDP/500. An installed "Linux socket filter" filters out all non-IKEv2
- * traffic and handles just IKEv2 messages. An other daemon (pluto) must
- * handle all traffic separately, e.g. ignore IKEv2 traffic, since charon
- * handles that.
- * The other implementation uses normal sockets and is built if
- * --disable-pluto is given to the configure script.
+ * Socket interface definition.
*/
struct socket_t {
@@ -78,25 +59,6 @@ struct socket_t {
* - FAILED when unable to send
*/
status_t (*send) (socket_t *this, packet_t *packet);
-
- /**
- * Enumerate all underlying socket file descriptors.
- *
- * @return enumerator over (int fd, int family, int port)
- */
- enumerator_t *(*create_enumerator) (socket_t *this);
-
- /**
- * Destroy socket.
- */
- void (*destroy) (socket_t *this);
};
-/**
- * Create a socket_t, which binds multiple sockets.
- *
- * @return socket_t object
- */
-socket_t *socket_create();
-
#endif /** SOCKET_H_ @}*/
diff --git a/src/libcharon/network/socket_manager.c b/src/libcharon/network/socket_manager.c
new file mode 100644
index 000000000..0dbce4b1b
--- /dev/null
+++ b/src/libcharon/network/socket_manager.c
@@ -0,0 +1,129 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "socket_manager.h"
+
+#include <daemon.h>
+#include <threading/thread.h>
+#include <threading/rwlock.h>
+#include <utils/linked_list.h>
+
+typedef struct private_socket_manager_t private_socket_manager_t;
+
+/**
+ * Private data of an socket_manager_t object.
+ */
+struct private_socket_manager_t {
+
+ /**
+ * Public socket_manager_t interface.
+ */
+ socket_manager_t public;
+
+ /**
+ * List of registered socket
+ */
+ linked_list_t *sockets;
+
+ /**
+ * Lock for sockets list
+ */
+ rwlock_t *lock;
+};
+
+METHOD(socket_manager_t, receiver, status_t,
+ private_socket_manager_t *this, packet_t **packet)
+{
+ socket_t *socket;
+ status_t status;
+
+ this->lock->read_lock(this->lock);
+ if (this->sockets->get_first(this->sockets, (void**)&socket) != SUCCESS)
+ {
+ DBG1(DBG_NET, "no socket implementation registered, receiving failed");
+ this->lock->unlock(this->lock);
+ return NOT_SUPPORTED;
+ }
+ /* receive is blocking and the thread can be cancelled */
+ thread_cleanup_push((thread_cleanup_t)this->lock->unlock, this->lock);
+ status = socket->receive(socket, packet);
+ thread_cleanup_pop(TRUE);
+ return status;
+}
+
+METHOD(socket_manager_t, sender, status_t,
+ private_socket_manager_t *this, packet_t *packet)
+{
+ socket_t *socket;
+ status_t status;
+
+ this->lock->read_lock(this->lock);
+ if (this->sockets->get_first(this->sockets, (void**)&socket) != SUCCESS)
+ {
+ DBG1(DBG_NET, "no socket implementation registered, sending failed");
+ this->lock->unlock(this->lock);
+ return NOT_SUPPORTED;
+ }
+ status = socket->send(socket, packet);
+ this->lock->unlock(this->lock);
+ return status;
+}
+
+METHOD(socket_manager_t, add_socket, void,
+ private_socket_manager_t *this, socket_t *socket)
+{
+ this->lock->write_lock(this->lock);
+ this->sockets->insert_last(this->sockets, socket);
+ this->lock->unlock(this->lock);
+}
+
+METHOD(socket_manager_t, remove_socket, void,
+ private_socket_manager_t *this, socket_t *socket)
+{
+ this->lock->write_lock(this->lock);
+ this->sockets->remove(this->sockets, socket, NULL);
+ this->lock->unlock(this->lock);
+}
+
+METHOD(socket_manager_t, destroy, void,
+ private_socket_manager_t *this)
+{
+ this->sockets->destroy(this->sockets);
+ this->lock->destroy(this->lock);
+ free(this);
+}
+
+/**
+ * See header
+ */
+socket_manager_t *socket_manager_create()
+{
+ private_socket_manager_t *this;
+
+ INIT(this,
+ .public = {
+ .send = _sender,
+ .receive = _receiver,
+ .add_socket = _add_socket,
+ .remove_socket = _remove_socket,
+ .destroy = _destroy,
+ },
+ .sockets = linked_list_create(),
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/network/socket_manager.h b/src/libcharon/network/socket_manager.h
new file mode 100644
index 000000000..b33d5c71c
--- /dev/null
+++ b/src/libcharon/network/socket_manager.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_manager socket_manager
+ * @{ @ingroup network
+ */
+
+#ifndef SOCKET_MANAGER_H_
+#define SOCKET_MANAGER_H_
+
+#include <network/socket.h>
+
+typedef struct socket_manager_t socket_manager_t;
+
+/**
+ * Handle pluggable socket implementations and send/receive packets through it.
+ */
+struct socket_manager_t {
+
+ /**
+ * Receive a packet using the registered socket.
+ *
+ * @param packet allocated packet that has been received
+ * @return
+ * - SUCCESS when packet successfully received
+ * - FAILED when unable to receive
+ */
+ status_t (*receive) (socket_manager_t *this, packet_t **packet);
+
+ /**
+ * Send a packet using the registered socket.
+ *
+ * @param packet packet to send out
+ * @return
+ * - SUCCESS when packet successfully sent
+ * - FAILED when unable to send
+ */
+ status_t (*send) (socket_manager_t *this, packet_t *packet);
+
+ /**
+ * Register a socket implementation.
+ */
+ void (*add_socket)(socket_manager_t *this, socket_t *socket);
+
+ /**
+ * Unregister a registered socket implementation.
+ */
+ void (*remove_socket)(socket_manager_t *this, socket_t *socket);
+
+ /**
+ * Destroy a socket_manager_t.
+ */
+ void (*destroy)(socket_manager_t *this);
+};
+
+/**
+ * Create a socket_manager instance.
+ */
+socket_manager_t *socket_manager_create();
+
+#endif /** SOCKET_MANAGER_H_ @}*/
diff --git a/src/libcharon/plugins/android/Makefile.am b/src/libcharon/plugins/android/Makefile.am
new file mode 100644
index 000000000..e8423589c
--- /dev/null
+++ b/src/libcharon/plugins/android/Makefile.am
@@ -0,0 +1,18 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-android.la
+else
+plugin_LTLIBRARIES = libstrongswan-android.la
+endif
+
+libstrongswan_android_la_SOURCES = \
+ android_plugin.c android_plugin.h \
+ android_handler.c android_handler.h
+
+libstrongswan_android_la_LDFLAGS = -module -avoid-version
+libstrongswan_android_la_LIBADD = -lcutils
diff --git a/src/libcharon/plugins/android/Makefile.in b/src/libcharon/plugins/android/Makefile.in
new file mode 100644
index 000000000..9f12a9c75
--- /dev/null
+++ b/src/libcharon/plugins/android/Makefile.in
@@ -0,0 +1,590 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/android
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_android_la_DEPENDENCIES =
+am_libstrongswan_android_la_OBJECTS = android_plugin.lo \
+ android_handler.lo
+libstrongswan_android_la_OBJECTS = \
+ $(am_libstrongswan_android_la_OBJECTS)
+libstrongswan_android_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_android_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_android_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_android_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_android_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_android_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-android.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-android.la
+libstrongswan_android_la_SOURCES = \
+ android_plugin.c android_plugin.h \
+ android_handler.c android_handler.h
+
+libstrongswan_android_la_LDFLAGS = -module -avoid-version
+libstrongswan_android_la_LIBADD = -lcutils
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/android/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libcharon/plugins/android/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-android.la: $(libstrongswan_android_la_OBJECTS) $(libstrongswan_android_la_DEPENDENCIES)
+ $(libstrongswan_android_la_LINK) $(am_libstrongswan_android_la_rpath) $(libstrongswan_android_la_OBJECTS) $(libstrongswan_android_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/android_handler.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/android_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/android/android_handler.c b/src/libcharon/plugins/android/android_handler.c
new file mode 100644
index 000000000..a475eeaab
--- /dev/null
+++ b/src/libcharon/plugins/android/android_handler.c
@@ -0,0 +1,225 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "android_handler.h"
+
+#include <utils/linked_list.h>
+
+#include <cutils/properties.h>
+
+typedef struct private_android_handler_t private_android_handler_t;
+
+/**
+ * Private data of an android_handler_t object.
+ */
+struct private_android_handler_t {
+
+ /**
+ * Public android_handler_t interface.
+ */
+ android_handler_t public;
+
+ /**
+ * List of registered DNS servers
+ */
+ linked_list_t *dns;
+};
+
+/**
+ * Struct to store a pair of old and installed DNS servers
+ */
+typedef struct {
+ /** installed dns server */
+ host_t *dns;
+ /** old dns server */
+ host_t *old;
+} dns_pair_t;
+
+/**
+ * Destroy a pair of old and installed DNS servers
+ */
+void destroy_dns_pair(dns_pair_t *this)
+{
+ DESTROY_IF(this->dns);
+ DESTROY_IF(this->old);
+ free(this);
+}
+
+/**
+ * Filter pairs of DNS servers
+ */
+bool filter_dns_pair(void *data, dns_pair_t **in, host_t **out)
+{
+ *out = (*in)->dns;
+ return TRUE;
+}
+
+/**
+ * Read DNS server property with a given index
+ */
+host_t *get_dns_server(int index)
+{
+ host_t *dns = NULL;
+ char key[10], value[PROPERTY_VALUE_MAX];
+
+ if (snprintf(key, sizeof(key), "net.dns%d", index) >= sizeof(key))
+ {
+ return NULL;
+ }
+
+ if (property_get(key, value, NULL) > 0)
+ {
+ dns = host_create_from_string(value, 0);
+ }
+ return dns;
+}
+
+/**
+ * Set DNS server property with a given index
+ */
+bool set_dns_server(int index, host_t *dns)
+{
+ char key[10], value[PROPERTY_VALUE_MAX];
+
+ if (snprintf(key, sizeof(key), "net.dns%d", index) >= sizeof(key))
+ {
+ return FALSE;
+ }
+
+ if (dns)
+ {
+ if (snprintf(value, sizeof(value), "%H", dns) >= sizeof(value))
+ {
+ return FALSE;
+ }
+ }
+ else
+ {
+ value[0] = '\0';
+ }
+
+ if (property_set(key, value) != 0)
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(attribute_handler_t, handle, bool,
+ private_android_handler_t *this, identification_t *id,
+ configuration_attribute_type_t type, chunk_t data)
+{
+ switch (type)
+ {
+ case INTERNAL_IP4_DNS:
+ {
+ host_t *dns;
+ dns_pair_t *pair;
+ int index;
+
+ dns = host_create_from_chunk(AF_INET, data, 0);
+ if (dns)
+ {
+ pair = malloc_thing(dns_pair_t);
+ pair->dns = dns;
+ index = this->dns->get_count(this->dns) + 1;
+ pair->old = get_dns_server(index);
+ set_dns_server(index, dns);
+ this->dns->insert_last(this->dns, pair);
+ return TRUE;
+ }
+ return FALSE;
+ }
+ default:
+ return FALSE;
+ }
+}
+
+METHOD(attribute_handler_t, release, void,
+ private_android_handler_t *this, identification_t *server,
+ configuration_attribute_type_t type, chunk_t data)
+{
+ if (type == INTERNAL_IP4_DNS)
+ {
+ enumerator_t *enumerator;
+ dns_pair_t *pair;
+ int index;
+
+ enumerator = this->dns->create_enumerator(this->dns);
+ for (index = 1; enumerator->enumerate(enumerator, &pair); index++)
+ {
+ if (chunk_equals(pair->dns->get_address(pair->dns), data))
+ {
+ this->dns->remove_at(this->dns, enumerator);
+ set_dns_server(index, pair->old);
+ destroy_dns_pair(pair);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+}
+
+METHOD(enumerator_t, enumerate_dns, bool,
+ enumerator_t *this, configuration_attribute_type_t *type, chunk_t *data)
+{
+ *type = INTERNAL_IP4_DNS;
+ *data = chunk_empty;
+ /* stop enumeration */
+ this->enumerate = (void*)return_false;
+ return TRUE;
+}
+
+METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t *,
+ android_handler_t *this, identification_t *id, host_t *vip)
+{
+ enumerator_t *enumerator;
+
+ INIT(enumerator,
+ .enumerate = (void*)_enumerate_dns,
+ .destroy = (void*)free,
+ );
+ return enumerator;
+}
+
+METHOD(android_handler_t, destroy, void,
+ private_android_handler_t *this)
+{
+ this->dns->destroy_function(this->dns, (void*)destroy_dns_pair);
+ free(this);
+}
+
+/**
+ * See header
+ */
+android_handler_t *android_handler_create()
+{
+ private_android_handler_t *this;
+
+ INIT(this,
+ .public = {
+ .handler = {
+ .handle = _handle,
+ .release = _release,
+ .create_attribute_enumerator = _create_attribute_enumerator,
+ },
+ .destroy = _destroy,
+ },
+ .dns = linked_list_create(),
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/android/android_handler.h b/src/libcharon/plugins/android/android_handler.h
new file mode 100644
index 000000000..af620505b
--- /dev/null
+++ b/src/libcharon/plugins/android/android_handler.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup android_handler android_handler
+ * @{ @ingroup android
+ */
+
+#ifndef ANDROID_HANDLER_H_
+#define ANDROID_HANDLER_H_
+
+#include <attributes/attribute_handler.h>
+
+typedef struct android_handler_t android_handler_t;
+
+/**
+ * Android specific DNS attribute handler.
+ */
+struct android_handler_t {
+
+ /**
+ * Implements attribute_handler_t.
+ */
+ attribute_handler_t handler;
+
+ /**
+ * Destroy a android_handler_t.
+ */
+ void (*destroy)(android_handler_t *this);
+};
+
+/**
+ * Create a android_handler instance.
+ */
+android_handler_t *android_handler_create();
+
+#endif /** ANDROID_HANDLER_H_ @}*/
diff --git a/src/libcharon/plugins/android/android_plugin.c b/src/libcharon/plugins/android/android_plugin.c
new file mode 100644
index 000000000..9a558f53b
--- /dev/null
+++ b/src/libcharon/plugins/android/android_plugin.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "android_plugin.h"
+#include "android_handler.h"
+
+#include <hydra.h>
+#include <daemon.h>
+
+typedef struct private_android_plugin_t private_android_plugin_t;
+
+/**
+ * Private data of an android_plugin_t object.
+ */
+struct private_android_plugin_t {
+
+ /**
+ * Public android_plugin_t interface.
+ */
+ android_plugin_t public;
+
+ /**
+ * Android specific DNS handler
+ */
+ android_handler_t *handler;
+};
+
+METHOD(plugin_t, destroy, void,
+ private_android_plugin_t *this)
+{
+ hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler);
+ this->handler->destroy(this->handler);
+ free(this);
+}
+
+/**
+ * See header
+ */
+plugin_t *android_plugin_create()
+{
+ private_android_plugin_t *this;
+
+ INIT(this,
+ .public.plugin = {
+ .destroy = _destroy,
+ },
+ .handler = android_handler_create(),
+ );
+
+ hydra->attributes->add_handler(hydra->attributes, &this->handler->handler);
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/android/android_plugin.h b/src/libcharon/plugins/android/android_plugin.h
new file mode 100644
index 000000000..987f2aa37
--- /dev/null
+++ b/src/libcharon/plugins/android/android_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup android android
+ * @ingroup cplugins
+ *
+ * @defgroup android_plugin android_plugin
+ * @{ @ingroup android
+ */
+
+#ifndef ANDROID_PLUGIN_H_
+#define ANDROID_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct android_plugin_t android_plugin_t;
+
+/**
+ * Plugin providing functionality specific to the Android platform.
+ */
+struct android_plugin_t {
+
+ /**
+ * Implements plugin interface.
+ */
+ plugin_t plugin;
+};
+
+#endif /** ANDROID_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/dhcp/Makefile.am b/src/libcharon/plugins/dhcp/Makefile.am
new file mode 100644
index 000000000..45d7536be
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/Makefile.am
@@ -0,0 +1,18 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-dhcp.la
+else
+plugin_LTLIBRARIES = libstrongswan-dhcp.la
+endif
+
+libstrongswan_dhcp_la_SOURCES = dhcp_plugin.h dhcp_plugin.c \
+ dhcp_provider.h dhcp_provider.c \
+ dhcp_socket.h dhcp_socket.c \
+ dhcp_transaction.h dhcp_transaction.c
+
+libstrongswan_dhcp_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
new file mode 100644
index 000000000..7606b963c
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -0,0 +1,590 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/dhcp
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_dhcp_la_LIBADD =
+am_libstrongswan_dhcp_la_OBJECTS = dhcp_plugin.lo dhcp_provider.lo \
+ dhcp_socket.lo dhcp_transaction.lo
+libstrongswan_dhcp_la_OBJECTS = $(am_libstrongswan_dhcp_la_OBJECTS)
+libstrongswan_dhcp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_dhcp_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_dhcp_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_dhcp_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_dhcp_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_dhcp_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-dhcp.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-dhcp.la
+libstrongswan_dhcp_la_SOURCES = dhcp_plugin.h dhcp_plugin.c \
+ dhcp_provider.h dhcp_provider.c \
+ dhcp_socket.h dhcp_socket.c \
+ dhcp_transaction.h dhcp_transaction.c
+
+libstrongswan_dhcp_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/dhcp/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libcharon/plugins/dhcp/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-dhcp.la: $(libstrongswan_dhcp_la_OBJECTS) $(libstrongswan_dhcp_la_DEPENDENCIES)
+ $(libstrongswan_dhcp_la_LINK) $(am_libstrongswan_dhcp_la_rpath) $(libstrongswan_dhcp_la_OBJECTS) $(libstrongswan_dhcp_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhcp_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhcp_provider.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhcp_socket.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhcp_transaction.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/dhcp/dhcp_plugin.c b/src/libcharon/plugins/dhcp/dhcp_plugin.c
new file mode 100644
index 000000000..829fd6356
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_plugin.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "dhcp_plugin.h"
+
+#include <hydra.h>
+#include <daemon.h>
+
+#include "dhcp_socket.h"
+#include "dhcp_provider.h"
+
+typedef struct private_dhcp_plugin_t private_dhcp_plugin_t;
+
+/**
+ * private data of dhcp plugin
+ */
+struct private_dhcp_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ dhcp_plugin_t public;
+
+ /**
+ * DHCP communication socket
+ */
+ dhcp_socket_t *socket;
+
+ /**
+ * Attribute provider
+ */
+ dhcp_provider_t *provider;
+};
+
+METHOD(plugin_t, destroy, void,
+ private_dhcp_plugin_t *this)
+{
+ hydra->attributes->remove_provider(hydra->attributes,
+ &this->provider->provider);
+ this->provider->destroy(this->provider);
+ this->socket->destroy(this->socket);
+ free(this);
+}
+
+/**
+ * Plugin constructor.
+ */
+plugin_t *dhcp_plugin_create()
+{
+ private_dhcp_plugin_t *this;
+
+ INIT(this,
+ .public.plugin.destroy = _destroy,
+ .socket = dhcp_socket_create(),
+ );
+
+ if (!this->socket)
+ {
+ free(this);
+ return NULL;
+ }
+
+ this->provider = dhcp_provider_create(this->socket);
+ hydra->attributes->add_provider(hydra->attributes,
+ &this->provider->provider);
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/dhcp/dhcp_plugin.h b/src/libcharon/plugins/dhcp/dhcp_plugin.h
new file mode 100644
index 000000000..b21b44d28
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup dhcp dhcp
+ * @ingroup cplugins
+ *
+ * @defgroup dhcp_plugin dhcp_plugin
+ * @{ @ingroup dhcp
+ */
+
+#ifndef DHCP_PLUGIN_H_
+#define DHCP_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct dhcp_plugin_t dhcp_plugin_t;
+
+/**
+ * DHCP based attribute provider plugin.
+ */
+struct dhcp_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** DHCP_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/dhcp/dhcp_provider.c b/src/libcharon/plugins/dhcp/dhcp_provider.c
new file mode 100644
index 000000000..dbcceb6ce
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_provider.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "dhcp_provider.h"
+
+#include <utils/hashtable.h>
+#include <threading/mutex.h>
+
+typedef struct private_dhcp_provider_t private_dhcp_provider_t;
+
+/**
+ * Private data of an dhcp_provider_t object.
+ */
+struct private_dhcp_provider_t {
+
+ /**
+ * Public dhcp_provider_t interface.
+ */
+ dhcp_provider_t public;
+
+ /**
+ * Completed DHCP transactions
+ */
+ hashtable_t *transactions;
+
+ /**
+ * Lock for transactions
+ */
+ mutex_t *mutex;
+
+ /**
+ * DHCP communication socket
+ */
+ dhcp_socket_t *socket;
+};
+
+/**
+ * Hashtable hash function
+ */
+static u_int hash(void *key)
+{
+ return (uintptr_t)key;
+}
+
+/**
+ * Hashtable equals function
+ */
+static bool equals(void *a, void *b)
+{
+ return a == b;
+}
+
+/**
+ * Hash ID and host to a key
+ */
+static uintptr_t hash_id_host(identification_t *id, host_t *host)
+{
+ return chunk_hash_inc(id->get_encoding(id),
+ chunk_hash(host->get_address(host)));
+}
+
+/**
+ * Hash a DHCP transaction to a key, using address and id
+ */
+static uintptr_t hash_transaction(dhcp_transaction_t *transaction)
+{
+ return hash_id_host(transaction->get_identity(transaction),
+ transaction->get_address(transaction));
+}
+
+METHOD(attribute_provider_t, acquire_address, host_t*,
+ private_dhcp_provider_t *this, char *pool,
+ identification_t *id, host_t *requested)
+{
+ if (streq(pool, "dhcp"))
+ {
+ dhcp_transaction_t *transaction, *old;
+ host_t *vip;
+
+ transaction = this->socket->enroll(this->socket, id);
+ if (!transaction)
+ {
+ return NULL;
+ }
+ vip = transaction->get_address(transaction);
+ vip = vip->clone(vip);
+ this->mutex->lock(this->mutex);
+ old = this->transactions->put(this->transactions,
+ (void*)hash_transaction(transaction), transaction);
+ this->mutex->unlock(this->mutex);
+ DESTROY_IF(old);
+ return vip;
+ }
+ return NULL;
+}
+
+METHOD(attribute_provider_t, release_address, bool,
+ private_dhcp_provider_t *this, char *pool,
+ host_t *address, identification_t *id)
+{
+ if (streq(pool, "dhcp"))
+ {
+ dhcp_transaction_t *transaction;
+
+ this->mutex->lock(this->mutex);
+ transaction = this->transactions->remove(this->transactions,
+ (void*)hash_id_host(id, address));
+ this->mutex->unlock(this->mutex);
+ if (transaction)
+ {
+ this->socket->release(this->socket, transaction);
+ transaction->destroy(transaction);
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
+ private_dhcp_provider_t *this, identification_t *id, host_t *vip)
+{
+ dhcp_transaction_t *transaction;
+
+ if (!vip)
+ {
+ return NULL;
+ }
+ this->mutex->lock(this->mutex);
+ transaction = this->transactions->get(this->transactions,
+ (void*)hash_id_host(id, vip));
+ if (!transaction)
+ {
+ this->mutex->unlock(this->mutex);
+ return NULL;
+ }
+ return enumerator_create_cleaner(
+ transaction->create_attribute_enumerator(transaction),
+ (void*)this->mutex->unlock, this->mutex);
+}
+
+METHOD(dhcp_provider_t, destroy, void,
+ private_dhcp_provider_t *this)
+{
+ enumerator_t *enumerator;
+ dhcp_transaction_t *value;
+ void *key;
+
+ enumerator = this->transactions->create_enumerator(this->transactions);
+ while (enumerator->enumerate(enumerator, &key, &value))
+ {
+ value->destroy(value);
+ }
+ enumerator->destroy(enumerator);
+ this->transactions->destroy(this->transactions);
+ this->mutex->destroy(this->mutex);
+ free(this);
+}
+
+/**
+ * See header
+ */
+dhcp_provider_t *dhcp_provider_create(dhcp_socket_t *socket)
+{
+ private_dhcp_provider_t *this;
+
+ INIT(this,
+ .public = {
+ .provider = {
+ .acquire_address = _acquire_address,
+ .release_address = _release_address,
+ .create_attribute_enumerator = _create_attribute_enumerator,
+ },
+ .destroy = _destroy,
+ },
+ .socket = socket,
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .transactions = hashtable_create(hash, equals, 8),
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/dhcp/dhcp_provider.h b/src/libcharon/plugins/dhcp/dhcp_provider.h
new file mode 100644
index 000000000..e720e876c
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_provider.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup dhcp_provider dhcp_provider
+ * @{ @ingroup dhcp
+ */
+
+#ifndef DHCP_PROVIDER_H_
+#define DHCP_PROVIDER_H_
+
+typedef struct dhcp_provider_t dhcp_provider_t;
+
+#include "dhcp_socket.h"
+
+#include <attributes/attribute_provider.h>
+
+/**
+ * DHCP based attribute provider.
+ */
+struct dhcp_provider_t {
+
+ /**
+ * Implements attribute_provier_t interface.
+ */
+ attribute_provider_t provider;
+
+ /**
+ * Destroy a dhcp_provider_t.
+ */
+ void (*destroy)(dhcp_provider_t *this);
+};
+
+/**
+ * Create a dhcp_provider instance.
+ *
+ * @param socket socket to use for DHCP communication
+ * @return provider instance
+ */
+dhcp_provider_t *dhcp_provider_create(dhcp_socket_t *socket);
+
+#endif /** DHCP_PROVIDER_H_ @}*/
diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c
new file mode 100644
index 000000000..f61b3a60e
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.c
@@ -0,0 +1,758 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "dhcp_socket.h"
+
+#include <unistd.h>
+#include <errno.h>
+#include <string.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/udp.h>
+#include <linux/if_arp.h>
+#include <linux/if_ether.h>
+#include <linux/filter.h>
+
+#include <utils/linked_list.h>
+#include <utils/identification.h>
+#include <threading/mutex.h>
+#include <threading/condvar.h>
+#include <threading/thread.h>
+
+#include <daemon.h>
+#include <processing/jobs/callback_job.h>
+
+#define DHCP_SERVER_PORT 67
+#define DHCP_CLIENT_PORT 68
+#define DHCP_TRIES 5
+
+typedef struct private_dhcp_socket_t private_dhcp_socket_t;
+
+/**
+ * Private data of an dhcp_socket_t object.
+ */
+struct private_dhcp_socket_t {
+
+ /**
+ * Public dhcp_socket_t interface.
+ */
+ dhcp_socket_t public;
+
+ /**
+ * Random number generator
+ */
+ rng_t *rng;
+
+ /**
+ * List of transactions in DISCOVER
+ */
+ linked_list_t *discover;
+
+ /**
+ * List of transactions in REQUEST
+ */
+ linked_list_t *request;
+
+ /**
+ * List of successfully completed transactions
+ */
+ linked_list_t *completed;
+
+ /**
+ * Lock for transactions
+ */
+ mutex_t *mutex;
+
+ /**
+ * Condvar to wait for transaction completion
+ */
+ condvar_t *condvar;
+
+ /**
+ * Threads waiting in condvar
+ */
+ int waiting;
+
+ /**
+ * DHCP send socket
+ */
+ int send;
+
+ /**
+ * DHCP receive socket
+ */
+ int receive;
+
+ /**
+ * Do we use per-identity or random leases (and MAC addresses)
+ */
+ bool identity_lease;
+
+ /**
+ * DHCP server address, or broadcast
+ */
+ host_t *dst;
+
+ /**
+ * Callback job receiving DHCP responses
+ */
+ callback_job_t *job;
+};
+
+/**
+ * DHCP opcode (or BOOTP actually)
+ */
+typedef enum {
+ BOOTREQUEST = 1,
+ BOOTREPLY = 2,
+} dhcp_opcode_t;
+
+/**
+ * Some DHCP options used
+ */
+typedef enum {
+ DHCP_DNS_SERVER = 6,
+ DHCP_HOST_NAME = 12,
+ DHCP_NBNS_SERVER = 44,
+ DHCP_REQUESTED_IP = 50,
+ DHCP_MESSAGE_TYPE = 53,
+ DHCP_SERVER_ID = 54,
+ DHCP_PARAM_REQ_LIST = 55,
+ DHCP_CLIENT_ID = 61,
+ DHCP_OPTEND = 255,
+} dhcp_option_type_t;
+
+/**
+ * DHCP messages types in the DHCP_MESSAGE_TYPE option
+ */
+typedef enum {
+ DHCP_DISCOVER = 1,
+ DHCP_OFFER = 2,
+ DHCP_REQUEST = 3,
+ DHCP_DECLINE = 4,
+ DHCP_ACK = 5,
+ DHCP_NAK = 6,
+ DHCP_RELEASE = 7,
+ DHCP_INFORM = 8,
+} dhcp_message_type_t;
+/**
+ * DHCP option encoding, a TLV
+ */
+typedef struct __attribute__((packed)) {
+ u_int8_t type;
+ u_int8_t len;
+ char data[];
+} dhcp_option_t;
+
+/**
+ * DHCP message format, with a maximum size options buffer
+ */
+typedef struct __attribute__((packed)) {
+ u_int8_t opcode;
+ u_int8_t hw_type;
+ u_int8_t hw_addr_len;
+ u_int8_t hop_count;
+ u_int32_t transaction_id;
+ u_int16_t number_of_seconds;
+ u_int16_t flags;
+ u_int32_t client_address;
+ u_int32_t your_address;
+ u_int32_t server_address;
+ u_int32_t gateway_address;
+ char client_hw_addr[6];
+ char client_hw_padding[10];
+ char server_hostname[64];
+ char boot_filename[128];
+ u_int32_t magic_cookie;
+ char options[252];
+} dhcp_t;
+
+/**
+ * Prepare a DHCP message for a given transaction
+ */
+static int prepare_dhcp(private_dhcp_socket_t *this,
+ dhcp_transaction_t *transaction,
+ dhcp_message_type_t type, dhcp_t *dhcp)
+{
+ chunk_t chunk, broadcast = chunk_from_chars(0xFF,0xFF,0xFF,0xFF);
+ identification_t *identity;
+ dhcp_option_t *option;
+ int optlen = 0;
+ host_t *src;
+ u_int32_t id;
+
+ memset(dhcp, 0, sizeof(*dhcp));
+ dhcp->opcode = BOOTREQUEST;
+ dhcp->hw_type = ARPHRD_ETHER;
+ dhcp->hw_addr_len = 6;
+ dhcp->transaction_id = transaction->get_id(transaction);
+ if (chunk_equals(broadcast, this->dst->get_address(this->dst)))
+ {
+ /* TODO: send with 0.0.0.0 source address */
+ }
+ else
+ {
+ /* act as relay agent */
+ src = charon->kernel_interface->get_source_addr(
+ charon->kernel_interface, this->dst, NULL);
+ if (src)
+ {
+ memcpy(&dhcp->gateway_address, src->get_address(src).ptr,
+ sizeof(dhcp->gateway_address));
+ src->destroy(src);
+ }
+ }
+
+ identity = transaction->get_identity(transaction);
+ chunk = identity->get_encoding(identity);
+ /* magic bytes, a locally administered unicast MAC */
+ dhcp->client_hw_addr[0] = 0x7A;
+ dhcp->client_hw_addr[1] = 0xA7;
+ /* with ID specific postfix */
+ if (this->identity_lease)
+ {
+ id = htonl(chunk_hash(chunk));
+ }
+ else
+ {
+ id = transaction->get_id(transaction);
+ }
+ memcpy(&dhcp->client_hw_addr[2], &id, sizeof(id));
+
+ dhcp->magic_cookie = htonl(0x63825363);
+
+ option = (dhcp_option_t*)&dhcp->options[optlen];
+ option->type = DHCP_MESSAGE_TYPE;
+ option->len = 1;
+ option->data[0] = type;
+ optlen += sizeof(dhcp_option_t) + option->len;
+
+ if (identity->get_type(identity) == ID_FQDN)
+ {
+ option = (dhcp_option_t*)&dhcp->options[optlen];
+ option->type = DHCP_HOST_NAME;
+ option->len = min(chunk.len, 64);
+ memcpy(option->data, chunk.ptr, option->len);
+ optlen += sizeof(dhcp_option_t) + option->len;
+ }
+
+ option = (dhcp_option_t*)&dhcp->options[optlen];
+ option->type = DHCP_CLIENT_ID;
+ option->len = min(chunk.len, 64);
+ memcpy(option->data, chunk.ptr, option->len);
+ optlen += sizeof(dhcp_option_t) + option->len;
+
+ return optlen;
+}
+
+/**
+ * Send a DHCP message with given options length
+ */
+static bool send_dhcp(private_dhcp_socket_t *this,
+ dhcp_transaction_t *transaction, dhcp_t *dhcp, int optlen)
+{
+ host_t *dst;
+ ssize_t len;
+
+ dst = transaction->get_server(transaction);
+ if (!dst)
+ {
+ dst = this->dst;
+ }
+ len = offsetof(dhcp_t, magic_cookie) + ((optlen + 4) / 64 * 64 + 64);
+ return sendto(this->send, dhcp, len, 0, dst->get_sockaddr(dst),
+ *dst->get_sockaddr_len(dst)) == len;
+}
+
+/**
+ * Send DHCP discover using a given transaction
+ */
+static bool discover(private_dhcp_socket_t *this,
+ dhcp_transaction_t *transaction)
+{
+ dhcp_option_t *option;
+ dhcp_t dhcp;
+ int optlen;
+
+ optlen = prepare_dhcp(this, transaction, DHCP_DISCOVER, &dhcp);
+
+ DBG1(DBG_CFG, "sending DHCP DISCOVER to %H", this->dst);
+
+ option = (dhcp_option_t*)&dhcp.options[optlen];
+ option->type = DHCP_PARAM_REQ_LIST;
+ option->len = 2;
+ option->data[0] = DHCP_DNS_SERVER;
+ option->data[1] = DHCP_NBNS_SERVER;
+ optlen += sizeof(dhcp_option_t) + option->len;
+
+ dhcp.options[optlen++] = DHCP_OPTEND;
+
+ if (!send_dhcp(this, transaction, &dhcp, optlen))
+ {
+ DBG1(DBG_CFG, "sending DHCP DISCOVER failed: %s", strerror(errno));
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ * Send DHCP request using a given transaction
+ */
+static bool request(private_dhcp_socket_t *this,
+ dhcp_transaction_t *transaction)
+{
+ dhcp_option_t *option;
+ dhcp_t dhcp;
+ host_t *offer, *server;
+ chunk_t chunk;
+ int optlen;
+
+ optlen = prepare_dhcp(this, transaction, DHCP_REQUEST, &dhcp);
+
+ offer = transaction->get_address(transaction);
+ server = transaction->get_server(transaction);
+ if (!offer || !server)
+ {
+ return FALSE;
+ }
+ DBG1(DBG_CFG, "sending DHCP REQUEST for %H to %H", offer, server);
+
+ option = (dhcp_option_t*)&dhcp.options[optlen];
+ option->type = DHCP_REQUESTED_IP;
+ option->len = 4;
+ chunk = offer->get_address(offer);
+ memcpy(option->data, chunk.ptr, min(chunk.len, option->len));
+ optlen += sizeof(dhcp_option_t) + option->len;
+
+ option = (dhcp_option_t*)&dhcp.options[optlen];
+ option->type = DHCP_SERVER_ID;
+ option->len = 4;
+ chunk = server->get_address(server);
+ memcpy(option->data, chunk.ptr, min(chunk.len, option->len));
+ optlen += sizeof(dhcp_option_t) + option->len;
+
+ option = (dhcp_option_t*)&dhcp.options[optlen];
+ option->type = DHCP_PARAM_REQ_LIST;
+ option->len = 2;
+ option->data[0] = DHCP_DNS_SERVER;
+ option->data[1] = DHCP_NBNS_SERVER;
+ optlen += sizeof(dhcp_option_t) + option->len;
+
+ dhcp.options[optlen++] = DHCP_OPTEND;
+
+ if (!send_dhcp(this, transaction, &dhcp, optlen))
+ {
+ DBG1(DBG_CFG, "sending DHCP REQUEST failed: %s", strerror(errno));
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(dhcp_socket_t, enroll, dhcp_transaction_t*,
+ private_dhcp_socket_t *this, identification_t *identity)
+{
+ dhcp_transaction_t *transaction;
+ u_int32_t id;
+ int try;
+
+ this->rng->get_bytes(this->rng, sizeof(id), (u_int8_t*)&id);
+ transaction = dhcp_transaction_create(id, identity);
+
+ this->mutex->lock(this->mutex);
+ this->discover->insert_last(this->discover, transaction);
+ try = 1;
+ while (try <= DHCP_TRIES && discover(this, transaction))
+ {
+ if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) &&
+ this->request->find_first(this->request, NULL,
+ (void**)&transaction) == SUCCESS)
+ {
+ break;
+ }
+ try++;
+ }
+ if (this->discover->remove(this->discover, transaction, NULL))
+ { /* no OFFER received */
+ this->mutex->unlock(this->mutex);
+ transaction->destroy(transaction);
+ DBG1(DBG_CFG, "DHCP DISCOVER timed out");
+ return NULL;
+ }
+
+ try = 1;
+ while (try <= DHCP_TRIES && request(this, transaction))
+ {
+ if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) &&
+ this->completed->remove(this->completed, transaction, NULL))
+ {
+ break;
+ }
+ try++;
+ }
+ if (this->request->remove(this->request, transaction, NULL))
+ { /* no ACK received */
+ this->mutex->unlock(this->mutex);
+ transaction->destroy(transaction);
+ DBG1(DBG_CFG, "DHCP REQUEST timed out");
+ return NULL;
+ }
+ this->mutex->unlock(this->mutex);
+
+ return transaction;
+}
+
+METHOD(dhcp_socket_t, release, void,
+ private_dhcp_socket_t *this, dhcp_transaction_t *transaction)
+{
+ dhcp_option_t *option;
+ dhcp_t dhcp;
+ host_t *release, *server;
+ chunk_t chunk;
+ int optlen;
+
+ optlen = prepare_dhcp(this, transaction, DHCP_RELEASE, &dhcp);
+
+ release = transaction->get_address(transaction);
+ server = transaction->get_server(transaction);
+ if (!release || !server)
+ {
+ return;
+ }
+ DBG1(DBG_CFG, "sending DHCP RELEASE for %H to %H", release, server);
+
+ chunk = release->get_address(release);
+ memcpy(&dhcp.client_address, chunk.ptr,
+ min(chunk.len, sizeof(dhcp.client_address)));
+
+ option = (dhcp_option_t*)&dhcp.options[optlen];
+ option->type = DHCP_SERVER_ID;
+ option->len = 4;
+ chunk = server->get_address(server);
+ memcpy(option->data, chunk.ptr, min(chunk.len, option->len));
+ optlen += sizeof(dhcp_option_t) + option->len;
+
+ dhcp.options[optlen++] = DHCP_OPTEND;
+
+ if (!send_dhcp(this, transaction, &dhcp, optlen))
+ {
+ DBG1(DBG_CFG, "sending DHCP RELEASE failed: %s", strerror(errno));
+ }
+}
+
+/**
+ * Handle a DHCP OFFER
+ */
+static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen)
+{
+ dhcp_transaction_t *transaction = NULL;
+ enumerator_t *enumerator;
+ host_t *offer, *server;
+
+ offer = host_create_from_chunk(AF_INET,
+ chunk_from_thing(dhcp->your_address), 0);
+ server = host_create_from_chunk(AF_INET,
+ chunk_from_thing(dhcp->server_address), DHCP_SERVER_PORT);
+
+ this->mutex->lock(this->mutex);
+ enumerator = this->discover->create_enumerator(this->discover);
+ while (enumerator->enumerate(enumerator, &transaction))
+ {
+ if (transaction->get_id(transaction) == dhcp->transaction_id)
+ {
+ DBG1(DBG_CFG, "received DHCP OFFER %H from %H", offer, server);
+ this->discover->remove_at(this->discover, enumerator);
+ this->request->insert_last(this->request, transaction);
+ transaction->set_address(transaction, offer->clone(offer));
+ transaction->set_server(transaction, server->clone(server));
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (transaction)
+ {
+ int optsize, optpos = 0, pos;
+ dhcp_option_t *option;
+
+ while (optlen > sizeof(dhcp_option_t))
+ {
+ option = (dhcp_option_t*)&dhcp->options[optpos];
+ optsize = sizeof(dhcp_option_t) + option->len;
+ if (option->type == DHCP_OPTEND || optlen < optsize)
+ {
+ break;
+ }
+ if (option->type == DHCP_DNS_SERVER ||
+ option->type == DHCP_NBNS_SERVER)
+ {
+ for (pos = 0; pos + 4 <= option->len; pos += 4)
+ {
+ transaction->add_attribute(transaction, option->type ==
+ DHCP_DNS_SERVER ? INTERNAL_IP4_DNS : INTERNAL_IP4_NBNS,
+ chunk_create((char*)&option->data[pos], 4));
+ }
+ }
+ optlen -= optsize;
+ optpos += optsize;
+ }
+ }
+ this->mutex->unlock(this->mutex);
+ this->condvar->broadcast(this->condvar);
+ offer->destroy(offer);
+ server->destroy(server);
+}
+
+/**
+ * Handle a DHCP ACK
+ */
+static void handle_ack(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen)
+{
+ dhcp_transaction_t *transaction;
+ enumerator_t *enumerator;
+ host_t *offer;
+
+ offer = host_create_from_chunk(AF_INET,
+ chunk_from_thing(dhcp->your_address), 0);
+
+ this->mutex->lock(this->mutex);
+ enumerator = this->request->create_enumerator(this->request);
+ while (enumerator->enumerate(enumerator, &transaction))
+ {
+ if (transaction->get_id(transaction) == dhcp->transaction_id)
+ {
+ DBG1(DBG_CFG, "received DHCP ACK for %H", offer);
+ this->request->remove_at(this->request, enumerator);
+ this->completed->insert_last(this->completed, transaction);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex->unlock(this->mutex);
+ this->condvar->broadcast(this->condvar);
+ offer->destroy(offer);
+}
+
+/**
+ * Receive DHCP responses
+ */
+static job_requeue_t receive_dhcp(private_dhcp_socket_t *this)
+{
+ struct sockaddr_ll addr;
+ socklen_t addr_len = sizeof(addr);
+ struct __attribute__((packed)) {
+ struct iphdr ip;
+ struct udphdr udp;
+ dhcp_t dhcp;
+ } packet;
+ int oldstate, optlen, origoptlen, optsize, optpos = 0;
+ ssize_t len;
+ dhcp_option_t *option;
+
+ oldstate = thread_cancelability(TRUE);
+ len = recvfrom(this->receive, &packet, sizeof(packet), 0,
+ (struct sockaddr*)&addr, &addr_len);
+ thread_cancelability(oldstate);
+
+ if (len >= sizeof(struct iphdr) + sizeof(struct udphdr) +
+ offsetof(dhcp_t, options))
+ {
+ origoptlen = optlen = len - sizeof(struct iphdr) +
+ sizeof(struct udphdr) + offsetof(dhcp_t, options);
+ while (optlen > sizeof(dhcp_option_t))
+ {
+ option = (dhcp_option_t*)&packet.dhcp.options[optpos];
+ optsize = sizeof(dhcp_option_t) + option->len;
+ if (option->type == DHCP_OPTEND || optlen < optsize)
+ {
+ break;
+ }
+ if (option->type == DHCP_MESSAGE_TYPE && option->len == 1)
+ {
+ switch (option->data[0])
+ {
+ case DHCP_OFFER:
+ handle_offer(this, &packet.dhcp, origoptlen);
+ break;
+ case DHCP_ACK:
+ handle_ack(this, &packet.dhcp, origoptlen);
+ default:
+ break;
+ }
+ break;
+ }
+ optlen -= optsize;
+ optpos += optsize;
+ }
+ }
+ return JOB_REQUEUE_DIRECT;
+}
+
+METHOD(dhcp_socket_t, destroy, void,
+ private_dhcp_socket_t *this)
+{
+ if (this->job)
+ {
+ this->job->cancel(this->job);
+ }
+ while (this->waiting)
+ {
+ this->condvar->signal(this->condvar);
+ }
+ if (this->send > 0)
+ {
+ close(this->send);
+ }
+ if (this->receive > 0)
+ {
+ close(this->receive);
+ }
+ this->mutex->destroy(this->mutex);
+ this->condvar->destroy(this->condvar);
+ this->discover->destroy_offset(this->discover,
+ offsetof(dhcp_transaction_t, destroy));
+ this->request->destroy_offset(this->request,
+ offsetof(dhcp_transaction_t, destroy));
+ this->completed->destroy_offset(this->completed,
+ offsetof(dhcp_transaction_t, destroy));
+ DESTROY_IF(this->rng);
+ DESTROY_IF(this->dst);
+ free(this);
+}
+
+/**
+ * See header
+ */
+dhcp_socket_t *dhcp_socket_create()
+{
+ private_dhcp_socket_t *this;
+ struct sockaddr_in src;
+ int on = 1;
+ struct sock_filter dhcp_filter_code[] = {
+ BPF_STMT(BPF_LD+BPF_B+BPF_ABS,
+ offsetof(struct iphdr, protocol)),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IPPROTO_UDP, 0, 16),
+ BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) +
+ offsetof(struct udphdr, source)),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 14),
+ BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) +
+ offsetof(struct udphdr, dest)),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_CLIENT_PORT, 0, 2),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 1),
+ BPF_JUMP(BPF_JMP+BPF_JA, 0, 0, 10),
+ BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
+ sizeof(struct udphdr) + offsetof(dhcp_t, opcode)),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, BOOTREPLY, 0, 8),
+ BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
+ sizeof(struct udphdr) + offsetof(dhcp_t, hw_type)),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARPHRD_ETHER, 0, 6),
+ BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
+ sizeof(struct udphdr) + offsetof(dhcp_t, hw_addr_len)),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 6, 0, 4),
+ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, sizeof(struct iphdr) +
+ sizeof(struct udphdr) + offsetof(dhcp_t, magic_cookie)),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x63825363, 0, 2),
+ BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0),
+ BPF_STMT(BPF_RET+BPF_A, 0),
+ BPF_STMT(BPF_RET+BPF_K, 0),
+ };
+ struct sock_fprog dhcp_filter = {
+ sizeof(dhcp_filter_code) / sizeof(struct sock_filter),
+ dhcp_filter_code,
+ };
+
+ INIT(this,
+ .public = {
+ .enroll = _enroll,
+ .release = _release,
+ .destroy = _destroy,
+ },
+ .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
+ .discover = linked_list_create(),
+ .request = linked_list_create(),
+ .completed = linked_list_create(),
+ );
+
+ if (!this->rng)
+ {
+ DBG1(DBG_CFG, "unable to create RNG");
+ destroy(this);
+ return NULL;
+ }
+ this->identity_lease = lib->settings->get_bool(lib->settings,
+ "charon.plugins.dhcp.identity_lease", FALSE);
+ this->dst = host_create_from_string(lib->settings->get_str(lib->settings,
+ "charon.plugins.dhcp.server", "255.255.255.255"),
+ DHCP_SERVER_PORT);
+ if (!this->dst)
+ {
+ DBG1(DBG_CFG, "configured DHCP server address invalid");
+ destroy(this);
+ return NULL;
+ }
+
+ this->send = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ if (this->send == -1)
+ {
+ DBG1(DBG_CFG, "unable to create DHCP send socket: %s", strerror(errno));
+ destroy(this);
+ return NULL;
+ }
+ if (setsockopt(this->send, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1)
+ {
+ DBG1(DBG_CFG, "unable to reuse DHCP socket address: %s", strerror(errno));
+ destroy(this);
+ return NULL;
+ }
+ if (setsockopt(this->send, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on)) == -1)
+ {
+ DBG1(DBG_CFG, "unable to broadcast on DHCP socket: %s", strerror(errno));
+ destroy(this);
+ return NULL;
+ }
+ src.sin_family = AF_INET;
+ src.sin_port = htons(DHCP_CLIENT_PORT);
+ src.sin_addr.s_addr = INADDR_ANY;
+ if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1)
+ {
+ DBG1(DBG_CFG, "unable to bind DHCP send socket: %s", strerror(errno));
+ destroy(this);
+ return NULL;
+ }
+
+ this->receive = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IP));
+ if (this->receive == -1)
+ {
+ DBG1(DBG_NET, "opening DHCP receive socket failed: %s", strerror(errno));
+ destroy(this);
+ return NULL;
+ }
+ if (setsockopt(this->receive, SOL_SOCKET, SO_ATTACH_FILTER,
+ &dhcp_filter, sizeof(dhcp_filter)) < 0)
+ {
+ DBG1(DBG_CFG, "installing DHCP socket filter failed: %s",
+ strerror(errno));
+ destroy(this);
+ return NULL;
+ }
+
+ this->job = callback_job_create((callback_job_cb_t)receive_dhcp,
+ this, NULL, NULL);
+ charon->processor->queue_job(charon->processor, (job_t*)this->job);
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.h b/src/libcharon/plugins/dhcp/dhcp_socket.h
new file mode 100644
index 000000000..0a8398aba
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup dhcp_socket dhcp_socket
+ * @{ @ingroup dhcp
+ */
+
+#ifndef DHCP_SOCKET_H_
+#define DHCP_SOCKET_H_
+
+typedef struct dhcp_socket_t dhcp_socket_t;
+
+#include "dhcp_transaction.h"
+
+/**
+ * DHCP socket implementation
+ */
+struct dhcp_socket_t {
+
+ /**
+ * Enroll a client address using DHCP.
+ *
+ * @param identity peer identity to enroll an address for
+ * @return completed DHCP transaction, NULL on failure
+ */
+ dhcp_transaction_t* (*enroll)(dhcp_socket_t *this,
+ identification_t *identity);
+
+ /**
+ * Release an enrolled DHCP address.
+ *
+ * @param transaction transaction returned by enroll
+ */
+ void (*release)(dhcp_socket_t *this, dhcp_transaction_t *transaction);
+
+ /**
+ * Destroy a dhcp_socket_t.
+ */
+ void (*destroy)(dhcp_socket_t *this);
+};
+
+/**
+ * Create a dhcp_socket instance.
+ */
+dhcp_socket_t *dhcp_socket_create();
+
+#endif /** DHCP_SOCKET_H_ @}*/
diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.c b/src/libcharon/plugins/dhcp/dhcp_transaction.c
new file mode 100644
index 000000000..83f822dd8
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_transaction.c
@@ -0,0 +1,184 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "dhcp_transaction.h"
+
+#include <utils/linked_list.h>
+
+typedef struct private_dhcp_transaction_t private_dhcp_transaction_t;
+
+/**
+ * Private data of an dhcp_transaction_t object.
+ */
+struct private_dhcp_transaction_t {
+
+ /**
+ * Public dhcp_transaction_t interface.
+ */
+ dhcp_transaction_t public;
+
+ /**
+ * DHCP transaction ID
+ */
+ u_int32_t id;
+
+ /**
+ * Peer identity
+ */
+ identification_t *identity;
+
+ /**
+ * received DHCP address
+ */
+ host_t *address;
+
+ /**
+ * discovered DHCP server address
+ */
+ host_t *server;
+
+ /**
+ * List of added attributes, as attribute_entry_t
+ */
+ linked_list_t *attributes;
+};
+
+/**
+ * Entry for an added attribute
+ */
+typedef struct {
+ configuration_attribute_type_t type;
+ chunk_t data;
+} attribute_entry_t;
+
+METHOD(dhcp_transaction_t, get_id, u_int32_t,
+ private_dhcp_transaction_t *this)
+{
+ return this->id;
+}
+
+METHOD(dhcp_transaction_t, get_identity, identification_t*,
+ private_dhcp_transaction_t *this)
+{
+ return this->identity;
+}
+
+METHOD(dhcp_transaction_t, set_address, void,
+ private_dhcp_transaction_t *this, host_t *address)
+{
+ DESTROY_IF(this->address);
+ this->address = address;
+}
+
+METHOD(dhcp_transaction_t, get_address, host_t*,
+ private_dhcp_transaction_t *this)
+{
+ return this->address;
+}
+
+METHOD(dhcp_transaction_t, set_server, void,
+ private_dhcp_transaction_t *this, host_t *server)
+{
+ DESTROY_IF(this->server);
+ this->server = server;
+}
+
+METHOD(dhcp_transaction_t, get_server, host_t*,
+ private_dhcp_transaction_t *this)
+{
+ return this->server;
+}
+
+METHOD(dhcp_transaction_t, add_attribute, void,
+ private_dhcp_transaction_t *this, configuration_attribute_type_t type,
+ chunk_t data)
+{
+ attribute_entry_t *entry;
+
+ INIT(entry,
+ .type = type,
+ .data = chunk_clone(data),
+ );
+ this->attributes->insert_last(this->attributes, entry);
+}
+
+/**
+ * Filter function to map entries to type/data
+ */
+static bool attribute_filter(void *null, attribute_entry_t **entry,
+ configuration_attribute_type_t *type,
+ void **dummy, chunk_t *data)
+{
+ *type = (*entry)->type;
+ *data = (*entry)->data;
+ return TRUE;
+}
+
+METHOD(dhcp_transaction_t, create_attribute_enumerator, enumerator_t*,
+ private_dhcp_transaction_t *this)
+{
+ return enumerator_create_filter(
+ this->attributes->create_enumerator(this->attributes),
+ (void*)attribute_filter, NULL, NULL);
+}
+
+/**
+ * Clean up an attribute entry
+ */
+static void attribute_entry_destroy(attribute_entry_t *entry)
+{
+ free(entry->data.ptr);
+ free(entry);
+}
+
+METHOD(dhcp_transaction_t, destroy, void,
+ private_dhcp_transaction_t *this)
+{
+ this->identity->destroy(this->identity);
+ DESTROY_IF(this->address);
+ DESTROY_IF(this->server);
+ this->attributes->destroy_function(this->attributes,
+ (void*)attribute_entry_destroy);
+ free(this);
+}
+
+/**
+ * See header
+ */
+dhcp_transaction_t *dhcp_transaction_create(u_int32_t id,
+ identification_t *identity)
+{
+ private_dhcp_transaction_t *this;
+
+ INIT(this,
+ .public = {
+ .get_id = _get_id,
+ .get_identity = _get_identity,
+ .set_address = _set_address,
+ .get_address = _get_address,
+ .set_server = _set_server,
+ .get_server = _get_server,
+ .add_attribute = _add_attribute,
+ .create_attribute_enumerator = _create_attribute_enumerator,
+ .destroy = _destroy,
+ },
+ .id = id,
+ .identity = identity->clone(identity),
+ .attributes = linked_list_create(),
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.h b/src/libcharon/plugins/dhcp/dhcp_transaction.h
new file mode 100644
index 000000000..19c163f88
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_transaction.h
@@ -0,0 +1,109 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup dhcp_transaction dhcp_transaction
+ * @{ @ingroup dhcp
+ */
+
+#ifndef DHCP_TRANSACTION_H_
+#define DHCP_TRANSACTION_H_
+
+#include <utils/host.h>
+#include <utils/identification.h>
+#include <attributes/attributes.h>
+
+typedef struct dhcp_transaction_t dhcp_transaction_t;
+
+/**
+ * DHCP transaction class.
+ */
+struct dhcp_transaction_t {
+
+ /**
+ * Get the DCHP transaction ID.
+ *
+ * @return DHCP transaction identifier
+ */
+ u_int32_t (*get_id)(dhcp_transaction_t *this);
+
+ /**
+ * Get the peer identity this transaction is used for.
+ *
+ * @return peer Identity
+ */
+ identification_t* (*get_identity)(dhcp_transaction_t *this);
+
+ /**
+ * Set the DHCP address received using this transaction.
+ *
+ * @param host received DHCP address
+ */
+ void (*set_address)(dhcp_transaction_t *this, host_t *address);
+
+ /**
+ * Get the DHCP address received using this transaction.
+ *
+ * @return received DHCP address
+ */
+ host_t* (*get_address)(dhcp_transaction_t *this);
+
+ /**
+ * Set the DCHP server address discovered.
+ *
+ * @param server DHCP server address
+ */
+ void (*set_server)(dhcp_transaction_t *this, host_t *server);
+
+ /**
+ * Get the DHCP server address.
+ *
+ * @return DHCP server address
+ */
+ host_t* (*get_server)(dhcp_transaction_t *this);
+
+ /**
+ * An an additional attribute to serve to peer.
+ *
+ * @param type type of attribute
+ * @param data attribute data
+ */
+ void (*add_attribute)(dhcp_transaction_t *this,
+ configuration_attribute_type_t type, chunk_t data);
+
+ /**
+ * Create an enumerator over added attributes.
+ *
+ * @return enumerator over (configuration_attribute_t, chunk_t)
+ */
+ enumerator_t* (*create_attribute_enumerator)(dhcp_transaction_t *this);
+
+ /**
+ * Destroy a dhcp_transaction_t.
+ */
+ void (*destroy)(dhcp_transaction_t *this);
+};
+
+/**
+ * Create a dhcp_transaction instance.
+ *
+ * @param id DHCP transaction identifier
+ * @param identity peer identity this transaction is used for
+ * @return transaction instance
+ */
+dhcp_transaction_t *dhcp_transaction_create(u_int32_t id,
+ identification_t *identity);
+
+#endif /** DHCP_TRANSACTION_H_ @}*/
diff --git a/src/libcharon/plugins/eap_aka/Makefile.am b/src/libcharon/plugins/eap_aka/Makefile.am
new file mode 100644
index 000000000..d37d1691c
--- /dev/null
+++ b/src/libcharon/plugins/eap_aka/Makefile.am
@@ -0,0 +1,19 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-aka.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-aka.la
+libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
+endif
+
+libstrongswan_eap_aka_la_SOURCES = \
+ eap_aka_plugin.h eap_aka_plugin.c \
+ eap_aka_peer.h eap_aka_peer.c \
+ eap_aka_server.h eap_aka_server.c
+
+libstrongswan_eap_aka_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index d241e1ad0..1cea81a9b 100644
--- a/src/charon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/eap_aka
+subdir = src/libcharon/plugins/eap_aka
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,9 +72,9 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
-libstrongswan_eap_aka_la_DEPENDENCIES = \
- $(top_builddir)/src/libsimaka/libsimaka.la
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+@MONOLITHIC_FALSE@libstrongswan_eap_aka_la_DEPENDENCIES = \
+@MONOLITHIC_FALSE@ $(top_builddir)/src/libsimaka/libsimaka.la
am_libstrongswan_eap_aka_la_OBJECTS = eap_aka_plugin.lo \
eap_aka_peer.lo eap_aka_server.lo
libstrongswan_eap_aka_la_OBJECTS = \
@@ -82,6 +82,9 @@ libstrongswan_eap_aka_la_OBJECTS = \
libstrongswan_eap_aka_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_eap_aka_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_aka_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_aka_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,16 +258,18 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \
- -I$(top_srcdir)/src/libsimaka
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-aka.la
-libstrongswan_eap_aka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c \
- eap_aka_peer.h eap_aka_peer.c \
- eap_aka_server.h eap_aka_server.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-aka.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-aka.la
+@MONOLITHIC_FALSE@libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
+libstrongswan_eap_aka_la_SOURCES = \
+ eap_aka_plugin.h eap_aka_plugin.c \
+ eap_aka_peer.h eap_aka_peer.c \
+ eap_aka_server.h eap_aka_server.c
-libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
libstrongswan_eap_aka_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -278,9 +284,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_aka/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/eap_aka/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -299,6 +305,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -331,7 +346,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-eap-aka.la: $(libstrongswan_eap_aka_la_OBJECTS) $(libstrongswan_eap_aka_la_DEPENDENCIES)
- $(libstrongswan_eap_aka_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_aka_la_OBJECTS) $(libstrongswan_eap_aka_la_LIBADD) $(LIBS)
+ $(libstrongswan_eap_aka_la_LINK) $(am_libstrongswan_eap_aka_la_rpath) $(libstrongswan_eap_aka_la_OBJECTS) $(libstrongswan_eap_aka_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -486,8 +501,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -558,18 +573,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_aka/eap_aka_peer.c b/src/libcharon/plugins/eap_aka/eap_aka_peer.c
index 26546809d..26546809d 100644
--- a/src/charon/plugins/eap_aka/eap_aka_peer.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.c
diff --git a/src/charon/plugins/eap_aka/eap_aka_peer.h b/src/libcharon/plugins/eap_aka/eap_aka_peer.h
index 65a210406..65a210406 100644
--- a/src/charon/plugins/eap_aka/eap_aka_peer.h
+++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.h
diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.c b/src/libcharon/plugins/eap_aka/eap_aka_plugin.c
index c44a08966..f9283393a 100644
--- a/src/charon/plugins/eap_aka/eap_aka_plugin.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_plugin.c
@@ -35,7 +35,7 @@ static void destroy(eap_aka_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *eap_aka_plugin_create()
{
eap_aka_plugin_t *this = malloc_thing(eap_aka_plugin_t);
diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.h b/src/libcharon/plugins/eap_aka/eap_aka_plugin.h
index 938e5ecbd..d011904b3 100644
--- a/src/charon/plugins/eap_aka/eap_aka_plugin.h
+++ b/src/libcharon/plugins/eap_aka/eap_aka_plugin.h
@@ -42,9 +42,4 @@ struct eap_aka_plugin_t {
plugin_t plugin;
};
-/**
- * Create a eap_aka_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** EAP_AKA_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c
index 9baff3e23..9baff3e23 100644
--- a/src/charon/plugins/eap_aka/eap_aka_server.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c
diff --git a/src/charon/plugins/eap_aka/eap_aka_server.h b/src/libcharon/plugins/eap_aka/eap_aka_server.h
index d48fc4c34..d48fc4c34 100644
--- a/src/charon/plugins/eap_aka/eap_aka_server.h
+++ b/src/libcharon/plugins/eap_aka/eap_aka_server.h
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am
new file mode 100644
index 000000000..598799e2a
--- /dev/null
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am
@@ -0,0 +1,20 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la
+endif
+
+libstrongswan_eap_aka_3gpp2_la_SOURCES = \
+ eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \
+ eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \
+ eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \
+ eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c
+
+libstrongswan_eap_aka_3gpp2_la_LDFLAGS = -module -avoid-version
+libstrongswan_eap_aka_3gpp2_la_LIBADD = -lgmp
diff --git a/src/charon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index b80f97f95..d0b0f5601 100644
--- a/src/charon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/eap_aka_3gpp2
+subdir = src/libcharon/plugins/eap_aka_3gpp2
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_eap_aka_3gpp2_la_DEPENDENCIES =
am_libstrongswan_eap_aka_3gpp2_la_OBJECTS = eap_aka_3gpp2_plugin.lo \
eap_aka_3gpp2_card.lo eap_aka_3gpp2_provider.lo \
@@ -83,6 +83,9 @@ libstrongswan_eap_aka_3gpp2_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_eap_aka_3gpp2_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_aka_3gpp2_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_aka_3gpp2_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -221,6 +224,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -255,14 +259,17 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la
libstrongswan_eap_aka_3gpp2_la_SOURCES = \
- eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \
- eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \
- eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \
- eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c
+ eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \
+ eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \
+ eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \
+ eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c
libstrongswan_eap_aka_3gpp2_la_LDFLAGS = -module -avoid-version
libstrongswan_eap_aka_3gpp2_la_LIBADD = -lgmp
@@ -279,9 +286,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_aka_3gpp2/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp2/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/eap_aka_3gpp2/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp2/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -300,6 +307,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -332,7 +348,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-eap-aka-3gpp2.la: $(libstrongswan_eap_aka_3gpp2_la_OBJECTS) $(libstrongswan_eap_aka_3gpp2_la_DEPENDENCIES)
- $(libstrongswan_eap_aka_3gpp2_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_aka_3gpp2_la_OBJECTS) $(libstrongswan_eap_aka_3gpp2_la_LIBADD) $(LIBS)
+ $(libstrongswan_eap_aka_3gpp2_la_LINK) $(am_libstrongswan_eap_aka_3gpp2_la_rpath) $(libstrongswan_eap_aka_3gpp2_la_OBJECTS) $(libstrongswan_eap_aka_3gpp2_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -488,8 +504,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -560,18 +576,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
index 5c0fe38ad..5c0fe38ad 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h
index b95bc52af..b95bc52af 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
index 1d3d246d1..1d3d246d1 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h
index 95c6da6a9..95c6da6a9 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c
index 5286e0986..626e83311 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c
@@ -64,7 +64,7 @@ static void destroy(private_eap_aka_3gpp2_t *this)
/**
* See header
*/
-plugin_t *plugin_create()
+plugin_t *eap_aka_3gpp2_plugin_create()
{
private_eap_aka_3gpp2_t *this = malloc_thing(private_eap_aka_3gpp2_t);
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h
index ed5c4cf3e..2ac450a7d 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h
@@ -54,9 +54,4 @@ struct eap_aka_3gpp2_plugin_t {
plugin_t plugin;
};
-/**
- * Create a eap_aka_3gpp2_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** EAP_AKA_3GPP2_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
index 9817fff8f..9817fff8f 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h
index 22ac0a96e..22ac0a96e 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.am b/src/libcharon/plugins/eap_gtc/Makefile.am
new file mode 100644
index 000000000..d8722bf9d
--- /dev/null
+++ b/src/libcharon/plugins/eap_gtc/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-gtc.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-gtc.la
+endif
+
+libstrongswan_eap_gtc_la_SOURCES = \
+ eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c
+
+libstrongswan_eap_gtc_la_LDFLAGS = -module -avoid-version -lpam
diff --git a/src/charon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index f3662e1cd..110e1528b 100644
--- a/src/charon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/eap_gtc
+subdir = src/libcharon/plugins/eap_gtc
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_eap_gtc_la_LIBADD =
am_libstrongswan_eap_gtc_la_OBJECTS = eap_gtc_plugin.lo eap_gtc.lo
libstrongswan_eap_gtc_la_OBJECTS = \
@@ -80,6 +80,9 @@ libstrongswan_eap_gtc_la_OBJECTS = \
libstrongswan_eap_gtc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_eap_gtc_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_gtc_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_gtc_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -252,10 +256,15 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-gtc.la
-libstrongswan_eap_gtc_la_SOURCES = eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-gtc.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-gtc.la
+libstrongswan_eap_gtc_la_SOURCES = \
+ eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c
+
libstrongswan_eap_gtc_la_LDFLAGS = -module -avoid-version -lpam
all: all-am
@@ -270,9 +279,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_gtc/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_gtc/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/eap_gtc/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_gtc/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -291,6 +300,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -323,7 +341,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-eap-gtc.la: $(libstrongswan_eap_gtc_la_OBJECTS) $(libstrongswan_eap_gtc_la_DEPENDENCIES)
- $(libstrongswan_eap_gtc_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_gtc_la_OBJECTS) $(libstrongswan_eap_gtc_la_LIBADD) $(LIBS)
+ $(libstrongswan_eap_gtc_la_LINK) $(am_libstrongswan_eap_gtc_la_rpath) $(libstrongswan_eap_gtc_la_OBJECTS) $(libstrongswan_eap_gtc_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -477,8 +495,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -549,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c
index c7f55fa70..c7f55fa70 100644
--- a/src/charon/plugins/eap_gtc/eap_gtc.c
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c
diff --git a/src/charon/plugins/eap_gtc/eap_gtc.h b/src/libcharon/plugins/eap_gtc/eap_gtc.h
index 2eb8482f8..2eb8482f8 100644
--- a/src/charon/plugins/eap_gtc/eap_gtc.h
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc.h
diff --git a/src/charon/plugins/eap_gtc/eap_gtc_plugin.c b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c
index 8550c254c..91ba84b3d 100644
--- a/src/charon/plugins/eap_gtc/eap_gtc_plugin.c
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c
@@ -37,7 +37,7 @@ static void destroy(eap_gtc_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *eap_gtc_plugin_create()
{
eap_gtc_plugin_t *this = malloc_thing(eap_gtc_plugin_t);
diff --git a/src/charon/plugins/eap_gtc/eap_gtc_plugin.h b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h
index abb6bdcb6..9c4052a6d 100644
--- a/src/charon/plugins/eap_gtc/eap_gtc_plugin.h
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h
@@ -39,9 +39,4 @@ struct eap_gtc_plugin_t {
plugin_t plugin;
};
-/**
- * Create a eap_gtc_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** EAP_GTC_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_identity/Makefile.am b/src/libcharon/plugins/eap_identity/Makefile.am
index 992eb43f7..2a7c764b0 100644
--- a/src/charon/plugins/eap_identity/Makefile.am
+++ b/src/libcharon/plugins/eap_identity/Makefile.am
@@ -1,10 +1,16 @@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-identity.la
+else
plugin_LTLIBRARIES = libstrongswan-eap-identity.la
+endif
+
libstrongswan_eap_identity_la_SOURCES = \
- eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c
-libstrongswan_eap_identity_la_LDFLAGS = -module -avoid-version
+ eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c
+libstrongswan_eap_identity_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index 80709246f..bbb987dd6 100644
--- a/src/charon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/eap_identity
+subdir = src/libcharon/plugins/eap_identity
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_eap_identity_la_LIBADD =
am_libstrongswan_eap_identity_la_OBJECTS = eap_identity_plugin.lo \
eap_identity.lo
@@ -82,6 +82,9 @@ libstrongswan_eap_identity_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_eap_identity_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_identity_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_identity_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,11 +258,14 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-identity.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-identity.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-identity.la
libstrongswan_eap_identity_la_SOURCES = \
- eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c
+ eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c
libstrongswan_eap_identity_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -274,9 +281,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_identity/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_identity/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/eap_identity/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_identity/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -295,6 +302,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +343,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-eap-identity.la: $(libstrongswan_eap_identity_la_OBJECTS) $(libstrongswan_eap_identity_la_DEPENDENCIES)
- $(libstrongswan_eap_identity_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_identity_la_OBJECTS) $(libstrongswan_eap_identity_la_LIBADD) $(LIBS)
+ $(libstrongswan_eap_identity_la_LINK) $(am_libstrongswan_eap_identity_la_rpath) $(libstrongswan_eap_identity_la_OBJECTS) $(libstrongswan_eap_identity_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -481,8 +497,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -553,18 +569,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_identity/eap_identity.c b/src/libcharon/plugins/eap_identity/eap_identity.c
index ab082a955..ab082a955 100644
--- a/src/charon/plugins/eap_identity/eap_identity.c
+++ b/src/libcharon/plugins/eap_identity/eap_identity.c
diff --git a/src/charon/plugins/eap_identity/eap_identity.h b/src/libcharon/plugins/eap_identity/eap_identity.h
index 7364a8bda..7364a8bda 100644
--- a/src/charon/plugins/eap_identity/eap_identity.h
+++ b/src/libcharon/plugins/eap_identity/eap_identity.h
diff --git a/src/charon/plugins/eap_identity/eap_identity_plugin.c b/src/libcharon/plugins/eap_identity/eap_identity_plugin.c
index a623e1951..082997154 100644
--- a/src/charon/plugins/eap_identity/eap_identity_plugin.c
+++ b/src/libcharon/plugins/eap_identity/eap_identity_plugin.c
@@ -34,7 +34,7 @@ static void destroy(eap_identity_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *eap_identity_plugin_create()
{
eap_identity_plugin_t *this = malloc_thing(eap_identity_plugin_t);
diff --git a/src/charon/plugins/eap_identity/eap_identity_plugin.h b/src/libcharon/plugins/eap_identity/eap_identity_plugin.h
index 0a7fb8228..274156a1b 100644
--- a/src/charon/plugins/eap_identity/eap_identity_plugin.h
+++ b/src/libcharon/plugins/eap_identity/eap_identity_plugin.h
@@ -39,9 +39,4 @@ struct eap_identity_plugin_t {
plugin_t plugin;
};
-/**
- * Create a eap_identity_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** EAP_IDENTITY_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/eap_md5/Makefile.am b/src/libcharon/plugins/eap_md5/Makefile.am
new file mode 100644
index 000000000..e9936c925
--- /dev/null
+++ b/src/libcharon/plugins/eap_md5/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-md5.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-md5.la
+endif
+
+libstrongswan_eap_md5_la_SOURCES = \
+ eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c
+
+libstrongswan_eap_md5_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index 21ac7fa92..943811604 100644
--- a/src/charon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/eap_md5
+subdir = src/libcharon/plugins/eap_md5
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_eap_md5_la_LIBADD =
am_libstrongswan_eap_md5_la_OBJECTS = eap_md5_plugin.lo eap_md5.lo
libstrongswan_eap_md5_la_OBJECTS = \
@@ -80,6 +80,9 @@ libstrongswan_eap_md5_la_OBJECTS = \
libstrongswan_eap_md5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_eap_md5_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_md5_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_md5_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -252,10 +256,15 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-md5.la
-libstrongswan_eap_md5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-md5.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-md5.la
+libstrongswan_eap_md5_la_SOURCES = \
+ eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c
+
libstrongswan_eap_md5_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -270,9 +279,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_md5/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_md5/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/eap_md5/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_md5/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -291,6 +300,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -323,7 +341,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-eap-md5.la: $(libstrongswan_eap_md5_la_OBJECTS) $(libstrongswan_eap_md5_la_DEPENDENCIES)
- $(libstrongswan_eap_md5_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_md5_la_OBJECTS) $(libstrongswan_eap_md5_la_LIBADD) $(LIBS)
+ $(libstrongswan_eap_md5_la_LINK) $(am_libstrongswan_eap_md5_la_rpath) $(libstrongswan_eap_md5_la_OBJECTS) $(libstrongswan_eap_md5_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -477,8 +495,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -549,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c
index 0eda8f755..0eda8f755 100644
--- a/src/charon/plugins/eap_md5/eap_md5.c
+++ b/src/libcharon/plugins/eap_md5/eap_md5.c
diff --git a/src/charon/plugins/eap_md5/eap_md5.h b/src/libcharon/plugins/eap_md5/eap_md5.h
index 3cff0dd79..3cff0dd79 100644
--- a/src/charon/plugins/eap_md5/eap_md5.h
+++ b/src/libcharon/plugins/eap_md5/eap_md5.h
diff --git a/src/charon/plugins/eap_md5/eap_md5_plugin.c b/src/libcharon/plugins/eap_md5/eap_md5_plugin.c
index 629255ebf..e716dc6e8 100644
--- a/src/charon/plugins/eap_md5/eap_md5_plugin.c
+++ b/src/libcharon/plugins/eap_md5/eap_md5_plugin.c
@@ -34,7 +34,7 @@ static void destroy(eap_md5_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *eap_md5_plugin_create()
{
eap_md5_plugin_t *this = malloc_thing(eap_md5_plugin_t);
diff --git a/src/charon/plugins/eap_md5/eap_md5_plugin.h b/src/libcharon/plugins/eap_md5/eap_md5_plugin.h
index eb5b38e94..e5e1a6e94 100644
--- a/src/charon/plugins/eap_md5/eap_md5_plugin.h
+++ b/src/libcharon/plugins/eap_md5/eap_md5_plugin.h
@@ -39,9 +39,4 @@ struct eap_md5_plugin_t {
plugin_t plugin;
};
-/**
- * Create a eap_md5_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** EAP_MD5_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_mschapv2/Makefile.am b/src/libcharon/plugins/eap_mschapv2/Makefile.am
index 4758ad5f3..b9555b3c1 100644
--- a/src/charon/plugins/eap_mschapv2/Makefile.am
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.am
@@ -1,12 +1,17 @@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-mschapv2.la
+else
plugin_LTLIBRARIES = libstrongswan-eap-mschapv2.la
+endif
libstrongswan_eap_mschapv2_la_SOURCES = \
eap_mschapv2_plugin.h eap_mschapv2_plugin.c \
eap_mschapv2.h eap_mschapv2.c
-libstrongswan_eap_mschapv2_la_LDFLAGS = -module -avoid-version
+libstrongswan_eap_mschapv2_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index 001818481..2f6c65df4 100644
--- a/src/charon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/eap_mschapv2
+subdir = src/libcharon/plugins/eap_mschapv2
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_eap_mschapv2_la_LIBADD =
am_libstrongswan_eap_mschapv2_la_OBJECTS = eap_mschapv2_plugin.lo \
eap_mschapv2.lo
@@ -82,6 +82,9 @@ libstrongswan_eap_mschapv2_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_eap_mschapv2_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_mschapv2_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_mschapv2_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,9 +258,12 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-mschapv2.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-mschapv2.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-mschapv2.la
libstrongswan_eap_mschapv2_la_SOURCES = \
eap_mschapv2_plugin.h eap_mschapv2_plugin.c \
eap_mschapv2.h eap_mschapv2.c
@@ -275,9 +282,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_mschapv2/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_mschapv2/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -296,6 +303,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +344,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-eap-mschapv2.la: $(libstrongswan_eap_mschapv2_la_OBJECTS) $(libstrongswan_eap_mschapv2_la_DEPENDENCIES)
- $(libstrongswan_eap_mschapv2_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_mschapv2_la_OBJECTS) $(libstrongswan_eap_mschapv2_la_LIBADD) $(LIBS)
+ $(libstrongswan_eap_mschapv2_la_LINK) $(am_libstrongswan_eap_mschapv2_la_rpath) $(libstrongswan_eap_mschapv2_la_OBJECTS) $(libstrongswan_eap_mschapv2_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -482,8 +498,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -554,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
index f0222840d..c1ccf72eb 100644
--- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2009 Tobias Brunner
+ * Copyright (C) 2010 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -460,37 +461,31 @@ static status_t GenerateMSK(chunk_t password_hash_hash,
static status_t GenerateStuff(private_eap_mschapv2_t *this,
chunk_t server_challenge, chunk_t peer_challenge,
- chunk_t username, chunk_t password)
+ chunk_t username, chunk_t nt_hash)
{
status_t status = FAILED;
- chunk_t password_hash = chunk_empty, password_hash_hash = chunk_empty,
- challenge_hash = chunk_empty;
+ chunk_t nt_hash_hash = chunk_empty, challenge_hash = chunk_empty;
- if (NtPasswordHash(password, &password_hash) != SUCCESS)
- {
- goto error;
- }
- if (NtPasswordHash(password_hash, &password_hash_hash) != SUCCESS)
+ if (NtPasswordHash(nt_hash, &nt_hash_hash) != SUCCESS)
{
goto error;
}
if (ChallengeHash(peer_challenge, server_challenge, username,
- &challenge_hash) != SUCCESS)
+ &challenge_hash) != SUCCESS)
{
goto error;
}
-
- if (ChallengeResponse(challenge_hash, password_hash,
- &this->nt_response) != SUCCESS)
+ if (ChallengeResponse(challenge_hash, nt_hash,
+ &this->nt_response) != SUCCESS)
{
goto error;
}
- if (AuthenticatorResponse(password_hash_hash, challenge_hash,
- this->nt_response, &this->auth_response) != SUCCESS)
+ if (AuthenticatorResponse(nt_hash_hash, challenge_hash,
+ this->nt_response, &this->auth_response) != SUCCESS)
{
goto error;
}
- if (GenerateMSK(password_hash_hash, this->nt_response, &this->msk) != SUCCESS)
+ if (GenerateMSK(nt_hash_hash, this->nt_response, &this->msk) != SUCCESS)
{
goto error;
}
@@ -498,8 +493,7 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this,
status = SUCCESS;
error:
- chunk_free(&password_hash);
- chunk_free(&password_hash_hash);
+ chunk_free(&nt_hash_hash);
chunk_free(&challenge_hash);
return status;
}
@@ -613,6 +607,39 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou
return NEED_MORE;
}
+static bool get_nt_hash(private_eap_mschapv2_t *this, identification_t *me,
+ identification_t *other, chunk_t *nt_hash)
+{
+ shared_key_t *shared;
+ chunk_t password;
+
+ /* try to find a stored NT_HASH first */
+ shared = charon->credentials->get_shared(charon->credentials,
+ SHARED_NT_HASH, me, other);
+ if (shared )
+ {
+ *nt_hash = chunk_clone(shared->get_key(shared));
+ shared->destroy(shared);
+ return TRUE;
+ }
+
+ /* fallback to plaintext password */
+ shared = charon->credentials->get_shared(charon->credentials,
+ SHARED_EAP, me, other);
+ if (shared)
+ {
+ password = ascii_to_unicode(shared->get_key(shared));
+ shared->destroy(shared);
+
+ if (NtPasswordHash(password, nt_hash) == SUCCESS)
+ {
+ chunk_clear(&password);
+ return TRUE;
+ }
+ chunk_clear(&password);
+ }
+ return FALSE;
+}
/**
* Process MS-CHAPv2 Challenge Requests
@@ -624,8 +651,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this,
eap_mschapv2_header_t *eap;
eap_mschapv2_challenge_t *cha;
eap_mschapv2_response_t *res;
- shared_key_t *shared;
- chunk_t data, peer_challenge, username, password;
+ chunk_t data, peer_challenge, username, nt_hash;
u_int16_t len = RESPONSE_PAYLOAD_LEN;
data = in->get_data(in);
@@ -660,28 +686,24 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this,
rng->get_bytes(rng, CHALLENGE_LEN, peer_challenge.ptr);
rng->destroy(rng);
- shared = charon->credentials->get_shared(charon->credentials,
- SHARED_EAP, this->peer, this->server);
- if (shared == NULL)
+ if (!get_nt_hash(this, this->peer, this->server, &nt_hash))
{
DBG1(DBG_IKE, "no EAP key found for hosts '%Y' - '%Y'",
this->server, this->peer);
return NOT_FOUND;
}
- password = ascii_to_unicode(shared->get_key(shared));
- shared->destroy(shared);
-
username = extract_username(this->peer);
len += username.len;
- if (GenerateStuff(this, this->challenge, peer_challenge, username, password) != SUCCESS)
+ if (GenerateStuff(this, this->challenge, peer_challenge,
+ username, nt_hash) != SUCCESS)
{
DBG1(DBG_IKE, "EAP-MS-CHAPv2 generating NT-Response failed");
- chunk_clear(&password);
+ chunk_clear(&nt_hash);
return FAILED;
}
- chunk_clear(&password);
+ chunk_clear(&nt_hash);
eap = alloca(len);
eap->code = EAP_RESPONSE;
@@ -995,9 +1017,8 @@ static status_t process_server_response(private_eap_mschapv2_t *this,
{
eap_mschapv2_header_t *eap;
eap_mschapv2_response_t *res;
- chunk_t data, peer_challenge, username, password;
+ chunk_t data, peer_challenge, username, nt_hash;
identification_t *userid;
- shared_key_t *shared;
int name_len;
char buf[256];
@@ -1019,9 +1040,7 @@ static status_t process_server_response(private_eap_mschapv2_t *this,
DBG2(DBG_IKE, "EAP-MS-CHAPv2 username: '%Y'", userid);
username = extract_username(userid);
- shared = charon->credentials->get_shared(charon->credentials,
- SHARED_EAP, this->server, userid);
- if (shared == NULL)
+ if (!get_nt_hash(this, this->server, userid, &nt_hash))
{
DBG1(DBG_IKE, "no EAP key found for hosts '%Y' - '%Y'",
this->server, userid);
@@ -1035,21 +1054,19 @@ static status_t process_server_response(private_eap_mschapv2_t *this,
return process_server_retry(this, out);
}
- password = ascii_to_unicode(shared->get_key(shared));
- shared->destroy(shared);
-
if (GenerateStuff(this, this->challenge, peer_challenge,
- username, password) != SUCCESS)
+ username, nt_hash) != SUCCESS)
{
DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed");
userid->destroy(userid);
- chunk_clear(&password);
+ chunk_clear(&nt_hash);
return FAILED;
}
userid->destroy(userid);
- chunk_clear(&password);
+ chunk_clear(&nt_hash);
- if (memeq(res->response.nt_response, this->nt_response.ptr, this->nt_response.len))
+ if (memeq(res->response.nt_response, this->nt_response.ptr,
+ this->nt_response.len))
{
chunk_t hex;
char msg[AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)];
diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.h b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h
index 34cc1141e..34cc1141e 100644
--- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.h
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h
diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c
index 404cecb20..a7b41ddbf 100644
--- a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c
@@ -34,7 +34,7 @@ static void destroy(eap_mschapv2_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *eap_mschapv2_plugin_create()
{
eap_mschapv2_plugin_t *this = malloc_thing(eap_mschapv2_plugin_t);
diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h
index 9048fc64e..f250a9d47 100644
--- a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h
@@ -39,9 +39,4 @@ struct eap_mschapv2_plugin_t {
plugin_t plugin;
};
-/**
- * Create a eap_mschapv2_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** EAP_MSCHAPV2_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/eap_radius/Makefile.am b/src/libcharon/plugins/eap_radius/Makefile.am
new file mode 100644
index 000000000..a3abd4124
--- /dev/null
+++ b/src/libcharon/plugins/eap_radius/Makefile.am
@@ -0,0 +1,19 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-radius.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-radius.la
+endif
+
+libstrongswan_eap_radius_la_SOURCES = \
+ eap_radius_plugin.h eap_radius_plugin.c \
+ eap_radius.h eap_radius.c \
+ radius_client.h radius_client.c \
+ radius_message.h radius_message.c
+
+libstrongswan_eap_radius_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index eb135e750..18427adef 100644
--- a/src/charon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/eap_radius
+subdir = src/libcharon/plugins/eap_radius
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_eap_radius_la_LIBADD =
am_libstrongswan_eap_radius_la_OBJECTS = eap_radius_plugin.lo \
eap_radius.lo radius_client.lo radius_message.lo
@@ -82,6 +82,9 @@ libstrongswan_eap_radius_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_eap_radius_la_LDFLAGS) \
$(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_radius_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_radius_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,14 +258,17 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-radius.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-radius.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-radius.la
libstrongswan_eap_radius_la_SOURCES = \
- eap_radius_plugin.h eap_radius_plugin.c \
- eap_radius.h eap_radius.c \
- radius_client.h radius_client.c \
- radius_message.h radius_message.c
+ eap_radius_plugin.h eap_radius_plugin.c \
+ eap_radius.h eap_radius.c \
+ radius_client.h radius_client.c \
+ radius_message.h radius_message.c
libstrongswan_eap_radius_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -277,9 +284,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_radius/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_radius/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -298,6 +305,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -330,7 +346,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-eap-radius.la: $(libstrongswan_eap_radius_la_OBJECTS) $(libstrongswan_eap_radius_la_DEPENDENCIES)
- $(libstrongswan_eap_radius_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_radius_la_OBJECTS) $(libstrongswan_eap_radius_la_LIBADD) $(LIBS)
+ $(libstrongswan_eap_radius_la_LINK) $(am_libstrongswan_eap_radius_la_rpath) $(libstrongswan_eap_radius_la_OBJECTS) $(libstrongswan_eap_radius_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -486,8 +502,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -558,18 +574,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index f041fda54..f041fda54 100644
--- a/src/charon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
diff --git a/src/charon/plugins/eap_radius/eap_radius.h b/src/libcharon/plugins/eap_radius/eap_radius.h
index 8eb9e8c2d..8eb9e8c2d 100644
--- a/src/charon/plugins/eap_radius/eap_radius.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius.h
diff --git a/src/charon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
index 51e6a69c8..7d2788c3e 100644
--- a/src/charon/plugins/eap_radius/eap_radius_plugin.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
@@ -33,7 +33,7 @@ static void destroy(eap_radius_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *eap_radius_plugin_create()
{
eap_radius_plugin_t *this;
diff --git a/src/charon/plugins/eap_radius/eap_radius_plugin.h b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h
index a79640796..f2b8b5082 100644
--- a/src/charon/plugins/eap_radius/eap_radius_plugin.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h
@@ -42,9 +42,4 @@ struct eap_radius_plugin_t {
plugin_t plugin;
};
-/**
- * Create a eap_radius_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** EAP_RADIUS_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_radius/radius_client.c b/src/libcharon/plugins/eap_radius/radius_client.c
index 1d1f21742..1d1f21742 100644
--- a/src/charon/plugins/eap_radius/radius_client.c
+++ b/src/libcharon/plugins/eap_radius/radius_client.c
diff --git a/src/charon/plugins/eap_radius/radius_client.h b/src/libcharon/plugins/eap_radius/radius_client.h
index 77ba94807..77ba94807 100644
--- a/src/charon/plugins/eap_radius/radius_client.h
+++ b/src/libcharon/plugins/eap_radius/radius_client.h
diff --git a/src/charon/plugins/eap_radius/radius_message.c b/src/libcharon/plugins/eap_radius/radius_message.c
index 11a1d8dfc..11a1d8dfc 100644
--- a/src/charon/plugins/eap_radius/radius_message.c
+++ b/src/libcharon/plugins/eap_radius/radius_message.c
diff --git a/src/charon/plugins/eap_radius/radius_message.h b/src/libcharon/plugins/eap_radius/radius_message.h
index 266839d3b..266839d3b 100644
--- a/src/charon/plugins/eap_radius/radius_message.h
+++ b/src/libcharon/plugins/eap_radius/radius_message.h
diff --git a/src/libcharon/plugins/eap_sim/Makefile.am b/src/libcharon/plugins/eap_sim/Makefile.am
new file mode 100644
index 000000000..a0cb72f5f
--- /dev/null
+++ b/src/libcharon/plugins/eap_sim/Makefile.am
@@ -0,0 +1,19 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-sim.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-sim.la
+libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
+endif
+
+libstrongswan_eap_sim_la_SOURCES = \
+ eap_sim_plugin.h eap_sim_plugin.c \
+ eap_sim_peer.h eap_sim_peer.c \
+ eap_sim_server.h eap_sim_server.c
+
+libstrongswan_eap_sim_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index d9b568a42..588965113 100644
--- a/src/charon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/eap_sim
+subdir = src/libcharon/plugins/eap_sim
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,9 +72,9 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
-libstrongswan_eap_sim_la_DEPENDENCIES = \
- $(top_builddir)/src/libsimaka/libsimaka.la
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+@MONOLITHIC_FALSE@libstrongswan_eap_sim_la_DEPENDENCIES = \
+@MONOLITHIC_FALSE@ $(top_builddir)/src/libsimaka/libsimaka.la
am_libstrongswan_eap_sim_la_OBJECTS = eap_sim_plugin.lo \
eap_sim_peer.lo eap_sim_server.lo
libstrongswan_eap_sim_la_OBJECTS = \
@@ -82,6 +82,9 @@ libstrongswan_eap_sim_la_OBJECTS = \
libstrongswan_eap_sim_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_eap_sim_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_sim_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_sim_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,16 +258,18 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \
- -I$(top_srcdir)/src/libsimaka
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-sim.la
-libstrongswan_eap_sim_la_SOURCES = eap_sim_plugin.h eap_sim_plugin.c \
- eap_sim_peer.h eap_sim_peer.c \
- eap_sim_server.h eap_sim_server.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-sim.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-sim.la
+@MONOLITHIC_FALSE@libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
+libstrongswan_eap_sim_la_SOURCES = \
+ eap_sim_plugin.h eap_sim_plugin.c \
+ eap_sim_peer.h eap_sim_peer.c \
+ eap_sim_server.h eap_sim_server.c
-libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
libstrongswan_eap_sim_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -278,9 +284,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_sim/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/eap_sim/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -299,6 +305,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -331,7 +346,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-eap-sim.la: $(libstrongswan_eap_sim_la_OBJECTS) $(libstrongswan_eap_sim_la_DEPENDENCIES)
- $(libstrongswan_eap_sim_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_sim_la_OBJECTS) $(libstrongswan_eap_sim_la_LIBADD) $(LIBS)
+ $(libstrongswan_eap_sim_la_LINK) $(am_libstrongswan_eap_sim_la_rpath) $(libstrongswan_eap_sim_la_OBJECTS) $(libstrongswan_eap_sim_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -486,8 +501,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -558,18 +573,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
index 961cfd30d..961cfd30d 100644
--- a/src/charon/plugins/eap_sim/eap_sim_peer.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
diff --git a/src/charon/plugins/eap_sim/eap_sim_peer.h b/src/libcharon/plugins/eap_sim/eap_sim_peer.h
index 89f81301e..89f81301e 100644
--- a/src/charon/plugins/eap_sim/eap_sim_peer.h
+++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.h
diff --git a/src/charon/plugins/eap_sim/eap_sim_plugin.c b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c
index 1d2b9cf4f..f0c972253 100644
--- a/src/charon/plugins/eap_sim/eap_sim_plugin.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c
@@ -35,7 +35,7 @@ static void destroy(eap_sim_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *eap_sim_plugin_create()
{
eap_sim_plugin_t *this = malloc_thing(eap_sim_plugin_t);
diff --git a/src/charon/plugins/eap_sim/eap_sim_plugin.h b/src/libcharon/plugins/eap_sim/eap_sim_plugin.h
index 767eb65a5..4e10380c4 100644
--- a/src/charon/plugins/eap_sim/eap_sim_plugin.h
+++ b/src/libcharon/plugins/eap_sim/eap_sim_plugin.h
@@ -39,9 +39,4 @@ struct eap_sim_plugin_t {
plugin_t plugin;
};
-/**
- * Create a eap_sim_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** EAP_SIM_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c
index f6d5df09b..f6d5df09b 100644
--- a/src/charon/plugins/eap_sim/eap_sim_server.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c
diff --git a/src/charon/plugins/eap_sim/eap_sim_server.h b/src/libcharon/plugins/eap_sim/eap_sim_server.h
index 978e1e1e9..978e1e1e9 100644
--- a/src/charon/plugins/eap_sim/eap_sim_server.h
+++ b/src/libcharon/plugins/eap_sim/eap_sim_server.h
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.am b/src/libcharon/plugins/eap_sim_file/Makefile.am
new file mode 100644
index 000000000..2b59a7c88
--- /dev/null
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.am
@@ -0,0 +1,19 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\"
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-sim-file.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la
+endif
+
+libstrongswan_eap_sim_file_la_SOURCES = \
+ eap_sim_file_plugin.h eap_sim_file_plugin.c \
+ eap_sim_file_card.h eap_sim_file_card.c \
+ eap_sim_file_provider.h eap_sim_file_provider.c \
+ eap_sim_file_triplets.h eap_sim_file_triplets.c
+
+libstrongswan_eap_sim_file_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index 232c2a133..2d998dbcc 100644
--- a/src/charon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/eap_sim_file
+subdir = src/libcharon/plugins/eap_sim_file
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_eap_sim_file_la_LIBADD =
am_libstrongswan_eap_sim_file_la_OBJECTS = eap_sim_file_plugin.lo \
eap_sim_file_card.lo eap_sim_file_provider.lo \
@@ -83,6 +83,9 @@ libstrongswan_eap_sim_file_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_eap_sim_file_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_sim_file_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_sim_file_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -221,6 +224,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -255,14 +259,17 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\"
-plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-sim-file.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la
libstrongswan_eap_sim_file_la_SOURCES = \
- eap_sim_file_plugin.h eap_sim_file_plugin.c \
- eap_sim_file_card.h eap_sim_file_card.c \
- eap_sim_file_provider.h eap_sim_file_provider.c \
- eap_sim_file_triplets.h eap_sim_file_triplets.c
+ eap_sim_file_plugin.h eap_sim_file_plugin.c \
+ eap_sim_file_card.h eap_sim_file_card.c \
+ eap_sim_file_provider.h eap_sim_file_provider.c \
+ eap_sim_file_triplets.h eap_sim_file_triplets.c
libstrongswan_eap_sim_file_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -278,9 +285,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_sim_file/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_file/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/eap_sim_file/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_file/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -299,6 +306,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -331,7 +347,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-eap-sim-file.la: $(libstrongswan_eap_sim_file_la_OBJECTS) $(libstrongswan_eap_sim_file_la_DEPENDENCIES)
- $(libstrongswan_eap_sim_file_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_sim_file_la_OBJECTS) $(libstrongswan_eap_sim_file_la_LIBADD) $(LIBS)
+ $(libstrongswan_eap_sim_file_la_LINK) $(am_libstrongswan_eap_sim_file_la_rpath) $(libstrongswan_eap_sim_file_la_OBJECTS) $(libstrongswan_eap_sim_file_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -487,8 +503,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -559,18 +575,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c
index d132a38f6..d132a38f6 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h
index 1a5470968..1a5470968 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c
index 22ad31703..4f25c35ea 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c
@@ -19,7 +19,7 @@
#include "eap_sim_file_triplets.h"
#include <daemon.h>
-
+
#define TRIPLET_FILE IPSEC_CONFDIR "/ipsec.d/triplets.dat"
typedef struct private_eap_sim_file_t private_eap_sim_file_t;
@@ -66,7 +66,7 @@ static void destroy(private_eap_sim_file_t *this)
/**
* See header
*/
-plugin_t *plugin_create()
+plugin_t *eap_sim_file_plugin_create()
{
private_eap_sim_file_t *this = malloc_thing(private_eap_sim_file_t);
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h
index 24857d0b0..f5083c72f 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h
@@ -39,9 +39,4 @@ struct eap_sim_file_plugin_t {
plugin_t plugin;
};
-/**
- * Create a eap_sim_file_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** EAP_SIM_FILE_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c
index 9bee31fc3..9bee31fc3 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h
index 10fda282a..10fda282a 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c
index 6b7d99fb7..6b7d99fb7 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h
index 8f8130810..8f8130810 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am
new file mode 100644
index 000000000..a158d6dbe
--- /dev/null
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am
@@ -0,0 +1,18 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la
+endif
+
+libstrongswan_eap_simaka_pseudonym_la_SOURCES = \
+ eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \
+ eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \
+ eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c
+
+libstrongswan_eap_simaka_pseudonym_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index 392331fb1..6c44ea2bb 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/eap_simaka_pseudonym
+subdir = src/libcharon/plugins/eap_simaka_pseudonym
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_eap_simaka_pseudonym_la_LIBADD =
am_libstrongswan_eap_simaka_pseudonym_la_OBJECTS = \
eap_simaka_pseudonym_plugin.lo eap_simaka_pseudonym_card.lo \
@@ -84,6 +84,9 @@ libstrongswan_eap_simaka_pseudonym_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_eap_simaka_pseudonym_la_LDFLAGS) $(LDFLAGS) -o \
$@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_simaka_pseudonym_la_rpath = \
+@MONOLITHIC_FALSE@ -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_simaka_pseudonym_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -222,6 +225,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -256,13 +260,16 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la
libstrongswan_eap_simaka_pseudonym_la_SOURCES = \
- eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \
- eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \
- eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c
+ eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \
+ eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \
+ eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c
libstrongswan_eap_simaka_pseudonym_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -278,9 +285,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_pseudonym/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_pseudonym/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_pseudonym/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_pseudonym/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -299,6 +306,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -331,7 +347,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-eap-simaka-pseudonym.la: $(libstrongswan_eap_simaka_pseudonym_la_OBJECTS) $(libstrongswan_eap_simaka_pseudonym_la_DEPENDENCIES)
- $(libstrongswan_eap_simaka_pseudonym_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_simaka_pseudonym_la_OBJECTS) $(libstrongswan_eap_simaka_pseudonym_la_LIBADD) $(LIBS)
+ $(libstrongswan_eap_simaka_pseudonym_la_LINK) $(am_libstrongswan_eap_simaka_pseudonym_la_rpath) $(libstrongswan_eap_simaka_pseudonym_la_OBJECTS) $(libstrongswan_eap_simaka_pseudonym_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -486,8 +502,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -558,18 +574,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c
index 9b0f1bc71..9b0f1bc71 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c
diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h
index 1b5940fdc..1b5940fdc 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h
diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c
index e4e179a7d..81b9d7b00 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c
@@ -57,7 +57,7 @@ static void destroy(private_eap_simaka_pseudonym_t *this)
/**
* See header
*/
-plugin_t *plugin_create()
+plugin_t *eap_simaka_pseudonym_plugin_create()
{
private_eap_simaka_pseudonym_t *this;
diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h
index 032604eb1..1992b2482 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h
@@ -39,9 +39,4 @@ struct eap_simaka_pseudonym_plugin_t {
plugin_t plugin;
};
-/**
- * Create a eap_simaka_pseudonym_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** EAP_SIMAKA_PSEUDONYM_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c
index 0613b8807..0613b8807 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c
diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h
index 5d8e6d221..5d8e6d221 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.am b/src/libcharon/plugins/eap_simaka_reauth/Makefile.am
new file mode 100644
index 000000000..fbcd544d3
--- /dev/null
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.am
@@ -0,0 +1,18 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la
+endif
+
+libstrongswan_eap_simaka_reauth_la_SOURCES = \
+ eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \
+ eap_simaka_reauth_card.h eap_simaka_reauth_card.c \
+ eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c
+
+libstrongswan_eap_simaka_reauth_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index d709acb70..35d8e7c3b 100644
--- a/src/charon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/eap_simaka_reauth
+subdir = src/libcharon/plugins/eap_simaka_reauth
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_eap_simaka_reauth_la_LIBADD =
am_libstrongswan_eap_simaka_reauth_la_OBJECTS = \
eap_simaka_reauth_plugin.lo eap_simaka_reauth_card.lo \
@@ -83,6 +83,9 @@ libstrongswan_eap_simaka_reauth_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_eap_simaka_reauth_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_simaka_reauth_la_rpath = \
+@MONOLITHIC_FALSE@ -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_simaka_reauth_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -221,6 +224,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -255,13 +259,16 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la
libstrongswan_eap_simaka_reauth_la_SOURCES = \
- eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \
- eap_simaka_reauth_card.h eap_simaka_reauth_card.c \
- eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c
+ eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \
+ eap_simaka_reauth_card.h eap_simaka_reauth_card.c \
+ eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c
libstrongswan_eap_simaka_reauth_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -277,9 +284,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_reauth/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_reauth/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_reauth/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_reauth/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -298,6 +305,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -330,7 +346,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-eap-simaka-reauth.la: $(libstrongswan_eap_simaka_reauth_la_OBJECTS) $(libstrongswan_eap_simaka_reauth_la_DEPENDENCIES)
- $(libstrongswan_eap_simaka_reauth_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_simaka_reauth_la_OBJECTS) $(libstrongswan_eap_simaka_reauth_la_LIBADD) $(LIBS)
+ $(libstrongswan_eap_simaka_reauth_la_LINK) $(am_libstrongswan_eap_simaka_reauth_la_rpath) $(libstrongswan_eap_simaka_reauth_la_OBJECTS) $(libstrongswan_eap_simaka_reauth_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -485,8 +501,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -557,18 +573,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c
index 14d0416d9..14d0416d9 100644
--- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c
diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h
index f24dc8a15..f24dc8a15 100644
--- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h
diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c
index b2e853e21..987a0e109 100644
--- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c
@@ -57,7 +57,7 @@ static void destroy(private_eap_simaka_reauth_t *this)
/**
* See header
*/
-plugin_t *plugin_create()
+plugin_t *eap_simaka_reauth_plugin_create()
{
private_eap_simaka_reauth_t *this = malloc_thing(private_eap_simaka_reauth_t);
diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h
index e86832c0e..80c8a1037 100644
--- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h
@@ -39,9 +39,4 @@ struct eap_simaka_reauth_plugin_t {
plugin_t plugin;
};
-/**
- * Create a eap_simaka_reauth_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** EAP_SIMAKA_REAUTH_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c
index f962b2d84..f962b2d84 100644
--- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c
diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h
index 7ae151a27..7ae151a27 100644
--- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h
diff --git a/src/libcharon/plugins/farp/Makefile.am b/src/libcharon/plugins/farp/Makefile.am
new file mode 100644
index 000000000..42cd31879
--- /dev/null
+++ b/src/libcharon/plugins/farp/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-farp.la
+else
+plugin_LTLIBRARIES = libstrongswan-farp.la
+endif
+
+libstrongswan_farp_la_SOURCES = farp_plugin.h farp_plugin.c \
+ farp_listener.h farp_listener.c farp_spoofer.h farp_spoofer.c
+
+libstrongswan_farp_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
new file mode 100644
index 000000000..20ac77080
--- /dev/null
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -0,0 +1,587 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/farp
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_farp_la_LIBADD =
+am_libstrongswan_farp_la_OBJECTS = farp_plugin.lo farp_listener.lo \
+ farp_spoofer.lo
+libstrongswan_farp_la_OBJECTS = $(am_libstrongswan_farp_la_OBJECTS)
+libstrongswan_farp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_farp_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_farp_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_farp_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_farp_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_farp_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-farp.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-farp.la
+libstrongswan_farp_la_SOURCES = farp_plugin.h farp_plugin.c \
+ farp_listener.h farp_listener.c farp_spoofer.h farp_spoofer.c
+
+libstrongswan_farp_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/farp/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libcharon/plugins/farp/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-farp.la: $(libstrongswan_farp_la_OBJECTS) $(libstrongswan_farp_la_DEPENDENCIES)
+ $(libstrongswan_farp_la_LINK) $(am_libstrongswan_farp_la_rpath) $(libstrongswan_farp_la_OBJECTS) $(libstrongswan_farp_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/farp_listener.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/farp_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/farp_spoofer.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/farp/farp_listener.c b/src/libcharon/plugins/farp/farp_listener.c
new file mode 100644
index 000000000..8eed49778
--- /dev/null
+++ b/src/libcharon/plugins/farp/farp_listener.c
@@ -0,0 +1,154 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "farp_listener.h"
+
+#include <utils/hashtable.h>
+#include <threading/rwlock.h>
+
+typedef struct private_farp_listener_t private_farp_listener_t;
+
+/**
+ * Private data of an farp_listener_t object.
+ */
+struct private_farp_listener_t {
+
+ /**
+ * Public farp_listener_t interface.
+ */
+ farp_listener_t public;
+
+ /**
+ * Hashtable with active virtual IPs
+ */
+ hashtable_t *ips;
+
+ /**
+ * RWlock for IP list
+ */
+ rwlock_t *lock;
+};
+
+/**
+ * Hashtable hash function
+ */
+static u_int hash(host_t *key)
+{
+ return chunk_hash(key->get_address(key));
+}
+
+/**
+ * Hashtable equals function
+ */
+static bool equals(host_t *a, host_t *b)
+{
+ return a->ip_equals(a, b);
+}
+
+METHOD(listener_t, ike_updown, bool,
+ private_farp_listener_t *this, ike_sa_t *ike_sa, bool up)
+{
+ if (!up)
+ {
+ host_t *ip;
+
+ ip = ike_sa->get_virtual_ip(ike_sa, FALSE);
+ if (ip)
+ {
+ this->lock->write_lock(this->lock);
+ ip = this->ips->remove(this->ips, ip);
+ this->lock->unlock(this->lock);
+ DESTROY_IF(ip);
+ }
+ }
+ return TRUE;
+}
+
+METHOD(listener_t, message_hook, bool,
+ private_farp_listener_t *this, ike_sa_t *ike_sa,
+ message_t *message, bool incoming)
+{
+ if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
+ message->get_exchange_type(message) == IKE_AUTH &&
+ !message->get_request(message))
+ {
+ host_t *ip;
+
+ ip = ike_sa->get_virtual_ip(ike_sa, FALSE);
+ if (ip)
+ {
+ ip = ip->clone(ip);
+ this->lock->write_lock(this->lock);
+ ip = this->ips->put(this->ips, ip, ip);
+ this->lock->unlock(this->lock);
+ DESTROY_IF(ip);
+ }
+ }
+ return TRUE;
+}
+
+METHOD(farp_listener_t, is_active, bool,
+ private_farp_listener_t *this, host_t *ip)
+{
+ bool active;
+
+ this->lock->read_lock(this->lock);
+ active = this->ips->get(this->ips, ip) != NULL;
+ this->lock->unlock(this->lock);
+ return active;
+}
+
+METHOD(farp_listener_t, destroy, void,
+ private_farp_listener_t *this)
+{
+ enumerator_t *enumerator;
+ host_t *key, *value;
+
+ enumerator = this->ips->create_enumerator(this->ips);
+ while (enumerator->enumerate(enumerator, &key, &value))
+ {
+ value->destroy(value);
+ }
+ enumerator->destroy(enumerator);
+ this->ips->destroy(this->ips);
+
+ this->lock->destroy(this->lock);
+ free(this);
+}
+
+/**
+ * See header
+ */
+farp_listener_t *farp_listener_create()
+{
+ private_farp_listener_t *this;
+
+ INIT(this,
+ .public = {
+ .listener = {
+ .ike_updown = _ike_updown,
+ .message = _message_hook,
+ },
+ .is_active = _is_active,
+ .destroy = _destroy,
+ },
+ .ips = hashtable_create((hashtable_hash_t)hash,
+ (hashtable_equals_t)equals, 8),
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/farp/farp_listener.h b/src/libcharon/plugins/farp/farp_listener.h
new file mode 100644
index 000000000..bd96d7a1c
--- /dev/null
+++ b/src/libcharon/plugins/farp/farp_listener.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup farp_listener farp_listener
+ * @{ @ingroup farp
+ */
+
+#ifndef FARP_LISTENER_H_
+#define FARP_LISTENER_H_
+
+#include <utils/host.h>
+#include <bus/listeners/listener.h>
+
+typedef struct farp_listener_t farp_listener_t;
+
+/**
+ * Listener to register the set of IPs we spoof ARP responses for.
+ */
+struct farp_listener_t {
+
+ /**
+ * Implements listener_t interface.
+ */
+ listener_t listener;
+
+ /**
+ * Check if a given IP is currently used as virtual IP by a peer.
+ *
+ * @param ip IP to check
+ * @return TRUE if IP is an active virtual IP
+ */
+ bool (*is_active)(farp_listener_t *this, host_t *ip);
+
+ /**
+ * Destroy a farp_listener_t.
+ */
+ void (*destroy)(farp_listener_t *this);
+};
+
+/**
+ * Create a farp_listener instance.
+ */
+farp_listener_t *farp_listener_create();
+
+#endif /** FARP_LISTENER_H_ @}*/
diff --git a/src/libcharon/plugins/farp/farp_plugin.c b/src/libcharon/plugins/farp/farp_plugin.c
new file mode 100644
index 000000000..01c2a39c8
--- /dev/null
+++ b/src/libcharon/plugins/farp/farp_plugin.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "farp_plugin.h"
+
+#include "farp_listener.h"
+#include "farp_spoofer.h"
+
+#include <daemon.h>
+
+typedef struct private_farp_plugin_t private_farp_plugin_t;
+
+/**
+ * private data of farp plugin
+ */
+struct private_farp_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ farp_plugin_t public;
+
+ /**
+ * Listener registering active virtual IPs
+ */
+ farp_listener_t *listener;
+
+ /**
+ * Spoofer listening and spoofing ARP messages
+ */
+ farp_spoofer_t *spoofer;
+};
+
+METHOD(plugin_t, destroy, void,
+ private_farp_plugin_t *this)
+{
+ DESTROY_IF(this->spoofer);
+ charon->bus->remove_listener(charon->bus, &this->listener->listener);
+ this->listener->destroy(this->listener);
+ free(this);
+}
+
+/**
+ * Plugin constructor
+ */
+plugin_t *farp_plugin_create()
+{
+ private_farp_plugin_t *this;
+
+ INIT(this,
+ .public.plugin.destroy = _destroy,
+ .listener = farp_listener_create(),
+ );
+
+ charon->bus->add_listener(charon->bus, &this->listener->listener);
+
+ this->spoofer = farp_spoofer_create(this->listener);
+ if (!this->spoofer)
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/farp/farp_plugin.h b/src/libcharon/plugins/farp/farp_plugin.h
new file mode 100644
index 000000000..0246fcc2a
--- /dev/null
+++ b/src/libcharon/plugins/farp/farp_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup farp farp
+ * @ingroup cplugins
+ *
+ * @defgroup farp_plugin farp_plugin
+ * @{ @ingroup farp
+ */
+
+#ifndef FARP_PLUGIN_H_
+#define FARP_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct farp_plugin_t farp_plugin_t;
+
+/**
+ * ARP faking plugin that responds to ARP requests to peers virtual IP.
+ */
+struct farp_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** FARP_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/farp/farp_spoofer.c b/src/libcharon/plugins/farp/farp_spoofer.c
new file mode 100644
index 000000000..29e64e32d
--- /dev/null
+++ b/src/libcharon/plugins/farp/farp_spoofer.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "farp_spoofer.h"
+
+#include <errno.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <linux/if_arp.h>
+#include <linux/if_ether.h>
+#include <linux/filter.h>
+#include <sys/ioctl.h>
+
+#include <daemon.h>
+#include <threading/thread.h>
+#include <processing/jobs/callback_job.h>
+
+typedef struct private_farp_spoofer_t private_farp_spoofer_t;
+
+/**
+ * Private data of an farp_spoofer_t object.
+ */
+struct private_farp_spoofer_t {
+
+ /**
+ * Public farp_spoofer_t interface.
+ */
+ farp_spoofer_t public;
+
+ /**
+ * Listener that knows active addresses
+ */
+ farp_listener_t *listener;
+
+ /**
+ * Callback job to read ARP requests
+ */
+ callback_job_t *job;
+
+ /**
+ * RAW socket for ARP requests
+ */
+ int skt;
+};
+
+/**
+ * IP over Ethernet ARP message
+ */
+typedef struct __attribute__((packed)) {
+ u_int16_t hardware_type;
+ u_int16_t protocol_type;
+ u_int8_t hardware_size;
+ u_int8_t protocol_size;
+ u_int16_t opcode;
+ u_int8_t sender_mac[6];
+ u_int8_t sender_ip[4];
+ u_int8_t target_mac[6];
+ u_int8_t target_ip[4];
+} arp_t;
+
+/**
+ * Send faked ARP response
+ */
+static void send_arp(private_farp_spoofer_t *this,
+ arp_t *arp, struct sockaddr_ll *addr)
+{
+ struct ifreq req;
+ char tmp[4];
+
+ req.ifr_ifindex = addr->sll_ifindex;
+ if (ioctl(this->skt, SIOCGIFNAME, &req) == 0 &&
+ ioctl(this->skt, SIOCGIFHWADDR, &req) == 0 &&
+ req.ifr_hwaddr.sa_family == ARPHRD_ETHER)
+ {
+ memcpy(arp->target_mac, arp->sender_mac, 6);
+ memcpy(arp->sender_mac, req.ifr_hwaddr.sa_data, 6);
+
+ memcpy(tmp, arp->sender_ip, 4);
+ memcpy(arp->sender_ip, arp->target_ip, 4);
+ memcpy(arp->target_ip, tmp, 4);
+
+ arp->opcode = htons(ARPOP_REPLY);
+
+ sendto(this->skt, arp, sizeof(*arp), 0,
+ (struct sockaddr*)addr, sizeof(*addr));
+ }
+}
+
+/**
+ * ARP request receiving
+ */
+static job_requeue_t receive_arp(private_farp_spoofer_t *this)
+{
+ struct sockaddr_ll addr;
+ socklen_t addr_len = sizeof(addr);
+ arp_t arp;
+ int oldstate;
+ ssize_t len;
+ host_t *ip;
+
+ oldstate = thread_cancelability(TRUE);
+ len = recvfrom(this->skt, &arp, sizeof(arp), 0,
+ (struct sockaddr*)&addr, &addr_len);
+ thread_cancelability(oldstate);
+
+ if (len == sizeof(arp))
+ {
+ ip = host_create_from_chunk(AF_INET,
+ chunk_create((char*)&arp.target_ip, 4), 0);
+ if (ip)
+ {
+ if (this->listener->is_active(this->listener, ip))
+ {
+ send_arp(this, &arp, &addr);
+ }
+ ip->destroy(ip);
+ }
+ }
+
+ return JOB_REQUEUE_DIRECT;
+}
+
+METHOD(farp_spoofer_t, destroy, void,
+ private_farp_spoofer_t *this)
+{
+ this->job->cancel(this->job);
+ close(this->skt);
+ free(this);
+}
+
+/**
+ * See header
+ */
+farp_spoofer_t *farp_spoofer_create(farp_listener_t *listener)
+{
+ private_farp_spoofer_t *this;
+ struct sock_filter arp_request_filter_code[] = {
+ BPF_STMT(BPF_LD+BPF_H+BPF_ABS, offsetof(arp_t, protocol_type)),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ETH_P_IP, 0, 9),
+ BPF_STMT(BPF_LD+BPF_B+BPF_ABS, offsetof(arp_t, hardware_size)),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 6, 0, 7),
+ BPF_STMT(BPF_LD+BPF_B+BPF_ABS, offsetof(arp_t, protocol_size)),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 4, 0, 4),
+ BPF_STMT(BPF_LD+BPF_H+BPF_ABS, offsetof(arp_t, opcode)),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARPOP_REQUEST, 0, 3),
+ BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 28, 0, 1),
+ BPF_STMT(BPF_RET+BPF_A, 0),
+ BPF_STMT(BPF_RET+BPF_K, 0),
+ };
+ struct sock_fprog arp_request_filter = {
+ sizeof(arp_request_filter_code) / sizeof(struct sock_filter),
+ arp_request_filter_code,
+ };
+
+ INIT(this,
+ .public = {
+ .destroy = _destroy,
+ },
+ .listener = listener,
+ );
+
+ this->skt = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP));
+ if (this->skt == -1)
+ {
+ DBG1(DBG_NET, "opening ARP packet socket failed: %s", strerror(errno));
+ free(this);
+ return NULL;
+ }
+
+ if (setsockopt(this->skt, SOL_SOCKET, SO_ATTACH_FILTER,
+ &arp_request_filter, sizeof(arp_request_filter)) < 0)
+ {
+ DBG1(DBG_NET, "installing ARP packet filter failed: %s", strerror(errno));
+ close(this->skt);
+ free(this);
+ return NULL;
+ }
+
+ this->job = callback_job_create((callback_job_cb_t)receive_arp,
+ this, NULL, NULL);
+ charon->processor->queue_job(charon->processor, (job_t*)this->job);
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/farp/farp_spoofer.h b/src/libcharon/plugins/farp/farp_spoofer.h
new file mode 100644
index 000000000..c91fb3b96
--- /dev/null
+++ b/src/libcharon/plugins/farp/farp_spoofer.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup farp_spoofer farp_spoofer
+ * @{ @ingroup farp
+ */
+
+#ifndef FARP_SPOOFER_H_
+#define FARP_SPOOFER_H_
+
+#include "farp_listener.h"
+
+typedef struct farp_spoofer_t farp_spoofer_t;
+
+/**
+ * Listen to ARP requests and spoof responses, if required.
+ */
+struct farp_spoofer_t {
+
+ /**
+ * Destroy a farp_spoofer_t.
+ */
+ void (*destroy)(farp_spoofer_t *this);
+};
+
+/**
+ * Create a farp_spoofer instance.
+ *
+ * @param listener listener to check for addresses to spoof
+ * @return spoofer instance
+ */
+farp_spoofer_t *farp_spoofer_create(farp_listener_t *listener);
+
+#endif /** FARP_SPOOFER_H_ @}*/
diff --git a/src/libcharon/plugins/ha/Makefile.am b/src/libcharon/plugins/ha/Makefile.am
new file mode 100644
index 000000000..74fe1f4c7
--- /dev/null
+++ b/src/libcharon/plugins/ha/Makefile.am
@@ -0,0 +1,25 @@
+
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-ha.la
+else
+plugin_LTLIBRARIES = libstrongswan-ha.la
+endif
+
+libstrongswan_ha_la_SOURCES = \
+ ha_plugin.h ha_plugin.c \
+ ha_message.h ha_message.c \
+ ha_socket.h ha_socket.c \
+ ha_tunnel.h ha_tunnel.c \
+ ha_dispatcher.h ha_dispatcher.c \
+ ha_segments.h ha_segments.c \
+ ha_kernel.h ha_kernel.c \
+ ha_ctl.h ha_ctl.c \
+ ha_ike.h ha_ike.c \
+ ha_child.h ha_child.c
+libstrongswan_ha_la_LDFLAGS = -module -avoid-version
+
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
new file mode 100644
index 000000000..c60d3bf56
--- /dev/null
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -0,0 +1,604 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/ha
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_ha_la_LIBADD =
+am_libstrongswan_ha_la_OBJECTS = ha_plugin.lo ha_message.lo \
+ ha_socket.lo ha_tunnel.lo ha_dispatcher.lo ha_segments.lo \
+ ha_kernel.lo ha_ctl.lo ha_ike.lo ha_child.lo
+libstrongswan_ha_la_OBJECTS = $(am_libstrongswan_ha_la_OBJECTS)
+libstrongswan_ha_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_ha_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_ha_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_ha_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_ha_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_ha_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ha.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ha.la
+libstrongswan_ha_la_SOURCES = \
+ ha_plugin.h ha_plugin.c \
+ ha_message.h ha_message.c \
+ ha_socket.h ha_socket.c \
+ ha_tunnel.h ha_tunnel.c \
+ ha_dispatcher.h ha_dispatcher.c \
+ ha_segments.h ha_segments.c \
+ ha_kernel.h ha_kernel.c \
+ ha_ctl.h ha_ctl.c \
+ ha_ike.h ha_ike.c \
+ ha_child.h ha_child.c
+
+libstrongswan_ha_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ha/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libcharon/plugins/ha/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-ha.la: $(libstrongswan_ha_la_OBJECTS) $(libstrongswan_ha_la_DEPENDENCIES)
+ $(libstrongswan_ha_la_LINK) $(am_libstrongswan_ha_la_rpath) $(libstrongswan_ha_la_OBJECTS) $(libstrongswan_ha_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_child.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_ctl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_dispatcher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_ike.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_kernel.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_message.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_segments.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_socket.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_tunnel.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/ha/ha_child.c b/src/libcharon/plugins/ha/ha_child.c
new file mode 100644
index 000000000..2eb8e27f6
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_child.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_child.h"
+
+typedef struct private_ha_child_t private_ha_child_t;
+
+/**
+ * Private data of an ha_child_t object.
+ */
+struct private_ha_child_t {
+
+ /**
+ * Public ha_child_t interface.
+ */
+ ha_child_t public;
+
+ /**
+ * socket we use for syncing
+ */
+ ha_socket_t *socket;
+
+ /**
+ * tunnel securing sync messages
+ */
+ ha_tunnel_t *tunnel;
+};
+
+/**
+ * Implementation of listener_t.child_keys
+ */
+static bool child_keys(private_ha_child_t *this, ike_sa_t *ike_sa,
+ child_sa_t *child_sa, diffie_hellman_t *dh,
+ chunk_t nonce_i, chunk_t nonce_r)
+{
+ ha_message_t *m;
+ chunk_t secret;
+ proposal_t *proposal;
+ u_int16_t alg, len;
+ linked_list_t *list;
+ enumerator_t *enumerator;
+ traffic_selector_t *ts;
+
+ if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
+ { /* do not sync SA between nodes */
+ return TRUE;
+ }
+
+ m = ha_message_create(HA_CHILD_ADD);
+
+ m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
+ m->add_attribute(m, HA_INBOUND_SPI, child_sa->get_spi(child_sa, TRUE));
+ m->add_attribute(m, HA_OUTBOUND_SPI, child_sa->get_spi(child_sa, FALSE));
+ m->add_attribute(m, HA_INBOUND_CPI, child_sa->get_cpi(child_sa, TRUE));
+ m->add_attribute(m, HA_OUTBOUND_CPI, child_sa->get_cpi(child_sa, FALSE));
+ m->add_attribute(m, HA_IPSEC_MODE, child_sa->get_mode(child_sa));
+ m->add_attribute(m, HA_IPCOMP, child_sa->get_ipcomp(child_sa));
+ m->add_attribute(m, HA_CONFIG_NAME, child_sa->get_name(child_sa));
+
+ proposal = child_sa->get_proposal(child_sa);
+ if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &len))
+ {
+ m->add_attribute(m, HA_ALG_ENCR, alg);
+ if (len)
+ {
+ m->add_attribute(m, HA_ALG_ENCR_LEN, len);
+ }
+ }
+ if (proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL))
+ {
+ m->add_attribute(m, HA_ALG_INTEG, alg);
+ }
+ m->add_attribute(m, HA_NONCE_I, nonce_i);
+ m->add_attribute(m, HA_NONCE_R, nonce_r);
+ if (dh && dh->get_shared_secret(dh, &secret) == SUCCESS)
+ {
+ m->add_attribute(m, HA_SECRET, secret);
+ chunk_clear(&secret);
+ }
+
+ list = child_sa->get_traffic_selectors(child_sa, TRUE);
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &ts))
+ {
+ m->add_attribute(m, HA_LOCAL_TS, ts);
+ }
+ enumerator->destroy(enumerator);
+ list = child_sa->get_traffic_selectors(child_sa, FALSE);
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &ts))
+ {
+ m->add_attribute(m, HA_REMOTE_TS, ts);
+ }
+ enumerator->destroy(enumerator);
+
+ this->socket->push(this->socket, m);
+
+ return TRUE;
+}
+
+/**
+ * Implementation of listener_t.child_state_change
+ */
+static bool child_state_change(private_ha_child_t *this, ike_sa_t *ike_sa,
+ child_sa_t *child_sa, child_sa_state_t state)
+{
+ if (!ike_sa ||
+ ike_sa->get_state(ike_sa) == IKE_PASSIVE ||
+ ike_sa->get_state(ike_sa) == IKE_DESTROYING)
+ { /* only sync active IKE_SAs */
+ return TRUE;
+ }
+ if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
+ { /* do not sync SA between nodes */
+ return TRUE;
+ }
+
+
+ if (state == CHILD_DESTROYING)
+ {
+ ha_message_t *m;
+
+ m = ha_message_create(HA_CHILD_DELETE);
+
+ m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
+ m->add_attribute(m, HA_INBOUND_SPI,
+ child_sa->get_spi(child_sa, TRUE));
+ this->socket->push(this->socket, m);
+ }
+ return TRUE;
+}
+
+/**
+ * Implementation of ha_child_t.destroy.
+ */
+static void destroy(private_ha_child_t *this)
+{
+ free(this);
+}
+
+/**
+ * See header
+ */
+ha_child_t *ha_child_create(ha_socket_t *socket, ha_tunnel_t *tunnel)
+{
+ private_ha_child_t *this = malloc_thing(private_ha_child_t);
+
+ memset(&this->public.listener, 0, sizeof(listener_t));
+ this->public.listener.child_keys = (bool(*)(listener_t*, ike_sa_t *ike_sa, child_sa_t *child_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r))child_keys;
+ this->public.listener.child_state_change = (bool(*)(listener_t*,ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state))child_state_change;
+ this->public.destroy = (void(*)(ha_child_t*))destroy;
+
+ this->socket = socket;
+ this->tunnel = tunnel;
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_child.h b/src/libcharon/plugins/ha/ha_child.h
new file mode 100644
index 000000000..ea83495f7
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_child.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_child ha_child
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_CHILD_H_
+#define HA_CHILD_H_
+
+#include "ha_socket.h"
+#include "ha_tunnel.h"
+#include "ha_segments.h"
+
+#include <daemon.h>
+
+typedef struct ha_child_t ha_child_t;
+
+/**
+ * Listener to synchronize CHILD_SAs.
+ */
+struct ha_child_t {
+
+ /**
+ * Implements bus listener interface.
+ */
+ listener_t listener;
+
+ /**
+ * Destroy a ha_child_t.
+ */
+ void (*destroy)(ha_child_t *this);
+};
+
+/**
+ * Create a ha_child instance.
+ *
+ * @param socket socket to use for sending synchronization messages
+ * @param tunnel tunnel securing sync messages, if any
+ * @return CHILD listener
+ */
+ha_child_t *ha_child_create(ha_socket_t *socket, ha_tunnel_t *tunnel);
+
+#endif /* HA_CHILD_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_ctl.c b/src/libcharon/plugins/ha/ha_ctl.c
new file mode 100644
index 000000000..441d26d9e
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_ctl.c
@@ -0,0 +1,132 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_ctl.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/select.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <errno.h>
+#include <pthread.h>
+
+#include <processing/jobs/callback_job.h>
+
+#define HA_FIFO IPSEC_PIDDIR "/charon.ha"
+
+typedef struct private_ha_ctl_t private_ha_ctl_t;
+
+/**
+ * Private data of an ha_ctl_t object.
+ */
+struct private_ha_ctl_t {
+
+ /**
+ * Public ha_ctl_t interface.
+ */
+ ha_ctl_t public;
+
+ /**
+ * Segments to control
+ */
+ ha_segments_t *segments;
+
+ /**
+ * FIFO reader thread
+ */
+ callback_job_t *job;
+};
+
+/**
+ * FIFO dispatching function
+ */
+static job_requeue_t dispatch_fifo(private_ha_ctl_t *this)
+{
+ int fifo, old;
+ char buf[8];
+ u_int segment;
+
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &old);
+ fifo = open(HA_FIFO, O_RDONLY);
+ pthread_setcancelstate(old, NULL);
+ if (fifo == -1)
+ {
+ DBG1(DBG_CFG, "opening HA fifo failed: %s", strerror(errno));
+ sleep(1);
+ return JOB_REQUEUE_FAIR;
+ }
+
+ memset(buf, 0, sizeof(buf));
+ if (read(fifo, buf, sizeof(buf)-1) > 1)
+ {
+ segment = atoi(&buf[1]);
+ if (segment)
+ {
+ switch (buf[0])
+ {
+ case '+':
+ this->segments->activate(this->segments, segment, TRUE);
+ break;
+ case '-':
+ this->segments->deactivate(this->segments, segment, TRUE);
+ break;
+ case '*':
+ this->segments->resync(this->segments, segment);
+ break;
+ default:
+ break;
+ }
+ }
+ }
+ close(fifo);
+
+ return JOB_REQUEUE_DIRECT;
+}
+
+/**
+ * Implementation of ha_ctl_t.destroy.
+ */
+static void destroy(private_ha_ctl_t *this)
+{
+ this->job->cancel(this->job);
+ free(this);
+}
+
+/**
+ * See header
+ */
+ha_ctl_t *ha_ctl_create(ha_segments_t *segments)
+{
+ private_ha_ctl_t *this = malloc_thing(private_ha_ctl_t);
+
+ this->public.destroy = (void(*)(ha_ctl_t*))destroy;
+
+ if (access(HA_FIFO, R_OK|W_OK) != 0)
+ {
+ if (mkfifo(HA_FIFO, 600) != 0)
+ {
+ DBG1(DBG_CFG, "creating HA FIFO %s failed: %s",
+ HA_FIFO, strerror(errno));
+ }
+ }
+
+ this->segments = segments;
+ this->job = callback_job_create((callback_job_cb_t)dispatch_fifo,
+ this, NULL, NULL);
+ charon->processor->queue_job(charon->processor, (job_t*)this->job);
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_ctl.h b/src/libcharon/plugins/ha/ha_ctl.h
new file mode 100644
index 000000000..f33a809be
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_ctl.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_ctl ha_ctl
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_CTL_H_
+#define HA_CTL_H_
+
+#include "ha_segments.h"
+
+typedef struct ha_ctl_t ha_ctl_t;
+
+/**
+ * HA Sync control interface using a FIFO.
+ */
+struct ha_ctl_t {
+
+ /**
+ * Destroy a ha_ctl_t.
+ */
+ void (*destroy)(ha_ctl_t *this);
+};
+
+/**
+ * Create a ha_ctl instance.
+ *
+ * @param segments segments to control
+ * @return HA control interface
+ */
+ha_ctl_t *ha_ctl_create(ha_segments_t *segments);
+
+#endif /* HA_CTL_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
new file mode 100644
index 000000000..7df2f1fa8
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -0,0 +1,737 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_dispatcher.h"
+
+#include <daemon.h>
+#include <processing/jobs/callback_job.h>
+
+typedef struct private_ha_dispatcher_t private_ha_dispatcher_t;
+
+/**
+ * Private data of an ha_dispatcher_t object.
+ */
+struct private_ha_dispatcher_t {
+
+ /**
+ * Public ha_dispatcher_t interface.
+ */
+ ha_dispatcher_t public;
+
+ /**
+ * socket to pull messages from
+ */
+ ha_socket_t *socket;
+
+ /**
+ * segments to control
+ */
+ ha_segments_t *segments;
+
+ /**
+ * Dispatcher job
+ */
+ callback_job_t *job;
+};
+
+/**
+ * Quick and dirty hack implementation of diffie_hellman_t.get_shared_secret
+ */
+static status_t get_shared_secret(diffie_hellman_t *this, chunk_t *secret)
+{
+ *secret = chunk_clone((*(chunk_t*)this->destroy));
+ return SUCCESS;
+}
+
+/**
+ * Process messages of type IKE_ADD
+ */
+static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message)
+{
+ ha_message_attribute_t attribute;
+ ha_message_value_t value;
+ enumerator_t *enumerator;
+ ike_sa_t *ike_sa = NULL, *old_sa = NULL;
+ u_int16_t encr = 0, len = 0, integ = 0, prf = 0, old_prf = PRF_UNDEFINED;
+ chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty;
+ chunk_t secret = chunk_empty, old_skd = chunk_empty;
+
+ enumerator = message->create_attribute_enumerator(message);
+ while (enumerator->enumerate(enumerator, &attribute, &value))
+ {
+ switch (attribute)
+ {
+ case HA_IKE_ID:
+ ike_sa = ike_sa_create(value.ike_sa_id);
+ break;
+ case HA_IKE_REKEY_ID:
+ old_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
+ value.ike_sa_id);
+ break;
+ case HA_NONCE_I:
+ nonce_i = value.chunk;
+ break;
+ case HA_NONCE_R:
+ nonce_r = value.chunk;
+ break;
+ case HA_SECRET:
+ secret = value.chunk;
+ break;
+ case HA_OLD_SKD:
+ old_skd = value.chunk;
+ break;
+ case HA_ALG_ENCR:
+ encr = value.u16;
+ break;
+ case HA_ALG_ENCR_LEN:
+ len = value.u16;
+ break;
+ case HA_ALG_INTEG:
+ integ = value.u16;
+ break;
+ case HA_ALG_PRF:
+ prf = value.u16;
+ break;
+ case HA_ALG_OLD_PRF:
+ old_prf = value.u16;
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (ike_sa)
+ {
+ proposal_t *proposal;
+ keymat_t *keymat;
+ /* quick and dirty hack of a DH implementation ;-) */
+ diffie_hellman_t dh = { .get_shared_secret = get_shared_secret,
+ .destroy = (void*)&secret };
+
+ proposal = proposal_create(PROTO_IKE);
+ keymat = ike_sa->get_keymat(ike_sa);
+ if (integ)
+ {
+ proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM, integ, 0);
+ }
+ if (encr)
+ {
+ proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr, len);
+ }
+ if (prf)
+ {
+ proposal->add_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, prf, 0);
+ }
+ charon->bus->set_sa(charon->bus, ike_sa);
+ if (keymat->derive_ike_keys(keymat, proposal, &dh, nonce_i, nonce_r,
+ ike_sa->get_id(ike_sa), old_prf, old_skd))
+ {
+ if (old_sa)
+ {
+ peer_cfg_t *peer_cfg = old_sa->get_peer_cfg(old_sa);
+
+ if (peer_cfg)
+ {
+ ike_sa->set_peer_cfg(ike_sa, peer_cfg);
+ ike_sa->inherit(ike_sa, old_sa);
+ }
+ charon->ike_sa_manager->checkin_and_destroy(
+ charon->ike_sa_manager, old_sa);
+ old_sa = NULL;
+ }
+ ike_sa->set_state(ike_sa, IKE_CONNECTING);
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+ }
+ else
+ {
+ DBG1(DBG_IKE, "HA keymat derivation failed");
+ ike_sa->destroy(ike_sa);
+ }
+ charon->bus->set_sa(charon->bus, NULL);
+ proposal->destroy(proposal);
+ }
+ if (old_sa)
+ {
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, old_sa);
+ }
+}
+
+/**
+ * Apply a condition flag to the IKE_SA if it is in set
+ */
+static void set_condition(ike_sa_t *ike_sa, ike_condition_t set,
+ ike_condition_t flag)
+{
+ ike_sa->set_condition(ike_sa, flag, flag & set);
+}
+
+/**
+ * Apply a extension flag to the IKE_SA if it is in set
+ */
+static void set_extension(ike_sa_t *ike_sa, ike_extension_t set,
+ ike_extension_t flag)
+{
+ if (flag & set)
+ {
+ ike_sa->enable_extension(ike_sa, flag);
+ }
+}
+
+/**
+ * Process messages of type IKE_UPDATE
+ */
+static void process_ike_update(private_ha_dispatcher_t *this,
+ ha_message_t *message)
+{
+ ha_message_attribute_t attribute;
+ ha_message_value_t value;
+ enumerator_t *enumerator;
+ ike_sa_t *ike_sa = NULL;
+ peer_cfg_t *peer_cfg = NULL;
+
+ enumerator = message->create_attribute_enumerator(message);
+ while (enumerator->enumerate(enumerator, &attribute, &value))
+ {
+ if (attribute != HA_IKE_ID && ike_sa == NULL)
+ {
+ /* must be first attribute */
+ break;
+ }
+ switch (attribute)
+ {
+ case HA_IKE_ID:
+ ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
+ value.ike_sa_id);
+ break;
+ case HA_LOCAL_ID:
+ ike_sa->set_my_id(ike_sa, value.id->clone(value.id));
+ break;
+ case HA_REMOTE_ID:
+ ike_sa->set_other_id(ike_sa, value.id->clone(value.id));
+ break;
+ case HA_LOCAL_ADDR:
+ ike_sa->set_my_host(ike_sa, value.host->clone(value.host));
+ break;
+ case HA_REMOTE_ADDR:
+ ike_sa->set_other_host(ike_sa, value.host->clone(value.host));
+ break;
+ case HA_LOCAL_VIP:
+ ike_sa->set_virtual_ip(ike_sa, TRUE, value.host);
+ break;
+ case HA_REMOTE_VIP:
+ ike_sa->set_virtual_ip(ike_sa, FALSE, value.host);
+ break;
+ case HA_ADDITIONAL_ADDR:
+ ike_sa->add_additional_address(ike_sa,
+ value.host->clone(value.host));
+ break;
+ case HA_CONFIG_NAME:
+ peer_cfg = charon->backends->get_peer_cfg_by_name(
+ charon->backends, value.str);
+ if (peer_cfg)
+ {
+ ike_sa->set_peer_cfg(ike_sa, peer_cfg);
+ peer_cfg->destroy(peer_cfg);
+ }
+ else
+ {
+ DBG1(DBG_IKE, "HA is missing nodes peer configuration");
+ }
+ break;
+ case HA_EXTENSIONS:
+ set_extension(ike_sa, value.u32, EXT_NATT);
+ set_extension(ike_sa, value.u32, EXT_MOBIKE);
+ set_extension(ike_sa, value.u32, EXT_HASH_AND_URL);
+ break;
+ case HA_CONDITIONS:
+ set_condition(ike_sa, value.u32, COND_NAT_ANY);
+ set_condition(ike_sa, value.u32, COND_NAT_HERE);
+ set_condition(ike_sa, value.u32, COND_NAT_THERE);
+ set_condition(ike_sa, value.u32, COND_NAT_FAKE);
+ set_condition(ike_sa, value.u32, COND_EAP_AUTHENTICATED);
+ set_condition(ike_sa, value.u32, COND_CERTREQ_SEEN);
+ set_condition(ike_sa, value.u32, COND_ORIGINAL_INITIATOR);
+ break;
+ case HA_INITIATE_MID:
+ ike_sa->set_message_id(ike_sa, TRUE, value.u32);
+ break;
+ case HA_RESPOND_MID:
+ ike_sa->set_message_id(ike_sa, FALSE, value.u32);
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (ike_sa)
+ {
+ if (ike_sa->get_state(ike_sa) == IKE_CONNECTING &&
+ ike_sa->get_peer_cfg(ike_sa))
+ {
+ ike_sa->set_state(ike_sa, IKE_PASSIVE);
+ }
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+ }
+}
+
+/**
+ * Process messages of type IKE_DELETE
+ */
+static void process_ike_delete(private_ha_dispatcher_t *this,
+ ha_message_t *message)
+{
+ ha_message_attribute_t attribute;
+ ha_message_value_t value;
+ enumerator_t *enumerator;
+ ike_sa_t *ike_sa;
+
+ enumerator = message->create_attribute_enumerator(message);
+ while (enumerator->enumerate(enumerator, &attribute, &value))
+ {
+ switch (attribute)
+ {
+ case HA_IKE_ID:
+ ike_sa = charon->ike_sa_manager->checkout(
+ charon->ike_sa_manager, value.ike_sa_id);
+ if (ike_sa)
+ {
+ charon->ike_sa_manager->checkin_and_destroy(
+ charon->ike_sa_manager, ike_sa);
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * Lookup a child cfg from the peer cfg by name
+ */
+static child_cfg_t* find_child_cfg(ike_sa_t *ike_sa, char *name)
+{
+ peer_cfg_t *peer_cfg;
+ child_cfg_t *current, *found = NULL;
+ enumerator_t *enumerator;
+
+ peer_cfg = ike_sa->get_peer_cfg(ike_sa);
+ if (peer_cfg)
+ {
+ enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg);
+ while (enumerator->enumerate(enumerator, &current))
+ {
+ if (streq(current->get_name(current), name))
+ {
+ found = current;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+ return found;
+}
+
+/**
+ * Process messages of type CHILD_ADD
+ */
+static void process_child_add(private_ha_dispatcher_t *this,
+ ha_message_t *message)
+{
+ ha_message_attribute_t attribute;
+ ha_message_value_t value;
+ enumerator_t *enumerator;
+ ike_sa_t *ike_sa = NULL;
+ char *config_name = "";
+ child_cfg_t *config = NULL;
+ child_sa_t *child_sa;
+ proposal_t *proposal;
+ keymat_t *keymat;
+ bool initiator = FALSE, failed = FALSE;
+ u_int32_t inbound_spi = 0, outbound_spi = 0;
+ u_int16_t inbound_cpi = 0, outbound_cpi = 0;
+ u_int8_t mode = MODE_TUNNEL, ipcomp = 0;
+ u_int16_t encr = ENCR_UNDEFINED, integ = AUTH_UNDEFINED, len = 0;
+ chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty, secret = chunk_empty;
+ chunk_t encr_i, integ_i, encr_r, integ_r;
+ linked_list_t *local_ts, *remote_ts;
+ /* quick and dirty hack of a DH implementation */
+ diffie_hellman_t dh = { .get_shared_secret = get_shared_secret,
+ .destroy = (void*)&secret };
+
+ enumerator = message->create_attribute_enumerator(message);
+ while (enumerator->enumerate(enumerator, &attribute, &value))
+ {
+ switch (attribute)
+ {
+ case HA_IKE_ID:
+ ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
+ value.ike_sa_id);
+ initiator = value.ike_sa_id->is_initiator(value.ike_sa_id);
+ break;
+ case HA_CONFIG_NAME:
+ config_name = value.str;
+ break;
+ case HA_INBOUND_SPI:
+ inbound_spi = value.u32;
+ break;
+ case HA_OUTBOUND_SPI:
+ outbound_spi = value.u32;
+ break;
+ case HA_INBOUND_CPI:
+ inbound_cpi = value.u32;
+ break;
+ case HA_OUTBOUND_CPI:
+ outbound_cpi = value.u32;
+ break;
+ case HA_IPSEC_MODE:
+ mode = value.u8;
+ break;
+ case HA_IPCOMP:
+ ipcomp = value.u8;
+ break;
+ case HA_ALG_ENCR:
+ encr = value.u16;
+ break;
+ case HA_ALG_ENCR_LEN:
+ len = value.u16;
+ break;
+ case HA_ALG_INTEG:
+ integ = value.u16;
+ break;
+ case HA_NONCE_I:
+ nonce_i = value.chunk;
+ break;
+ case HA_NONCE_R:
+ nonce_r = value.chunk;
+ break;
+ case HA_SECRET:
+ secret = value.chunk;
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (!ike_sa)
+ {
+ DBG1(DBG_CHD, "IKE_SA for HA CHILD_SA not found");
+ return;
+ }
+ config = find_child_cfg(ike_sa, config_name);
+ if (!config)
+ {
+ DBG1(DBG_CHD, "HA is missing nodes child configuration");
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+ return;
+ }
+
+ child_sa = child_sa_create(ike_sa->get_my_host(ike_sa),
+ ike_sa->get_other_host(ike_sa), config, 0,
+ ike_sa->has_condition(ike_sa, COND_NAT_ANY));
+ child_sa->set_mode(child_sa, mode);
+ child_sa->set_protocol(child_sa, PROTO_ESP);
+ child_sa->set_ipcomp(child_sa, ipcomp);
+
+ proposal = proposal_create(PROTO_ESP);
+ if (integ)
+ {
+ proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM, integ, 0);
+ }
+ if (encr)
+ {
+ proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr, len);
+ }
+ keymat = ike_sa->get_keymat(ike_sa);
+
+ if (!keymat->derive_child_keys(keymat, proposal, secret.ptr ? &dh : NULL,
+ nonce_i, nonce_r, &encr_i, &integ_i, &encr_r, &integ_r))
+ {
+ DBG1(DBG_CHD, "HA CHILD_SA key derivation failed");
+ child_sa->destroy(child_sa);
+ proposal->destroy(proposal);
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+ return;
+ }
+ child_sa->set_proposal(child_sa, proposal);
+ child_sa->set_state(child_sa, CHILD_INSTALLING);
+ proposal->destroy(proposal);
+
+ /* TODO: Change CHILD_SA API to avoid cloning twice */
+ local_ts = linked_list_create();
+ remote_ts = linked_list_create();
+ enumerator = message->create_attribute_enumerator(message);
+ while (enumerator->enumerate(enumerator, &attribute, &value))
+ {
+ switch (attribute)
+ {
+ case HA_LOCAL_TS:
+ local_ts->insert_last(local_ts, value.ts->clone(value.ts));
+ break;
+ case HA_REMOTE_TS:
+ remote_ts->insert_last(remote_ts, value.ts->clone(value.ts));
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (initiator)
+ {
+ if (child_sa->install(child_sa, encr_r, integ_r, inbound_spi,
+ inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS ||
+ child_sa->install(child_sa, encr_i, integ_i, outbound_spi,
+ outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS)
+ {
+ failed = TRUE;
+ }
+ }
+ else
+ {
+ if (child_sa->install(child_sa, encr_i, integ_i, inbound_spi,
+ inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS ||
+ child_sa->install(child_sa, encr_r, integ_r, outbound_spi,
+ outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS)
+ {
+ failed = TRUE;
+ }
+ }
+ chunk_clear(&encr_i);
+ chunk_clear(&integ_i);
+ chunk_clear(&encr_r);
+ chunk_clear(&integ_r);
+
+ if (failed)
+ {
+ DBG1(DBG_CHD, "HA CHILD_SA installation failed");
+ child_sa->destroy(child_sa);
+ local_ts->destroy_offset(local_ts, offsetof(traffic_selector_t, destroy));
+ remote_ts->destroy_offset(remote_ts, offsetof(traffic_selector_t, destroy));
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+ return;
+ }
+
+ child_sa->add_policies(child_sa, local_ts, remote_ts);
+ local_ts->destroy_offset(local_ts, offsetof(traffic_selector_t, destroy));
+ remote_ts->destroy_offset(remote_ts, offsetof(traffic_selector_t, destroy));
+
+ child_sa->set_state(child_sa, CHILD_INSTALLED);
+ ike_sa->add_child_sa(ike_sa, child_sa);
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+}
+
+/**
+ * Process messages of type CHILD_DELETE
+ */
+static void process_child_delete(private_ha_dispatcher_t *this,
+ ha_message_t *message)
+{
+ ha_message_attribute_t attribute;
+ ha_message_value_t value;
+ enumerator_t *enumerator;
+ ike_sa_t *ike_sa = NULL;
+
+ enumerator = message->create_attribute_enumerator(message);
+ while (enumerator->enumerate(enumerator, &attribute, &value))
+ {
+ switch (attribute)
+ {
+ case HA_IKE_ID:
+ ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
+ value.ike_sa_id);
+ break;
+ case HA_INBOUND_SPI:
+ if (ike_sa)
+ {
+ ike_sa->destroy_child_sa(ike_sa, PROTO_ESP, value.u32);
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ if (ike_sa)
+ {
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * Process messages of type SEGMENT_TAKE/DROP
+ */
+static void process_segment(private_ha_dispatcher_t *this,
+ ha_message_t *message, bool take)
+{
+ ha_message_attribute_t attribute;
+ ha_message_value_t value;
+ enumerator_t *enumerator;
+
+ enumerator = message->create_attribute_enumerator(message);
+ while (enumerator->enumerate(enumerator, &attribute, &value))
+ {
+ switch (attribute)
+ {
+ case HA_SEGMENT:
+ if (take)
+ {
+ DBG1(DBG_CFG, "remote node takes segment %d", value.u16);
+ this->segments->deactivate(this->segments, value.u16, FALSE);
+ }
+ else
+ {
+ DBG1(DBG_CFG, "remote node drops segment %d", value.u16);
+ this->segments->activate(this->segments, value.u16, FALSE);
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * Process messages of type STATUS
+ */
+static void process_status(private_ha_dispatcher_t *this,
+ ha_message_t *message)
+{
+ ha_message_attribute_t attribute;
+ ha_message_value_t value;
+ enumerator_t *enumerator;
+ segment_mask_t mask = 0;
+
+ enumerator = message->create_attribute_enumerator(message);
+ while (enumerator->enumerate(enumerator, &attribute, &value))
+ {
+ switch (attribute)
+ {
+ case HA_SEGMENT:
+ mask |= SEGMENTS_BIT(value.u16);
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ this->segments->handle_status(this->segments, mask);
+}
+
+/**
+ * Process messages of type RESYNC
+ */
+static void process_resync(private_ha_dispatcher_t *this,
+ ha_message_t *message)
+{
+ ha_message_attribute_t attribute;
+ ha_message_value_t value;
+ enumerator_t *enumerator;
+
+ enumerator = message->create_attribute_enumerator(message);
+ while (enumerator->enumerate(enumerator, &attribute, &value))
+ {
+ switch (attribute)
+ {
+ case HA_SEGMENT:
+ this->segments->resync(this->segments, value.u16);
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * Dispatcher job function
+ */
+static job_requeue_t dispatch(private_ha_dispatcher_t *this)
+{
+ ha_message_t *message;
+
+ message = this->socket->pull(this->socket);
+ switch (message->get_type(message))
+ {
+ case HA_IKE_ADD:
+ process_ike_add(this, message);
+ break;
+ case HA_IKE_UPDATE:
+ process_ike_update(this, message);
+ break;
+ case HA_IKE_DELETE:
+ process_ike_delete(this, message);
+ break;
+ case HA_CHILD_ADD:
+ process_child_add(this, message);
+ break;
+ case HA_CHILD_DELETE:
+ process_child_delete(this, message);
+ break;
+ case HA_SEGMENT_DROP:
+ process_segment(this, message, FALSE);
+ break;
+ case HA_SEGMENT_TAKE:
+ process_segment(this, message, TRUE);
+ break;
+ case HA_STATUS:
+ process_status(this, message);
+ break;
+ case HA_RESYNC:
+ process_resync(this, message);
+ break;
+ default:
+ DBG1(DBG_CFG, "received unknown HA message type %d",
+ message->get_type(message));
+ break;
+ }
+ message->destroy(message);
+
+ return JOB_REQUEUE_DIRECT;
+}
+
+/**
+ * Implementation of ha_dispatcher_t.destroy.
+ */
+static void destroy(private_ha_dispatcher_t *this)
+{
+ this->job->cancel(this->job);
+ free(this);
+}
+
+/**
+ * See header
+ */
+ha_dispatcher_t *ha_dispatcher_create(ha_socket_t *socket,
+ ha_segments_t *segments)
+{
+ private_ha_dispatcher_t *this = malloc_thing(private_ha_dispatcher_t);
+
+ this->public.destroy = (void(*)(ha_dispatcher_t*))destroy;
+
+ this->socket = socket;
+ this->segments = segments;
+ this->job = callback_job_create((callback_job_cb_t)dispatch,
+ this, NULL, NULL);
+ charon->processor->queue_job(charon->processor, (job_t*)this->job);
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.h b/src/libcharon/plugins/ha/ha_dispatcher.h
new file mode 100644
index 000000000..d2baace3f
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_dispatcher.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_dispatcher ha_dispatcher
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_DISPATCHER_H_
+#define HA_DISPATCHER_H_
+
+#include "ha_socket.h"
+#include "ha_segments.h"
+
+typedef struct ha_dispatcher_t ha_dispatcher_t;
+
+/**
+ * The dispatcher pulls messages in a thread an processes them.
+ */
+struct ha_dispatcher_t {
+
+ /**
+ * Destroy a ha_dispatcher_t.
+ */
+ void (*destroy)(ha_dispatcher_t *this);
+};
+
+/**
+ * Create a ha_dispatcher instance pulling from socket.
+ *
+ * @param socket socket to pull messages from
+ * @param segments segments to control based on received messages
+ * @return dispatcher object
+ */
+ha_dispatcher_t *ha_dispatcher_create(ha_socket_t *socket,
+ ha_segments_t *segments);
+
+#endif /* HA_DISPATCHER_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c
new file mode 100644
index 000000000..1f025d0e5
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_ike.c
@@ -0,0 +1,280 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_ike.h"
+
+typedef struct private_ha_ike_t private_ha_ike_t;
+
+/**
+ * Private data of an ha_ike_t object.
+ */
+struct private_ha_ike_t {
+
+ /**
+ * Public ha_ike_t interface.
+ */
+ ha_ike_t public;
+
+ /**
+ * socket we use for syncing
+ */
+ ha_socket_t *socket;
+
+ /**
+ * tunnel securing sync messages
+ */
+ ha_tunnel_t *tunnel;
+};
+
+/**
+ * Return condition if it is set on ike_sa
+ */
+static ike_condition_t copy_condition(ike_sa_t *ike_sa, ike_condition_t cond)
+{
+ if (ike_sa->has_condition(ike_sa, cond))
+ {
+ return cond;
+ }
+ return 0;
+}
+
+/**
+ * Return extension if it is supported by peers IKE_SA
+ */
+static ike_extension_t copy_extension(ike_sa_t *ike_sa, ike_extension_t ext)
+{
+ if (ike_sa->supports_extension(ike_sa, ext))
+ {
+ return ext;
+ }
+ return 0;
+}
+
+/**
+ * Implementation of listener_t.ike_keys
+ */
+static bool ike_keys(private_ha_ike_t *this, ike_sa_t *ike_sa,
+ diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r,
+ ike_sa_t *rekey)
+{
+ ha_message_t *m;
+ chunk_t secret;
+ proposal_t *proposal;
+ u_int16_t alg, len;
+
+ if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
+ { /* do not sync SA between nodes */
+ return TRUE;
+ }
+ if (dh->get_shared_secret(dh, &secret) != SUCCESS)
+ {
+ return TRUE;
+ }
+
+ m = ha_message_create(HA_IKE_ADD);
+ m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
+
+ if (rekey)
+ {
+ chunk_t skd;
+ keymat_t *keymat;
+
+ keymat = rekey->get_keymat(rekey);
+ m->add_attribute(m, HA_IKE_REKEY_ID, rekey->get_id(rekey));
+ m->add_attribute(m, HA_ALG_OLD_PRF, keymat->get_skd(keymat, &skd));
+ m->add_attribute(m, HA_OLD_SKD, skd);
+ }
+
+ proposal = ike_sa->get_proposal(ike_sa);
+ if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &len))
+ {
+ m->add_attribute(m, HA_ALG_ENCR, alg);
+ if (len)
+ {
+ m->add_attribute(m, HA_ALG_ENCR_LEN, len);
+ }
+ }
+ if (proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL))
+ {
+ m->add_attribute(m, HA_ALG_INTEG, alg);
+ }
+ if (proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL))
+ {
+ m->add_attribute(m, HA_ALG_PRF, alg);
+ }
+ m->add_attribute(m, HA_NONCE_I, nonce_i);
+ m->add_attribute(m, HA_NONCE_R, nonce_r);
+ m->add_attribute(m, HA_SECRET, secret);
+ chunk_clear(&secret);
+
+ this->socket->push(this->socket, m);
+
+ return TRUE;
+}
+
+/**
+ * Implementation of listener_t.ike_updown
+ */
+static bool ike_updown(private_ha_ike_t *this, ike_sa_t *ike_sa, bool up)
+{
+ ha_message_t *m;
+
+ if (ike_sa->get_state(ike_sa) == IKE_PASSIVE)
+ { /* only sync active IKE_SAs */
+ return TRUE;
+ }
+ if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
+ { /* do not sync SA between nodes */
+ return TRUE;
+ }
+
+ if (up)
+ {
+ iterator_t *iterator;
+ peer_cfg_t *peer_cfg;
+ u_int32_t extension, condition;
+ host_t *addr;
+ ike_sa_id_t *id;
+
+ peer_cfg = ike_sa->get_peer_cfg(ike_sa);
+
+ condition = copy_condition(ike_sa, COND_NAT_ANY)
+ | copy_condition(ike_sa, COND_NAT_HERE)
+ | copy_condition(ike_sa, COND_NAT_THERE)
+ | copy_condition(ike_sa, COND_NAT_FAKE)
+ | copy_condition(ike_sa, COND_EAP_AUTHENTICATED)
+ | copy_condition(ike_sa, COND_CERTREQ_SEEN)
+ | copy_condition(ike_sa, COND_ORIGINAL_INITIATOR);
+
+ extension = copy_extension(ike_sa, EXT_NATT)
+ | copy_extension(ike_sa, EXT_MOBIKE)
+ | copy_extension(ike_sa, EXT_HASH_AND_URL);
+
+ id = ike_sa->get_id(ike_sa);
+
+ m = ha_message_create(HA_IKE_UPDATE);
+ m->add_attribute(m, HA_IKE_ID, id);
+ m->add_attribute(m, HA_LOCAL_ID, ike_sa->get_my_id(ike_sa));
+ m->add_attribute(m, HA_REMOTE_ID, ike_sa->get_other_id(ike_sa));
+ m->add_attribute(m, HA_LOCAL_ADDR, ike_sa->get_my_host(ike_sa));
+ m->add_attribute(m, HA_REMOTE_ADDR, ike_sa->get_other_host(ike_sa));
+ m->add_attribute(m, HA_CONDITIONS, condition);
+ m->add_attribute(m, HA_EXTENSIONS, extension);
+ m->add_attribute(m, HA_CONFIG_NAME, peer_cfg->get_name(peer_cfg));
+ iterator = ike_sa->create_additional_address_iterator(ike_sa);
+ while (iterator->iterate(iterator, (void**)&addr))
+ {
+ m->add_attribute(m, HA_ADDITIONAL_ADDR, addr);
+ }
+ iterator->destroy(iterator);
+ }
+ else
+ {
+ m = ha_message_create(HA_IKE_DELETE);
+ m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
+ }
+ this->socket->push(this->socket, m);
+ return TRUE;
+}
+
+/**
+ * Implementation of listener_t.ike_rekey
+ */
+static bool ike_rekey(private_ha_ike_t *this, ike_sa_t *old, ike_sa_t *new)
+{
+ ike_updown(this, old, FALSE);
+ ike_updown(this, new, TRUE);
+ return TRUE;
+}
+
+/**
+ * Implementation of listener_t.message
+ */
+static bool message_hook(private_ha_ike_t *this, ike_sa_t *ike_sa,
+ message_t *message, bool incoming)
+{
+ if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
+ { /* do not sync SA between nodes */
+ return TRUE;
+ }
+
+ if (message->get_exchange_type(message) != IKE_SA_INIT &&
+ message->get_request(message))
+ { /* we sync on requests, but skip it on IKE_SA_INIT */
+ ha_message_t *m;
+ u_int32_t mid;
+
+ m = ha_message_create(HA_IKE_UPDATE);
+ m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
+ mid = message->get_message_id(message) + 1;
+ if (incoming)
+ {
+ m->add_attribute(m, HA_RESPOND_MID, mid);
+ }
+ else
+ {
+ m->add_attribute(m, HA_INITIATE_MID, mid);
+ }
+ this->socket->push(this->socket, m);
+ }
+ if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
+ message->get_exchange_type(message) == IKE_AUTH &&
+ !message->get_request(message))
+ { /* After IKE_SA has been established, sync peers virtual IP.
+ * We cannot sync it in the state_change hook, it is installed later.
+ * TODO: where to sync local VIP? */
+ ha_message_t *m;
+ host_t *vip;
+
+ vip = ike_sa->get_virtual_ip(ike_sa, FALSE);
+ if (vip)
+ {
+ m = ha_message_create(HA_IKE_UPDATE);
+ m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
+ m->add_attribute(m, HA_REMOTE_VIP, vip);
+ this->socket->push(this->socket, m);
+ }
+ }
+ return TRUE;
+}
+
+/**
+ * Implementation of ha_ike_t.destroy.
+ */
+static void destroy(private_ha_ike_t *this)
+{
+ free(this);
+}
+
+/**
+ * See header
+ */
+ha_ike_t *ha_ike_create(ha_socket_t *socket, ha_tunnel_t *tunnel)
+{
+ private_ha_ike_t *this = malloc_thing(private_ha_ike_t);
+
+ memset(&this->public.listener, 0, sizeof(listener_t));
+ this->public.listener.ike_keys = (bool(*)(listener_t*, ike_sa_t *ike_sa, diffie_hellman_t *dh,chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey))ike_keys;
+ this->public.listener.ike_updown = (bool(*)(listener_t*,ike_sa_t *ike_sa, bool up))ike_updown;
+ this->public.listener.ike_rekey = (bool(*)(listener_t*,ike_sa_t *old, ike_sa_t *new))ike_rekey;
+ this->public.listener.message = (bool(*)(listener_t*, ike_sa_t *, message_t *,bool))message_hook;
+ this->public.destroy = (void(*)(ha_ike_t*))destroy;
+
+ this->socket = socket;
+ this->tunnel = tunnel;
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_ike.h b/src/libcharon/plugins/ha/ha_ike.h
new file mode 100644
index 000000000..9de210e67
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_ike.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_ike ha_ike
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_IKE_H_
+#define HA_IKE_H_
+
+#include "ha_socket.h"
+#include "ha_tunnel.h"
+#include "ha_segments.h"
+
+#include <daemon.h>
+
+typedef struct ha_ike_t ha_ike_t;
+
+/**
+ * Listener to synchronize IKE_SAs.
+ */
+struct ha_ike_t {
+
+ /**
+ * Implements bus listener interface.
+ */
+ listener_t listener;
+
+ /**
+ * Destroy a ha_ike_t.
+ */
+ void (*destroy)(ha_ike_t *this);
+};
+
+/**
+ * Create a ha_ike instance.
+ *
+ * @param socket socket to use for sending synchronization messages
+ * @param tunnel tunnel securing sync messages, if any
+ * @return IKE listener
+ */
+ha_ike_t *ha_ike_create(ha_socket_t *socket, ha_tunnel_t *tunnel);
+
+#endif /* HA_IKE_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_kernel.c b/src/libcharon/plugins/ha/ha_kernel.c
new file mode 100644
index 000000000..0ad9c22c3
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_kernel.c
@@ -0,0 +1,229 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_kernel.h"
+
+typedef u_int32_t u32;
+typedef u_int8_t u8;
+
+#include <linux/jhash.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#define CLUSTERIP_DIR "/proc/net/ipt_CLUSTERIP"
+
+typedef struct private_ha_kernel_t private_ha_kernel_t;
+
+/**
+ * Private data of an ha_kernel_t object.
+ */
+struct private_ha_kernel_t {
+
+ /**
+ * Public ha_kernel_t interface.
+ */
+ ha_kernel_t public;
+
+ /**
+ * Init value for jhash
+ */
+ u_int initval;
+
+ /**
+ * Total number of ClusterIP segments
+ */
+ u_int count;
+};
+
+/**
+ * Implementation of ha_kernel_t.in_segment
+ */
+static bool in_segment(private_ha_kernel_t *this, host_t *host, u_int segment)
+{
+ if (host->get_family(host) == AF_INET)
+ {
+ unsigned long hash;
+ u_int32_t addr;
+
+ addr = *(u_int32_t*)host->get_address(host).ptr;
+ hash = jhash_1word(ntohl(addr), this->initval);
+
+ if ((((u_int64_t)hash * this->count) >> 32) + 1 == segment)
+ {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+/**
+ * Activate/Deactivate a segment for a given clusterip file
+ */
+static void enable_disable(private_ha_kernel_t *this, u_int segment,
+ char *file, bool enable)
+{
+ char cmd[8];
+ int fd;
+
+ snprintf(cmd, sizeof(cmd), "%c%d\n", enable ? '+' : '-', segment);
+
+ fd = open(file, O_WRONLY);
+ if (fd == -1)
+ {
+ DBG1(DBG_CFG, "opening CLUSTERIP file '%s' failed: %s",
+ file, strerror(errno));
+ return;
+ }
+ if (write(fd, cmd, strlen(cmd) == -1))
+ {
+ DBG1(DBG_CFG, "writing to CLUSTERIP file '%s' failed: %s",
+ file, strerror(errno));
+ }
+ close(fd);
+}
+
+/**
+ * Get the currenlty active segments in the kernel for a clusterip file
+ */
+static segment_mask_t get_active(private_ha_kernel_t *this, char *file)
+{
+ char buf[256];
+ segment_mask_t mask = 0;
+ ssize_t len;
+ int fd;
+
+ fd = open(file, O_RDONLY);
+ if (fd == -1)
+ {
+ DBG1(DBG_CFG, "opening CLUSTERIP file '%s' failed: %s",
+ file, strerror(errno));
+ return 0;
+ }
+ len = read(fd, buf, sizeof(buf)-1);
+ if (len == -1)
+ {
+ DBG1(DBG_CFG, "reading from CLUSTERIP file '%s' failed: %s",
+ file, strerror(errno));
+ }
+ else
+ {
+ enumerator_t *enumerator;
+ u_int segment;
+ char *token;
+
+ buf[len] = '\0';
+ enumerator = enumerator_create_token(buf, ",", " ");
+ while (enumerator->enumerate(enumerator, &token))
+ {
+ segment = atoi(token);
+ if (segment)
+ {
+ mask |= SEGMENTS_BIT(segment);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+ return mask;
+}
+
+/**
+ * Implementation of ha_kernel_t.activate
+ */
+static void activate(private_ha_kernel_t *this, u_int segment)
+{
+ enumerator_t *enumerator;
+ char *file;
+
+ enumerator = enumerator_create_directory(CLUSTERIP_DIR);
+ while (enumerator->enumerate(enumerator, NULL, &file, NULL))
+ {
+ enable_disable(this, segment, file, TRUE);
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * Implementation of ha_kernel_t.deactivate
+ */
+static void deactivate(private_ha_kernel_t *this, u_int segment)
+{
+ enumerator_t *enumerator;
+ char *file;
+
+ enumerator = enumerator_create_directory(CLUSTERIP_DIR);
+ while (enumerator->enumerate(enumerator, NULL, &file, NULL))
+ {
+ enable_disable(this, segment, file, FALSE);
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * Disable all not-yet disabled segments on all clusterip addresses
+ */
+static void disable_all(private_ha_kernel_t *this)
+{
+ enumerator_t *enumerator;
+ segment_mask_t active;
+ char *file;
+ int i;
+
+ enumerator = enumerator_create_directory(CLUSTERIP_DIR);
+ while (enumerator->enumerate(enumerator, NULL, &file, NULL))
+ {
+ active = get_active(this, file);
+ for (i = 1; i <= this->count; i++)
+ {
+ if (active & SEGMENTS_BIT(i))
+ {
+ enable_disable(this, i, file, FALSE);
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * Implementation of ha_kernel_t.destroy.
+ */
+static void destroy(private_ha_kernel_t *this)
+{
+ free(this);
+}
+
+/**
+ * See header
+ */
+ha_kernel_t *ha_kernel_create(u_int count)
+{
+ private_ha_kernel_t *this = malloc_thing(private_ha_kernel_t);
+
+ this->public.in_segment = (bool(*)(ha_kernel_t*, host_t *host, u_int segment))in_segment;
+ this->public.activate = (void(*)(ha_kernel_t*, u_int segment))activate;
+ this->public.deactivate = (void(*)(ha_kernel_t*, u_int segment))deactivate;
+ this->public.destroy = (void(*)(ha_kernel_t*))destroy;
+
+ this->initval = 0;
+ this->count = count;
+
+ disable_all(this);
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_kernel.h b/src/libcharon/plugins/ha/ha_kernel.h
new file mode 100644
index 000000000..b37cc7667
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_kernel.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_kernel ha_kernel
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_KERNEL_H_
+#define HA_KERNEL_H_
+
+typedef struct ha_kernel_t ha_kernel_t;
+
+#include "ha_segments.h"
+
+/**
+ * HA segment kernel configuration interface.
+ */
+struct ha_kernel_t {
+
+ /**
+ * Check if a host is in a segment.
+ *
+ * @param host host to check
+ * @param segment segment
+ * @return TRUE if host belongs to segment
+ */
+ bool (*in_segment)(ha_kernel_t *this, host_t *host, u_int segment);
+
+ /**
+ * Activate a segment at kernel level for all cluster addresses.
+ *
+ * @param segment segment to activate
+ */
+ void (*activate)(ha_kernel_t *this, u_int segment);
+
+ /**
+ * Deactivate a segment at kernel level for all cluster addresses.
+ *
+ * @param segment segment to deactivate
+ */
+ void (*deactivate)(ha_kernel_t *this, u_int segment);
+
+ /**
+ * Destroy a ha_kernel_t.
+ */
+ void (*destroy)(ha_kernel_t *this);
+};
+
+/**
+ * Create a ha_kernel instance.
+ *
+ * @param count total number of segments to use
+ * @param active bitmask of initially active segments
+ */
+ha_kernel_t *ha_kernel_create(u_int count);
+
+#endif /* HA_KERNEL_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_message.c b/src/libcharon/plugins/ha/ha_message.c
new file mode 100644
index 000000000..54b10f05d
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_message.c
@@ -0,0 +1,663 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <string.h>
+#include <arpa/inet.h>
+
+#include "ha_message.h"
+
+#include <daemon.h>
+
+#define ALLOCATION_BLOCK 64
+
+typedef struct private_ha_message_t private_ha_message_t;
+
+/**
+ * Private data of an ha_message_t object.
+ */
+struct private_ha_message_t {
+
+ /**
+ * Public ha_message_t interface.
+ */
+ ha_message_t public;
+
+ /**
+ * Allocated size of buf
+ */
+ size_t allocated;
+
+ /**
+ * Buffer containing encoded data
+ */
+ chunk_t buf;
+};
+
+typedef struct ike_sa_id_encoding_t ike_sa_id_encoding_t;
+
+/**
+ * Encoding if an ike_sa_id_t
+ */
+struct ike_sa_id_encoding_t {
+ u_int64_t initiator_spi;
+ u_int64_t responder_spi;
+ u_int8_t initiator;
+} __attribute__((packed));
+
+typedef struct identification_encoding_t identification_encoding_t;
+
+/**
+ * Encoding of a identification_t
+ */
+struct identification_encoding_t {
+ u_int8_t type;
+ u_int8_t len;
+ char encoding[];
+} __attribute__((packed));
+
+typedef struct host_encoding_t host_encoding_t;
+
+/**
+ * encoding of a host_t
+ */
+struct host_encoding_t {
+ u_int16_t port;
+ u_int8_t family;
+ char encoding[];
+} __attribute__((packed));
+
+typedef struct ts_encoding_t ts_encoding_t;
+
+/**
+ * encoding of a traffic_selector_t
+ */
+struct ts_encoding_t {
+ u_int8_t type;
+ u_int8_t protocol;
+ u_int16_t from_port;
+ u_int16_t to_port;
+ u_int8_t dynamic;
+ char encoding[];
+} __attribute__((packed));
+
+/**
+ * Implementation of ha_message_t.get_type
+ */
+static ha_message_type_t get_type(private_ha_message_t *this)
+{
+ return this->buf.ptr[1];
+}
+
+/**
+ * check for space in buffer, increase if necessary
+ */
+static void check_buf(private_ha_message_t *this, size_t len)
+{
+ int increased = 0;
+
+ while (this->buf.len + len > this->allocated)
+ { /* double size */
+ this->allocated += ALLOCATION_BLOCK;
+ increased++;
+ }
+ if (increased)
+ {
+ this->buf.ptr = realloc(this->buf.ptr, this->allocated);
+ }
+}
+
+/**
+ * Implementation of ha_message_t.add_attribute
+ */
+static void add_attribute(private_ha_message_t *this,
+ ha_message_attribute_t attribute, ...)
+{
+ size_t len;
+ va_list args;
+
+ check_buf(this, sizeof(u_int8_t));
+ this->buf.ptr[this->buf.len] = attribute;
+ this->buf.len += sizeof(u_int8_t);
+
+ va_start(args, attribute);
+ switch (attribute)
+ {
+ /* ike_sa_id_t* */
+ case HA_IKE_ID:
+ case HA_IKE_REKEY_ID:
+ {
+ ike_sa_id_encoding_t *enc;
+ ike_sa_id_t *id;
+
+ id = va_arg(args, ike_sa_id_t*);
+ check_buf(this, sizeof(ike_sa_id_encoding_t));
+ enc = (ike_sa_id_encoding_t*)(this->buf.ptr + this->buf.len);
+ this->buf.len += sizeof(ike_sa_id_encoding_t);
+ enc->initiator = id->is_initiator(id);
+ enc->initiator_spi = id->get_initiator_spi(id);
+ enc->responder_spi = id->get_responder_spi(id);
+ break;
+ }
+ /* identification_t* */
+ case HA_LOCAL_ID:
+ case HA_REMOTE_ID:
+ {
+ identification_encoding_t *enc;
+ identification_t *id;
+ chunk_t data;
+
+ id = va_arg(args, identification_t*);
+ data = id->get_encoding(id);
+ check_buf(this, sizeof(identification_encoding_t) + data.len);
+ enc = (identification_encoding_t*)(this->buf.ptr + this->buf.len);
+ this->buf.len += sizeof(identification_encoding_t) + data.len;
+ enc->type = id->get_type(id);
+ enc->len = data.len;
+ memcpy(enc->encoding, data.ptr, data.len);
+ break;
+ }
+ /* host_t* */
+ case HA_LOCAL_ADDR:
+ case HA_REMOTE_ADDR:
+ case HA_LOCAL_VIP:
+ case HA_REMOTE_VIP:
+ case HA_ADDITIONAL_ADDR:
+ {
+ host_encoding_t *enc;
+ host_t *host;
+ chunk_t data;
+
+ host = va_arg(args, host_t*);
+ data = host->get_address(host);
+ check_buf(this, sizeof(host_encoding_t) + data.len);
+ enc = (host_encoding_t*)(this->buf.ptr + this->buf.len);
+ this->buf.len += sizeof(host_encoding_t) + data.len;
+ enc->family = host->get_family(host);
+ enc->port = htons(host->get_port(host));
+ memcpy(enc->encoding, data.ptr, data.len);
+ break;
+ }
+ /* char* */
+ case HA_CONFIG_NAME:
+ {
+ char *str;
+
+ str = va_arg(args, char*);
+ len = strlen(str) + 1;
+ check_buf(this, len);
+ memcpy(this->buf.ptr + this->buf.len, str, len);
+ this->buf.len += len;
+ break;
+ }
+ /* u_int8_t */
+ case HA_IPSEC_MODE:
+ case HA_IPCOMP:
+ {
+ u_int8_t val;
+
+ val = va_arg(args, u_int);
+ check_buf(this, sizeof(val));
+ this->buf.ptr[this->buf.len] = val;
+ this->buf.len += sizeof(val);
+ break;
+ }
+ /* u_int16_t */
+ case HA_ALG_PRF:
+ case HA_ALG_OLD_PRF:
+ case HA_ALG_ENCR:
+ case HA_ALG_ENCR_LEN:
+ case HA_ALG_INTEG:
+ case HA_INBOUND_CPI:
+ case HA_OUTBOUND_CPI:
+ case HA_SEGMENT:
+ {
+ u_int16_t val;
+
+ val = va_arg(args, u_int);
+ check_buf(this, sizeof(val));
+ *(u_int16_t*)(this->buf.ptr + this->buf.len) = htons(val);
+ this->buf.len += sizeof(val);
+ break;
+ }
+ /** u_int32_t */
+ case HA_CONDITIONS:
+ case HA_EXTENSIONS:
+ case HA_INBOUND_SPI:
+ case HA_OUTBOUND_SPI:
+ case HA_INITIATE_MID:
+ case HA_RESPOND_MID:
+ {
+ u_int32_t val;
+
+ val = va_arg(args, u_int);
+ check_buf(this, sizeof(val));
+ *(u_int32_t*)(this->buf.ptr + this->buf.len) = htonl(val);
+ this->buf.len += sizeof(val);
+ break;
+ }
+ /** chunk_t */
+ case HA_NONCE_I:
+ case HA_NONCE_R:
+ case HA_SECRET:
+ case HA_OLD_SKD:
+ {
+ chunk_t chunk;
+
+ chunk = va_arg(args, chunk_t);
+ check_buf(this, chunk.len + sizeof(u_int16_t));
+ *(u_int16_t*)(this->buf.ptr + this->buf.len) = htons(chunk.len);
+ memcpy(this->buf.ptr + this->buf.len + sizeof(u_int16_t),
+ chunk.ptr, chunk.len);
+ this->buf.len += chunk.len + sizeof(u_int16_t);;
+ break;
+ }
+ /** traffic_selector_t */
+ case HA_LOCAL_TS:
+ case HA_REMOTE_TS:
+ {
+ ts_encoding_t *enc;
+ traffic_selector_t *ts;
+ chunk_t data;
+
+ ts = va_arg(args, traffic_selector_t*);
+ data = chunk_cata("cc", ts->get_from_address(ts),
+ ts->get_to_address(ts));
+ check_buf(this, sizeof(ts_encoding_t) + data.len);
+ enc = (ts_encoding_t*)(this->buf.ptr + this->buf.len);
+ this->buf.len += sizeof(ts_encoding_t) + data.len;
+ enc->type = ts->get_type(ts);
+ enc->protocol = ts->get_protocol(ts);
+ enc->from_port = htons(ts->get_from_port(ts));
+ enc->to_port = htons(ts->get_to_port(ts));
+ enc->dynamic = ts->is_dynamic(ts);
+ memcpy(enc->encoding, data.ptr, data.len);
+ break;
+ }
+ default:
+ {
+ DBG1(DBG_CFG, "unable to encode, attribute %d unknown", attribute);
+ this->buf.len -= sizeof(u_int8_t);
+ break;
+ }
+ }
+ va_end(args);
+}
+
+/**
+ * Attribute enumerator implementation
+ */
+typedef struct {
+ /** implementes enumerator_t */
+ enumerator_t public;
+ /** position in message */
+ chunk_t buf;
+ /** cleanup handler of current element, if any */
+ void (*cleanup)(void* data);
+ /** data to pass to cleanup handler */
+ void *cleanup_data;
+} attribute_enumerator_t;
+
+/**
+ * Implementation of create_attribute_enumerator().enumerate
+ */
+static bool attribute_enumerate(attribute_enumerator_t *this,
+ ha_message_attribute_t *attr_out,
+ ha_message_value_t *value)
+{
+ ha_message_attribute_t attr;
+
+ if (this->cleanup)
+ {
+ this->cleanup(this->cleanup_data);
+ this->cleanup = NULL;
+ }
+ if (this->buf.len < 1)
+ {
+ return FALSE;
+ }
+ attr = this->buf.ptr[0];
+ this->buf = chunk_skip(this->buf, 1);
+ switch (attr)
+ {
+ /* ike_sa_id_t* */
+ case HA_IKE_ID:
+ case HA_IKE_REKEY_ID:
+ {
+ ike_sa_id_encoding_t *enc;
+
+ if (this->buf.len < sizeof(ike_sa_id_encoding_t))
+ {
+ return FALSE;
+ }
+ enc = (ike_sa_id_encoding_t*)(this->buf.ptr);
+ value->ike_sa_id = ike_sa_id_create(enc->initiator_spi,
+ enc->responder_spi, enc->initiator);
+ *attr_out = attr;
+ this->cleanup = (void*)value->ike_sa_id->destroy;
+ this->cleanup_data = value->ike_sa_id;
+ this->buf = chunk_skip(this->buf, sizeof(ike_sa_id_encoding_t));
+ return TRUE;
+ }
+ /* identification_t* */
+ case HA_LOCAL_ID:
+ case HA_REMOTE_ID:
+ {
+ identification_encoding_t *enc;
+
+ enc = (identification_encoding_t*)(this->buf.ptr);
+ if (this->buf.len < sizeof(identification_encoding_t) ||
+ this->buf.len < sizeof(identification_encoding_t) + enc->len)
+ {
+ return FALSE;
+ }
+ value->id = identification_create_from_encoding(enc->type,
+ chunk_create(enc->encoding, enc->len));
+ *attr_out = attr;
+ this->cleanup = (void*)value->id->destroy;
+ this->cleanup_data = value->id;
+ this->buf = chunk_skip(this->buf,
+ sizeof(identification_encoding_t) + enc->len);
+ return TRUE;
+ }
+ /* host_t* */
+ case HA_LOCAL_ADDR:
+ case HA_REMOTE_ADDR:
+ case HA_LOCAL_VIP:
+ case HA_REMOTE_VIP:
+ case HA_ADDITIONAL_ADDR:
+ {
+ host_encoding_t *enc;
+
+ enc = (host_encoding_t*)(this->buf.ptr);
+ if (this->buf.len < sizeof(host_encoding_t))
+ {
+ return FALSE;
+ }
+ value->host = host_create_from_chunk(enc->family,
+ chunk_create(enc->encoding,
+ this->buf.len - sizeof(host_encoding_t)),
+ ntohs(enc->port));
+ if (!value->host)
+ {
+ return FALSE;
+ }
+ *attr_out = attr;
+ this->cleanup = (void*)value->host->destroy;
+ this->cleanup_data = value->host;
+ this->buf = chunk_skip(this->buf, sizeof(host_encoding_t) +
+ value->host->get_address(value->host).len);
+ return TRUE;
+ }
+ /* char* */
+ case HA_CONFIG_NAME:
+ {
+ size_t len;
+
+ len = strnlen(this->buf.ptr, this->buf.len);
+ if (len >= this->buf.len)
+ {
+ return FALSE;
+ }
+ value->str = this->buf.ptr;
+ *attr_out = attr;
+ this->buf = chunk_skip(this->buf, len + 1);
+ return TRUE;
+ }
+ /* u_int8_t */
+ case HA_IPSEC_MODE:
+ case HA_IPCOMP:
+ {
+ if (this->buf.len < sizeof(u_int8_t))
+ {
+ return FALSE;
+ }
+ value->u8 = *(u_int8_t*)this->buf.ptr;
+ *attr_out = attr;
+ this->buf = chunk_skip(this->buf, sizeof(u_int8_t));
+ return TRUE;
+ }
+ /** u_int16_t */
+ case HA_ALG_PRF:
+ case HA_ALG_OLD_PRF:
+ case HA_ALG_ENCR:
+ case HA_ALG_ENCR_LEN:
+ case HA_ALG_INTEG:
+ case HA_INBOUND_CPI:
+ case HA_OUTBOUND_CPI:
+ case HA_SEGMENT:
+ {
+ if (this->buf.len < sizeof(u_int16_t))
+ {
+ return FALSE;
+ }
+ value->u16 = ntohs(*(u_int16_t*)this->buf.ptr);
+ *attr_out = attr;
+ this->buf = chunk_skip(this->buf, sizeof(u_int16_t));
+ return TRUE;
+ }
+ /** u_int32_t */
+ case HA_CONDITIONS:
+ case HA_EXTENSIONS:
+ case HA_INBOUND_SPI:
+ case HA_OUTBOUND_SPI:
+ case HA_INITIATE_MID:
+ case HA_RESPOND_MID:
+ {
+ if (this->buf.len < sizeof(u_int32_t))
+ {
+ return FALSE;
+ }
+ value->u32 = ntohl(*(u_int32_t*)this->buf.ptr);
+ *attr_out = attr;
+ this->buf = chunk_skip(this->buf, sizeof(u_int32_t));
+ return TRUE;
+ }
+ /** chunk_t */
+ case HA_NONCE_I:
+ case HA_NONCE_R:
+ case HA_SECRET:
+ case HA_OLD_SKD:
+ {
+ size_t len;
+
+ if (this->buf.len < sizeof(u_int16_t))
+ {
+ return FALSE;
+ }
+ len = ntohs(*(u_int16_t*)this->buf.ptr);
+ this->buf = chunk_skip(this->buf, sizeof(u_int16_t));
+ if (this->buf.len < len)
+ {
+ return FALSE;
+ }
+ value->chunk.len = len;
+ value->chunk.ptr = this->buf.ptr;
+ *attr_out = attr;
+ this->buf = chunk_skip(this->buf, len);
+ return TRUE;
+ }
+ case HA_LOCAL_TS:
+ case HA_REMOTE_TS:
+ {
+ ts_encoding_t *enc;
+ host_t *host;
+ int addr_len;
+
+ enc = (ts_encoding_t*)(this->buf.ptr);
+ if (this->buf.len < sizeof(ts_encoding_t))
+ {
+ return FALSE;
+ }
+ switch (enc->type)
+ {
+ case TS_IPV4_ADDR_RANGE:
+ addr_len = 4;
+ if (this->buf.len < sizeof(ts_encoding_t) + 2 * addr_len)
+ {
+ return FALSE;
+ }
+ break;
+ case TS_IPV6_ADDR_RANGE:
+ addr_len = 16;
+ if (this->buf.len < sizeof(ts_encoding_t) + 2 * addr_len)
+ {
+ return FALSE;
+ }
+ break;
+ default:
+ return FALSE;
+ }
+ if (enc->dynamic)
+ {
+ host = host_create_from_chunk(0,
+ chunk_create(enc->encoding, addr_len), 0);
+ if (!host)
+ {
+ return FALSE;
+ }
+ value->ts = traffic_selector_create_dynamic(enc->protocol,
+ ntohs(enc->from_port), ntohs(enc->to_port));
+ value->ts->set_address(value->ts, host);
+ host->destroy(host);
+ }
+ else
+ {
+ value->ts = traffic_selector_create_from_bytes(enc->protocol,
+ enc->type, chunk_create(enc->encoding, addr_len),
+ ntohs(enc->from_port),
+ chunk_create(enc->encoding + addr_len, addr_len),
+ ntohs(enc->to_port));
+ if (!value->ts)
+ {
+ return FALSE;
+ }
+ }
+ *attr_out = attr;
+ this->cleanup = (void*)value->ts->destroy;
+ this->cleanup_data = value->ts;
+ this->buf = chunk_skip(this->buf, sizeof(ts_encoding_t)
+ + addr_len * 2);
+ return TRUE;
+ }
+ default:
+ {
+ return FALSE;
+ }
+ }
+}
+
+/**
+ * Implementation of create_attribute_enumerator().destroy
+ */
+static void enum_destroy(attribute_enumerator_t *this)
+{
+ if (this->cleanup)
+ {
+ this->cleanup(this->cleanup_data);
+ }
+ free(this);
+}
+
+/**
+ * Implementation of ha_message_t.create_attribute_enumerator
+ */
+static enumerator_t* create_attribute_enumerator(private_ha_message_t *this)
+{
+ attribute_enumerator_t *e = malloc_thing(attribute_enumerator_t);
+
+ e->public.enumerate = (void*)attribute_enumerate;
+ e->public.destroy = (void*)enum_destroy;
+
+ e->buf = chunk_skip(this->buf, 2);
+ e->cleanup = NULL;
+ e->cleanup_data = NULL;
+
+ return &e->public;
+}
+
+/**
+ * Implementation of ha_message_t.get_encoding
+ */
+static chunk_t get_encoding(private_ha_message_t *this)
+{
+ return this->buf;
+}
+
+/**
+ * Implementation of ha_message_t.destroy.
+ */
+static void destroy(private_ha_message_t *this)
+{
+ free(this->buf.ptr);
+ free(this);
+}
+
+
+static private_ha_message_t *ha_message_create_generic()
+{
+ private_ha_message_t *this = malloc_thing(private_ha_message_t);
+
+ this->public.get_type = (ha_message_type_t(*)(ha_message_t*))get_type;
+ this->public.add_attribute = (void(*)(ha_message_t*, ha_message_attribute_t attribute, ...))add_attribute;
+ this->public.create_attribute_enumerator = (enumerator_t*(*)(ha_message_t*))create_attribute_enumerator;
+ this->public.get_encoding = (chunk_t(*)(ha_message_t*))get_encoding;
+ this->public.destroy = (void(*)(ha_message_t*))destroy;
+
+ return this;
+}
+
+/**
+ * See header
+ */
+ha_message_t *ha_message_create(ha_message_type_t type)
+{
+ private_ha_message_t *this = ha_message_create_generic();
+
+ this->allocated = ALLOCATION_BLOCK;
+ this->buf.ptr = malloc(this->allocated);
+ this->buf.len = 2;
+ this->buf.ptr[0] = HA_MESSAGE_VERSION;
+ this->buf.ptr[1] = type;
+
+ return &this->public;
+}
+
+/**
+ * See header
+ */
+ha_message_t *ha_message_parse(chunk_t data)
+{
+ private_ha_message_t *this;
+
+ if (data.len < 2)
+ {
+ DBG1(DBG_CFG, "HA message too short");
+ return NULL;
+ }
+ if (data.ptr[0] != HA_MESSAGE_VERSION)
+ {
+ DBG1(DBG_CFG, "HA message has version %d, expected %d",
+ data.ptr[0], HA_MESSAGE_VERSION);
+ return NULL;
+ }
+
+ this = ha_message_create_generic();
+ this->buf = chunk_clone(data);
+ this->allocated = this->buf.len;
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_message.h b/src/libcharon/plugins/ha/ha_message.h
new file mode 100644
index 000000000..b2bc23724
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_message.h
@@ -0,0 +1,205 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_message ha_message
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_MESSAGE_H_
+#define HA_MESSAGE_H_
+
+#include <library.h>
+#include <utils/host.h>
+#include <utils/identification.h>
+#include <sa/ike_sa_id.h>
+#include <selectors/traffic_selector.h>
+
+/**
+ * Protocol version of this implementation
+ */
+#define HA_MESSAGE_VERSION 1
+
+typedef struct ha_message_t ha_message_t;
+typedef enum ha_message_type_t ha_message_type_t;
+typedef enum ha_message_attribute_t ha_message_attribute_t;
+typedef union ha_message_value_t ha_message_value_t;
+
+/**
+ * Type of a HA message
+ */
+enum ha_message_type_t {
+ /** add a completely new IKE_SA */
+ HA_IKE_ADD = 1,
+ /** update an existing IKE_SA (message IDs, address update, ...) */
+ HA_IKE_UPDATE,
+ /** delete an existing IKE_SA */
+ HA_IKE_DELETE,
+ /** add a new CHILD_SA */
+ HA_CHILD_ADD,
+ /** delete an existing CHILD_SA */
+ HA_CHILD_DELETE,
+ /** segments the sending node is giving up */
+ HA_SEGMENT_DROP,
+ /** segments the sending node is taking over */
+ HA_SEGMENT_TAKE,
+ /** status with the segments the sending node is currently serving */
+ HA_STATUS,
+ /** segments the receiving node is requested to resync */
+ HA_RESYNC,
+};
+
+/**
+ * Type of attributes contained in a message
+ */
+enum ha_message_attribute_t {
+ /** ike_sa_id_t*, to identify IKE_SA */
+ HA_IKE_ID = 1,
+ /** ike_Sa_id_t*, identifies IKE_SA which gets rekeyed */
+ HA_IKE_REKEY_ID,
+ /** identification_t*, local identity */
+ HA_LOCAL_ID,
+ /** identification_t*, remote identity */
+ HA_REMOTE_ID,
+ /** host_t*, local address */
+ HA_LOCAL_ADDR,
+ /** host_t*, remote address */
+ HA_REMOTE_ADDR,
+ /** char*, name of configuration */
+ HA_CONFIG_NAME,
+ /** u_int32_t, bitset of ike_condition_t */
+ HA_CONDITIONS,
+ /** u_int32_t, bitset of ike_extension_t */
+ HA_EXTENSIONS,
+ /** host_t*, local virtual IP */
+ HA_LOCAL_VIP,
+ /** host_t*, remote virtual IP */
+ HA_REMOTE_VIP,
+ /** host_t*, additional MOBIKE peer address */
+ HA_ADDITIONAL_ADDR,
+ /** chunk_t, initiators nonce */
+ HA_NONCE_I,
+ /** chunk_t, responders nonce */
+ HA_NONCE_R,
+ /** chunk_t, diffie hellman shared secret */
+ HA_SECRET,
+ /** chunk_t, SKd of old SA if rekeying */
+ HA_OLD_SKD,
+ /** u_int16_t, pseudo random function */
+ HA_ALG_PRF,
+ /** u_int16_t, old pseudo random function if rekeying */
+ HA_ALG_OLD_PRF,
+ /** u_int16_t, encryption algorithm */
+ HA_ALG_ENCR,
+ /** u_int16_t, encryption key size in bytes */
+ HA_ALG_ENCR_LEN,
+ /** u_int16_t, integrity protection algorithm */
+ HA_ALG_INTEG,
+ /** u_int8_t, IPsec mode, TUNNEL|TRANSPORT|... */
+ HA_IPSEC_MODE,
+ /** u_int8_t, IPComp protocol */
+ HA_IPCOMP,
+ /** u_int32_t, inbound security parameter index */
+ HA_INBOUND_SPI,
+ /** u_int32_t, outbound security parameter index */
+ HA_OUTBOUND_SPI,
+ /** u_int16_t, inbound security parameter index */
+ HA_INBOUND_CPI,
+ /** u_int16_t, outbound security parameter index */
+ HA_OUTBOUND_CPI,
+ /** traffic_selector_t*, local traffic selector */
+ HA_LOCAL_TS,
+ /** traffic_selector_t*, remote traffic selector */
+ HA_REMOTE_TS,
+ /** u_int32_t, initiating message ID */
+ HA_INITIATE_MID,
+ /** u_int32_t, responding message ID */
+ HA_RESPOND_MID,
+ /** u_int16_t, HA segment */
+ HA_SEGMENT,
+};
+
+/**
+ * Union to enumerate typed attributes in a message
+ */
+union ha_message_value_t {
+ u_int8_t u8;
+ u_int16_t u16;
+ u_int32_t u32;
+ char *str;
+ chunk_t chunk;
+ ike_sa_id_t *ike_sa_id;
+ identification_t *id;
+ host_t *host;
+ traffic_selector_t *ts;
+};
+
+/**
+ * Abstracted message passed between nodes in a HA cluster.
+ */
+struct ha_message_t {
+
+ /**
+ * Get the type of the message.
+ *
+ * @return message type
+ */
+ ha_message_type_t (*get_type)(ha_message_t *this);
+
+ /**
+ * Add an attribute to a message.
+ *
+ * @param attribute attribute type to add
+ * @param ... attribute specific data
+ */
+ void (*add_attribute)(ha_message_t *this,
+ ha_message_attribute_t attribute, ...);
+
+ /**
+ * Create an enumerator over all attributes in a message.
+ *
+ * @return enumerator over attribute, ha_message_value_t
+ */
+ enumerator_t* (*create_attribute_enumerator)(ha_message_t *this);
+
+ /**
+ * Get the message in a encoded form.
+ *
+ * @return chunk pointing to internal data
+ */
+ chunk_t (*get_encoding)(ha_message_t *this);
+
+ /**
+ * Destroy a ha_message_t.
+ */
+ void (*destroy)(ha_message_t *this);
+};
+
+/**
+ * Create a new ha_message instance, ready for adding attributes
+ *
+ * @param version protocol version to create a message from
+ * @param type type of the message
+ */
+ha_message_t *ha_message_create(ha_message_type_t type);
+
+/**
+ * Create a ha_message from encoded data.
+ *
+ * @param data encoded message data
+ */
+ha_message_t *ha_message_parse(chunk_t data);
+
+#endif /* HA_MESSAGE_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c
new file mode 100644
index 000000000..ea255c8ab
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_plugin.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_plugin.h"
+#include "ha_ike.h"
+#include "ha_child.h"
+#include "ha_socket.h"
+#include "ha_tunnel.h"
+#include "ha_dispatcher.h"
+#include "ha_segments.h"
+#include "ha_ctl.h"
+
+#include <daemon.h>
+#include <config/child_cfg.h>
+
+typedef struct private_ha_plugin_t private_ha_plugin_t;
+
+/**
+ * private data of ha plugin
+ */
+struct private_ha_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ ha_plugin_t public;
+
+ /**
+ * Communication socket
+ */
+ ha_socket_t *socket;
+
+ /**
+ * Tunnel securing sync messages.
+ */
+ ha_tunnel_t *tunnel;
+
+ /**
+ * IKE_SA synchronization
+ */
+ ha_ike_t *ike;
+
+ /**
+ * CHILD_SA synchronization
+ */
+ ha_child_t *child;
+
+ /**
+ * Dispatcher to process incoming messages
+ */
+ ha_dispatcher_t *dispatcher;
+
+ /**
+ * Active/Passive segment management
+ */
+ ha_segments_t *segments;
+
+ /**
+ * Interface to control segments at kernel level
+ */
+ ha_kernel_t *kernel;
+
+ /**
+ * Segment control interface via FIFO
+ */
+ ha_ctl_t *ctl;
+};
+
+/**
+ * Implementation of plugin_t.destroy
+ */
+static void destroy(private_ha_plugin_t *this)
+{
+ DESTROY_IF(this->ctl);
+ charon->bus->remove_listener(charon->bus, &this->segments->listener);
+ charon->bus->remove_listener(charon->bus, &this->ike->listener);
+ charon->bus->remove_listener(charon->bus, &this->child->listener);
+ this->ike->destroy(this->ike);
+ this->child->destroy(this->child);
+ this->dispatcher->destroy(this->dispatcher);
+ this->segments->destroy(this->segments);
+ this->kernel->destroy(this->kernel);
+ this->socket->destroy(this->socket);
+ DESTROY_IF(this->tunnel);
+ free(this);
+}
+
+/**
+ * Plugin constructor
+ */
+plugin_t *ha_plugin_create()
+{
+ private_ha_plugin_t *this;
+ char *local, *remote, *secret;
+ u_int count;
+ bool fifo, monitor, resync;
+
+ local = lib->settings->get_str(lib->settings,
+ "charon.plugins.ha.local", NULL);
+ remote = lib->settings->get_str(lib->settings,
+ "charon.plugins.ha.remote", NULL);
+ secret = lib->settings->get_str(lib->settings,
+ "charon.plugins.ha.secret", NULL);
+ fifo = lib->settings->get_bool(lib->settings,
+ "charon.plugins.ha.fifo_interface", TRUE);
+ monitor = lib->settings->get_bool(lib->settings,
+ "charon.plugins.ha.monitor", TRUE);
+ resync = lib->settings->get_bool(lib->settings,
+ "charon.plugins.ha.resync", TRUE);
+ count = min(SEGMENTS_MAX, lib->settings->get_int(lib->settings,
+ "charon.plugins.ha.segment_count", 1));
+ if (!local || !remote)
+ {
+ DBG1(DBG_CFG, "HA config misses local/remote address");
+ return NULL;
+ }
+
+ this = malloc_thing(private_ha_plugin_t);
+
+ this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ this->tunnel = NULL;
+ this->ctl = NULL;
+
+ if (secret)
+ {
+ this->tunnel = ha_tunnel_create(local, remote, secret);
+ }
+ this->socket = ha_socket_create(local, remote);
+ if (!this->socket)
+ {
+ DESTROY_IF(this->tunnel);
+ free(this);
+ return NULL;
+ }
+ this->kernel = ha_kernel_create(count);
+ this->segments = ha_segments_create(this->socket, this->kernel, this->tunnel,
+ count, strcmp(local, remote) > 0, monitor, resync);
+ if (fifo)
+ {
+ this->ctl = ha_ctl_create(this->segments);
+ }
+ this->dispatcher = ha_dispatcher_create(this->socket, this->segments);
+ this->ike = ha_ike_create(this->socket, this->tunnel);
+ this->child = ha_child_create(this->socket, this->tunnel);
+ charon->bus->add_listener(charon->bus, &this->segments->listener);
+ charon->bus->add_listener(charon->bus, &this->ike->listener);
+ charon->bus->add_listener(charon->bus, &this->child->listener);
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_plugin.h b/src/libcharon/plugins/ha/ha_plugin.h
new file mode 100644
index 000000000..1ae2fe6dd
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_plugin.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha ha
+ * @ingroup cplugins
+ *
+ * @defgroup ha_plugin ha_plugin
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_PLUGIN_H_
+#define HA_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+/**
+ * UDP port we use for communication
+ */
+#define HA_PORT 4510
+
+typedef struct ha_plugin_t ha_plugin_t;
+
+/**
+ * Plugin to synchronize state in a high availability cluster.
+ */
+struct ha_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /* HA_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c
new file mode 100644
index 000000000..2199671fc
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_segments.c
@@ -0,0 +1,503 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_segments.h"
+
+#include <pthread.h>
+
+#include <threading/mutex.h>
+#include <threading/condvar.h>
+#include <utils/linked_list.h>
+#include <processing/jobs/callback_job.h>
+
+#define HEARTBEAT_DELAY 1000
+#define HEARTBEAT_TIMEOUT 2100
+
+typedef struct private_ha_segments_t private_ha_segments_t;
+
+/**
+ * Private data of an ha_segments_t object.
+ */
+struct private_ha_segments_t {
+
+ /**
+ * Public ha_segments_t interface.
+ */
+ ha_segments_t public;
+
+ /**
+ * communication socket
+ */
+ ha_socket_t *socket;
+
+ /**
+ * Sync tunnel, if any
+ */
+ ha_tunnel_t *tunnel;
+
+ /**
+ * Interface to control segments at kernel level
+ */
+ ha_kernel_t *kernel;
+
+ /**
+ * Mutex to lock segment manipulation
+ */
+ mutex_t *mutex;
+
+ /**
+ * Condvar to wait for heartbeats
+ */
+ condvar_t *condvar;
+
+ /**
+ * Job checking for heartbeats
+ */
+ callback_job_t *job;
+
+ /**
+ * Total number of ClusterIP segments
+ */
+ u_int count;
+
+ /**
+ * mask of active segments
+ */
+ segment_mask_t active;
+
+ /**
+ * Node number
+ */
+ u_int node;
+};
+
+/**
+ * Log currently active segments
+ */
+static void log_segments(private_ha_segments_t *this, bool activated,
+ u_int segment)
+{
+ char buf[64] = "none", *pos = buf;
+ int i;
+ bool first = TRUE;
+
+ for (i = 1; i <= this->count; i++)
+ {
+ if (this->active & SEGMENTS_BIT(i))
+ {
+ if (first)
+ {
+ first = FALSE;
+ }
+ else
+ {
+ pos += snprintf(pos, buf + sizeof(buf) - pos, ",");
+ }
+ pos += snprintf(pos, buf + sizeof(buf) - pos, "%d", i);
+ }
+ }
+ DBG1(DBG_CFG, "HA segment %d %sactivated, now active: %s",
+ segment, activated ? "" : "de", buf);
+}
+
+/**
+ * Enable/Disable a specific segment
+ */
+static void enable_disable(private_ha_segments_t *this, u_int segment,
+ bool enable, bool notify)
+{
+ ike_sa_t *ike_sa;
+ enumerator_t *enumerator;
+ ike_sa_state_t old, new;
+ ha_message_t *message = NULL;
+ ha_message_type_t type;
+ bool changes = FALSE;
+
+ if (segment > this->count)
+ {
+ return;
+ }
+
+ if (enable)
+ {
+ old = IKE_PASSIVE;
+ new = IKE_ESTABLISHED;
+ type = HA_SEGMENT_TAKE;
+ if (!(this->active & SEGMENTS_BIT(segment)))
+ {
+ this->active |= SEGMENTS_BIT(segment);
+ this->kernel->activate(this->kernel, segment);
+ changes = TRUE;
+ }
+ }
+ else
+ {
+ old = IKE_ESTABLISHED;
+ new = IKE_PASSIVE;
+ type = HA_SEGMENT_DROP;
+ if (this->active & SEGMENTS_BIT(segment))
+ {
+ this->active &= ~SEGMENTS_BIT(segment);
+ this->kernel->deactivate(this->kernel, segment);
+ changes = TRUE;
+ }
+ }
+
+ if (changes)
+ {
+ enumerator = charon->ike_sa_manager->create_enumerator(charon->ike_sa_manager);
+ while (enumerator->enumerate(enumerator, &ike_sa))
+ {
+ if (ike_sa->get_state(ike_sa) != old)
+ {
+ continue;
+ }
+ if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
+ {
+ continue;
+ }
+ if (this->kernel->in_segment(this->kernel,
+ ike_sa->get_other_host(ike_sa), segment))
+ {
+ ike_sa->set_state(ike_sa, new);
+ }
+ }
+ enumerator->destroy(enumerator);
+ log_segments(this, enable, segment);
+ }
+
+ if (notify)
+ {
+ message = ha_message_create(type);
+ message->add_attribute(message, HA_SEGMENT, segment);
+ this->socket->push(this->socket, message);
+ }
+}
+
+/**
+ * Enable/Disable all or a specific segment, do locking
+ */
+static void enable_disable_all(private_ha_segments_t *this, u_int segment,
+ bool enable, bool notify)
+{
+ int i;
+
+ this->mutex->lock(this->mutex);
+ if (segment == 0)
+ {
+ for (i = 1; i <= this->count; i++)
+ {
+ enable_disable(this, i, enable, notify);
+ }
+ }
+ else
+ {
+ enable_disable(this, segment, enable, notify);
+ }
+ this->mutex->unlock(this->mutex);
+}
+
+/**
+ * Implementation of ha_segments_t.activate
+ */
+static void activate(private_ha_segments_t *this, u_int segment, bool notify)
+{
+ enable_disable_all(this, segment, TRUE, notify);
+}
+
+/**
+ * Implementation of ha_segments_t.deactivate
+ */
+static void deactivate(private_ha_segments_t *this, u_int segment, bool notify)
+{
+ enable_disable_all(this, segment, FALSE, notify);
+}
+
+/**
+ * Rekey all children of an IKE_SA
+ */
+static status_t rekey_children(ike_sa_t *ike_sa)
+{
+ iterator_t *iterator;
+ child_sa_t *child_sa;
+ status_t status = SUCCESS;
+
+ iterator = ike_sa->create_child_sa_iterator(ike_sa);
+ while (iterator->iterate(iterator, (void**)&child_sa))
+ {
+ DBG1(DBG_CFG, "resyncing CHILD_SA");
+ status = ike_sa->rekey_child_sa(ike_sa, child_sa->get_protocol(child_sa),
+ child_sa->get_spi(child_sa, TRUE));
+ if (status == DESTROY_ME)
+ {
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+ return status;
+}
+
+/**
+ * Implementation of ha_segments_t.resync
+ */
+static void resync(private_ha_segments_t *this, u_int segment)
+{
+ ike_sa_t *ike_sa;
+ enumerator_t *enumerator;
+ linked_list_t *list;
+ ike_sa_id_t *id;
+
+ list = linked_list_create();
+ this->mutex->lock(this->mutex);
+
+ if (segment > 0 && segment <= this->count)
+ {
+ DBG1(DBG_CFG, "resyncing HA segment %d", segment);
+
+ /* we do the actual rekeying in a seperate loop to avoid rekeying
+ * an SA twice. */
+ enumerator = charon->ike_sa_manager->create_enumerator(
+ charon->ike_sa_manager);
+ while (enumerator->enumerate(enumerator, &ike_sa))
+ {
+ if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
+ this->kernel->in_segment(this->kernel,
+ ike_sa->get_other_host(ike_sa), segment))
+ {
+ id = ike_sa->get_id(ike_sa);
+ list->insert_last(list, id->clone(id));
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+ this->mutex->unlock(this->mutex);
+
+ while (list->remove_last(list, (void**)&id) == SUCCESS)
+ {
+ ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, id);
+ id->destroy(id);
+ if (ike_sa)
+ {
+ DBG1(DBG_CFG, "resyncing IKE_SA");
+ if (ike_sa->rekey(ike_sa) != DESTROY_ME)
+ {
+ if (rekey_children(ike_sa) != DESTROY_ME)
+ {
+ charon->ike_sa_manager->checkin(
+ charon->ike_sa_manager, ike_sa);
+ continue;
+ }
+ }
+ charon->ike_sa_manager->checkin_and_destroy(
+ charon->ike_sa_manager, ike_sa);
+ }
+ }
+ list->destroy(list);
+}
+
+/**
+ * Implementation of listener_t.alert
+ */
+static bool alert_hook(private_ha_segments_t *this, ike_sa_t *ike_sa,
+ alert_t alert, va_list args)
+{
+ if (alert == ALERT_SHUTDOWN_SIGNAL)
+ {
+ deactivate(this, 0, TRUE);
+ }
+ return TRUE;
+}
+
+/**
+ * Request a resync of all segments
+ */
+static job_requeue_t request_resync(private_ha_segments_t *this)
+{
+ ha_message_t *message;
+ int i;
+
+ message = ha_message_create(HA_RESYNC);
+ for (i = 1; i <= this->count; i++)
+ {
+ message->add_attribute(message, HA_SEGMENT, i);
+ }
+ this->socket->push(this->socket, message);
+ return JOB_REQUEUE_NONE;
+}
+
+/**
+ * Monitor heartbeat activity of remote node
+ */
+static job_requeue_t watchdog(private_ha_segments_t *this)
+{
+ int oldstate;
+ bool timeout;
+
+ this->mutex->lock(this->mutex);
+ pthread_cleanup_push((void*)this->mutex->unlock, this->mutex);
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
+ timeout = this->condvar->timed_wait(this->condvar, this->mutex,
+ HEARTBEAT_TIMEOUT);
+ pthread_setcancelstate(oldstate, NULL);
+ pthread_cleanup_pop(TRUE);
+ if (timeout)
+ {
+ DBG1(DBG_CFG, "no heartbeat received, taking all segments");
+ activate(this, 0, TRUE);
+ /* disable heartbeat detection util we get one */
+ this->job = NULL;
+ return JOB_REQUEUE_NONE;
+ }
+ return JOB_REQUEUE_DIRECT;
+}
+
+/**
+ * Start the heartbeat detection thread
+ */
+static void start_watchdog(private_ha_segments_t *this)
+{
+ this->job = callback_job_create((callback_job_cb_t)watchdog,
+ this, NULL, NULL);
+ charon->processor->queue_job(charon->processor, (job_t*)this->job);
+}
+
+/**
+ * Implementation of ha_segments_t.handle_status
+ */
+static void handle_status(private_ha_segments_t *this, segment_mask_t mask)
+{
+ segment_mask_t missing;
+ int i;
+
+ this->mutex->lock(this->mutex);
+
+ missing = ~(this->active | mask);
+
+ for (i = 1; i <= this->count; i++)
+ {
+ if (missing & SEGMENTS_BIT(i))
+ {
+ if (this->node == i % 2)
+ {
+ DBG1(DBG_CFG, "HA segment %d was not handled, taking", i);
+ enable_disable(this, i, TRUE, TRUE);
+ }
+ else
+ {
+ DBG1(DBG_CFG, "HA segment %d was not handled, dropping", i);
+ enable_disable(this, i, FALSE, TRUE);
+ }
+ }
+ }
+
+ this->mutex->unlock(this->mutex);
+ this->condvar->signal(this->condvar);
+
+ if (!this->job)
+ {
+ DBG1(DBG_CFG, "received heartbeat, reenabling watchdog");
+ start_watchdog(this);
+ }
+}
+
+/**
+ * Send a status message with our active segments
+ */
+static job_requeue_t send_status(private_ha_segments_t *this)
+{
+ ha_message_t *message;
+ int i;
+
+ message = ha_message_create(HA_STATUS);
+
+ for (i = 1; i <= this->count; i++)
+ {
+ if (this->active & SEGMENTS_BIT(i))
+ {
+ message->add_attribute(message, HA_SEGMENT, i);
+ }
+ }
+
+ this->socket->push(this->socket, message);
+
+ /* schedule next invocation */
+ charon->scheduler->schedule_job_ms(charon->scheduler, (job_t*)
+ callback_job_create((callback_job_cb_t)
+ send_status, this, NULL, NULL),
+ HEARTBEAT_DELAY);
+
+ return JOB_REQUEUE_NONE;
+}
+
+/**
+ * Implementation of ha_segments_t.destroy.
+ */
+static void destroy(private_ha_segments_t *this)
+{
+ if (this->job)
+ {
+ this->job->cancel(this->job);
+ }
+ this->mutex->destroy(this->mutex);
+ this->condvar->destroy(this->condvar);
+ free(this);
+}
+
+/**
+ * See header
+ */
+ha_segments_t *ha_segments_create(ha_socket_t *socket, ha_kernel_t *kernel,
+ ha_tunnel_t *tunnel, u_int count, u_int node,
+ bool monitor, bool sync)
+{
+ private_ha_segments_t *this = malloc_thing(private_ha_segments_t);
+
+ memset(&this->public.listener, 0, sizeof(listener_t));
+ this->public.listener.alert = (bool(*)(listener_t*, ike_sa_t *, alert_t, va_list))alert_hook;
+ this->public.activate = (void(*)(ha_segments_t*, u_int segment,bool))activate;
+ this->public.deactivate = (void(*)(ha_segments_t*, u_int segment,bool))deactivate;
+ this->public.resync = (void(*)(ha_segments_t*, u_int segment))resync;
+ this->public.handle_status = (void(*)(ha_segments_t*, segment_mask_t mask))handle_status;
+ this->public.destroy = (void(*)(ha_segments_t*))destroy;
+
+ this->socket = socket;
+ this->tunnel = tunnel;
+ this->kernel = kernel;
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ this->count = count;
+ this->node = node;
+ this->job = NULL;
+
+ /* initially all segments are deactivated */
+ this->active = 0;
+
+ if (monitor)
+ {
+ send_status(this);
+ start_watchdog(this);
+ }
+
+ if (sync)
+ {
+ /* request a resync as soon as we are up */
+ charon->processor->queue_job(charon->processor, (job_t*)
+ callback_job_create((callback_job_cb_t)request_resync,
+ this, NULL, NULL));
+ }
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_segments.h b/src/libcharon/plugins/ha/ha_segments.h
new file mode 100644
index 000000000..6d1cd5441
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_segments.h
@@ -0,0 +1,111 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_segments ha_segments
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_SEGMENTS_H_
+#define HA_SEGMENTS_H_
+
+#include <daemon.h>
+
+typedef struct ha_segments_t ha_segments_t;
+
+typedef u_int16_t segment_mask_t;
+
+/**
+ * maximum number of segments
+ */
+#define SEGMENTS_MAX (sizeof(segment_mask_t)*8)
+
+/**
+ * Get the bit in the mask of a segment
+ */
+#define SEGMENTS_BIT(segment) (0x01 << (segment - 1))
+
+#include "ha_socket.h"
+#include "ha_tunnel.h"
+#include "ha_kernel.h"
+
+/**
+ * Segmentation of peers into active and passive.
+ */
+struct ha_segments_t {
+
+ /**
+ * Implements listener interface to catch daemon shutdown.
+ */
+ listener_t listener;
+
+ /**
+ * Activate a set of IKE_SAs identified by a segment.
+ *
+ * @param segment numerical segment to takeover, 0 for all
+ * @param notify wheter to notify other nodes about activation
+ */
+ void (*activate)(ha_segments_t *this, u_int segment, bool notify);
+
+ /**
+ * Deactivate a set of IKE_SAs identified by a segment.
+ *
+ * @param segment numerical segment to takeover, 0 for all
+ * @param notify wheter to notify other nodes about deactivation
+ */
+ void (*deactivate)(ha_segments_t *this, u_int segment, bool notify);
+
+ /**
+ * Resync an active segment.
+ *
+ * To reintegrade a node into the cluster, resynchronization is reqired.
+ * IKE_SAs and CHILD_SAs are synced automatically during rekeying. A call
+ * to this method enforces a rekeying immediately sync all state of a
+ * segment.
+ *
+ * @param segment segment to resync
+ */
+ void (*resync)(ha_segments_t *this, u_int segment);
+
+ /**
+ * Handle a status message from the remote node.
+ *
+ * @param mask segments the remote node is serving actively
+ */
+ void (*handle_status)(ha_segments_t *this, segment_mask_t mask);
+
+ /**
+ * Destroy a ha_segments_t.
+ */
+ void (*destroy)(ha_segments_t *this);
+};
+
+/**
+ * Create a ha_segments instance.
+ *
+ * @param socket socket to communicate segment (de-)activation
+ * @param kernel interface to control segments at kernel level
+ * @param tunnel HA tunnel
+ * @param count number of segments the cluster uses
+ * @param node node, currently 1 or 0
+ * @param monitor should we use monitoring functionality
+ * @param resync request a complete resync on startup
+ * @return segment object
+ */
+ha_segments_t *ha_segments_create(ha_socket_t *socket, ha_kernel_t *kernel,
+ ha_tunnel_t *tunnel, u_int count, u_int node,
+ bool monitor, bool resync);
+
+#endif /* HA_SEGMENTS_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_socket.c b/src/libcharon/plugins/ha/ha_socket.c
new file mode 100644
index 000000000..b84b02868
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_socket.c
@@ -0,0 +1,234 @@
+/*
+ * Copyright (C) 2008-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_socket.h"
+#include "ha_plugin.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <errno.h>
+#include <unistd.h>
+#include <pthread.h>
+
+#include <daemon.h>
+#include <utils/host.h>
+#include <processing/jobs/callback_job.h>
+
+typedef struct private_ha_socket_t private_ha_socket_t;
+
+/**
+ * Private data of an ha_socket_t object.
+ */
+struct private_ha_socket_t {
+
+ /**
+ * Public ha_socket_t interface.
+ */
+ ha_socket_t public;
+
+ /**
+ * UDP communication socket fd
+ */
+ int fd;
+
+ /**
+ * local host to receive/send from
+ */
+ host_t *local;
+
+ /**
+ * remote host to receive/send to
+ */
+ host_t *remote;
+};
+
+/**
+ * Data to pass to the send_message() callback job
+ */
+typedef struct {
+ ha_message_t *message;
+ private_ha_socket_t *this;
+} job_data_t;
+
+/**
+ * Cleanup job data
+ */
+static void job_data_destroy(job_data_t *this)
+{
+ this->message->destroy(this->message);
+ free(this);
+}
+
+/**
+ * Callback to asynchronously send messages
+ */
+static job_requeue_t send_message(job_data_t *data)
+{
+ private_ha_socket_t *this;
+ chunk_t chunk;
+
+ this = data->this;
+ chunk = data->message->get_encoding(data->message);
+ if (send(this->fd, chunk.ptr, chunk.len, 0) < chunk.len)
+ {
+ DBG1(DBG_CFG, "pushing HA message failed: %s", strerror(errno));
+ }
+ return JOB_REQUEUE_NONE;
+}
+
+/**
+ * Implementation of ha_socket_t.push
+ */
+static void push(private_ha_socket_t *this, ha_message_t *message)
+{
+ chunk_t chunk;
+
+ /* Try to send synchronously, but non-blocking. */
+ chunk = message->get_encoding(message);
+ if (send(this->fd, chunk.ptr, chunk.len, MSG_DONTWAIT) < chunk.len)
+ {
+ if (errno == EAGAIN)
+ {
+ callback_job_t *job;
+ job_data_t *data;
+
+ /* Fallback to asynchronous transmission. This is required, as sendto()
+ * is a blocking call if it acquires a policy. We could end up in a
+ * deadlock, as we own an IKE_SA. */
+ data = malloc_thing(job_data_t);
+ data->message = message;
+ data->this = this;
+
+ job = callback_job_create((callback_job_cb_t)send_message,
+ data, (void*)job_data_destroy, NULL);
+ charon->processor->queue_job(charon->processor, (job_t*)job);
+ return;
+ }
+ DBG1(DBG_CFG, "pushing HA message failed: %s", strerror(errno));
+ }
+ message->destroy(message);
+}
+
+/**
+ * Implementation of ha_socket_t.pull
+ */
+static ha_message_t *pull(private_ha_socket_t *this)
+{
+ while (TRUE)
+ {
+ ha_message_t *message;
+ char buf[1024];
+ int oldstate;
+ ssize_t len;
+
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
+ len = recv(this->fd, buf, sizeof(buf), 0);
+ pthread_setcancelstate(oldstate, NULL);
+ if (len <= 0)
+ {
+ switch (errno)
+ {
+ case ECONNREFUSED:
+ case EINTR:
+ continue;
+ default:
+ DBG1(DBG_CFG, "pulling HA message failed: %s",
+ strerror(errno));
+ sleep(1);
+ }
+ }
+ message = ha_message_parse(chunk_create(buf, len));
+ if (message)
+ {
+ return message;
+ }
+ }
+}
+
+/**
+ * Open and connect the HA socket
+ */
+static bool open_socket(private_ha_socket_t *this)
+{
+ this->fd = socket(this->local->get_family(this->local), SOCK_DGRAM, 0);
+ if (this->fd == -1)
+ {
+ DBG1(DBG_CFG, "opening HA socket failed: %s", strerror(errno));
+ return FALSE;
+ }
+
+ if (bind(this->fd, this->local->get_sockaddr(this->local),
+ *this->local->get_sockaddr_len(this->local)) == -1)
+ {
+ DBG1(DBG_CFG, "binding HA socket failed: %s", strerror(errno));
+ close(this->fd);
+ this->fd = -1;
+ return FALSE;
+ }
+ if (connect(this->fd, this->remote->get_sockaddr(this->remote),
+ *this->remote->get_sockaddr_len(this->remote)) == -1)
+ {
+ DBG1(DBG_CFG, "connecting HA socket failed: %s", strerror(errno));
+ close(this->fd);
+ this->fd = -1;
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ * Implementation of ha_socket_t.destroy.
+ */
+static void destroy(private_ha_socket_t *this)
+{
+ if (this->fd != -1)
+ {
+ close(this->fd);
+ }
+ DESTROY_IF(this->local);
+ DESTROY_IF(this->remote);
+ free(this);
+}
+
+/**
+ * See header
+ */
+ha_socket_t *ha_socket_create(char *local, char *remote)
+{
+ private_ha_socket_t *this = malloc_thing(private_ha_socket_t);
+
+ this->public.push = (void(*)(ha_socket_t*, ha_message_t*))push;
+ this->public.pull = (ha_message_t*(*)(ha_socket_t*))pull;
+ this->public.destroy = (void(*)(ha_socket_t*))destroy;
+
+ this->local = host_create_from_dns(local, 0, HA_PORT);
+ this->remote = host_create_from_dns(remote, 0, HA_PORT);
+ this->fd = -1;
+
+ if (!this->local || !this->remote)
+ {
+ DBG1(DBG_CFG, "invalid local/remote HA address");
+ destroy(this);
+ return NULL;
+ }
+ if (!open_socket(this))
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_socket.h b/src/libcharon/plugins/ha/ha_socket.h
new file mode 100644
index 000000000..8d398e22b
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_socket.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_socket ha_socket
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_SOCKET_H_
+#define HA_SOCKET_H_
+
+#include "ha_message.h"
+
+#include <sa/ike_sa.h>
+
+typedef struct ha_socket_t ha_socket_t;
+
+/**
+ * Socket to send/received SA synchronization data
+ */
+struct ha_socket_t {
+
+ /**
+ * Push synchronization information to the responsible node.
+ *
+ * @param message message to send, gets destroyed by push()
+ */
+ void (*push)(ha_socket_t *this, ha_message_t *message);
+
+ /**
+ * Pull synchronization information from a peer we are responsible.
+ *
+ * @return received message
+ */
+ ha_message_t *(*pull)(ha_socket_t *this);
+
+ /**
+ * Destroy a ha_socket_t.
+ */
+ void (*destroy)(ha_socket_t *this);
+};
+
+/**
+ * Create a ha_socket instance.
+ */
+ha_socket_t *ha_socket_create(char *local, char *remote);
+
+#endif /* HA_SOCKET_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c
new file mode 100644
index 000000000..b3511e5f0
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_tunnel.c
@@ -0,0 +1,298 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_tunnel.h"
+#include "ha_plugin.h"
+
+#include <daemon.h>
+#include <utils/identification.h>
+#include <processing/jobs/callback_job.h>
+
+typedef struct private_ha_tunnel_t private_ha_tunnel_t;
+typedef struct ha_backend_t ha_backend_t;
+typedef struct ha_creds_t ha_creds_t;
+
+/**
+ * Serves credentials for the HA SA
+ */
+struct ha_creds_t {
+
+ /**
+ * Implements credential_set_t
+ */
+ credential_set_t public;
+
+ /**
+ * own identity
+ */
+ identification_t *local;
+
+ /**
+ * peer identity
+ */
+ identification_t *remote;
+
+ /**
+ * Shared key to serve
+ */
+ shared_key_t *key;
+};
+
+/**
+ * Serves configurations for the HA SA
+ */
+struct ha_backend_t {
+
+ /**
+ * Implements backend_t
+ */
+ backend_t public;
+
+ /**
+ * peer config we serve
+ */
+ peer_cfg_t *cfg;
+};
+
+/**
+ * Private data of an ha_tunnel_t object.
+ */
+struct private_ha_tunnel_t {
+
+ /**
+ * Public ha_tunnel_t interface.
+ */
+ ha_tunnel_t public;
+
+ /**
+ * Reqid of installed trap
+ */
+ u_int32_t trap;
+
+ /**
+ * backend for HA SA
+ */
+ ha_backend_t backend;
+
+ /**
+ * credential set for HA SA
+ */
+ ha_creds_t creds;
+};
+
+/**
+ * Implementation of ha_tunnel_t.is_sa
+ */
+static bool is_sa(private_ha_tunnel_t *this, ike_sa_t *ike_sa)
+{
+ peer_cfg_t *cfg = this->backend.cfg;
+
+ return cfg && ike_sa->get_ike_cfg(ike_sa) == cfg->get_ike_cfg(cfg);
+}
+
+/**
+ * Enumerator over HA shared_key
+ */
+typedef struct {
+ /** Implements enumerator_t */
+ enumerator_t public;
+ /** a single secret we serve */
+ shared_key_t *key;
+} shared_enum_t;
+
+/**
+ * Implementation of shared_enum_t.enumerate
+ */
+static bool shared_enumerate(shared_enum_t *this, shared_key_t **key,
+ id_match_t *me, id_match_t *other)
+{
+ if (this->key)
+ {
+ if (me)
+ {
+ *me = ID_MATCH_PERFECT;
+ }
+ if (other)
+ {
+ *other = ID_MATCH_PERFECT;
+ }
+ *key = this->key;
+ this->key = NULL;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * Implements ha_creds_t.create_shared_enumerator
+ */
+static enumerator_t* create_shared_enumerator(ha_creds_t *this,
+ shared_key_type_t type, identification_t *me,
+ identification_t *other)
+{
+ shared_enum_t *enumerator;
+
+ if (type != SHARED_IKE && type != SHARED_ANY)
+ {
+ return NULL;
+ }
+ if (me && !me->equals(me, this->local))
+ {
+ return NULL;
+ }
+ if (other && !other->equals(other, this->remote))
+ {
+ return NULL;
+ }
+
+ enumerator = malloc_thing(shared_enum_t);
+ enumerator->public.enumerate = (void*)shared_enumerate;
+ enumerator->public.destroy = (void*)free;
+ enumerator->key = this->key;
+
+ return &enumerator->public;
+}
+
+/**
+ * Implementation of backend_t.create_peer_cfg_enumerator.
+ */
+static enumerator_t* create_peer_cfg_enumerator(ha_backend_t *this,
+ identification_t *me, identification_t *other)
+{
+ return enumerator_create_single(this->cfg, NULL);
+}
+
+/**
+ * Implementation of backend_t.create_ike_cfg_enumerator.
+ */
+static enumerator_t* create_ike_cfg_enumerator(ha_backend_t *this,
+ host_t *me, host_t *other)
+{
+ return enumerator_create_single(this->cfg->get_ike_cfg(this->cfg), NULL);
+}
+
+/**
+ * Install configs and a a trap for secured HA message exchange
+ */
+static void setup_tunnel(private_ha_tunnel_t *this,
+ char *local, char *remote, char *secret)
+{
+ peer_cfg_t *peer_cfg;
+ ike_cfg_t *ike_cfg;
+ auth_cfg_t *auth_cfg;
+ child_cfg_t *child_cfg;
+ traffic_selector_t *ts;
+ lifetime_cfg_t lifetime = {
+ .time = {
+ .life = 21600, .rekey = 20400, .jitter = 400,
+ },
+ };
+
+ /* setup credentials */
+ this->creds.local = identification_create_from_string(local);
+ this->creds.remote = identification_create_from_string(remote);
+ this->creds.key = shared_key_create(SHARED_IKE,
+ chunk_clone(chunk_create(secret, strlen(secret))));
+ this->creds.public.create_private_enumerator = (void*)return_null;
+ this->creds.public.create_cert_enumerator = (void*)return_null;
+ this->creds.public.create_shared_enumerator = (void*)create_shared_enumerator;
+ this->creds.public.create_cdp_enumerator = (void*)return_null;
+ this->creds.public.cache_cert = (void*)nop;
+
+ charon->credentials->add_set(charon->credentials, &this->creds.public);
+
+ /* create config and backend */
+ ike_cfg = ike_cfg_create(FALSE, FALSE, local, IKEV2_UDP_PORT,
+ remote, IKEV2_UDP_PORT);
+ ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+ peer_cfg = peer_cfg_create("ha", 2, ike_cfg, CERT_NEVER_SEND,
+ UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, 30,
+ NULL, NULL, FALSE, NULL, NULL);
+
+ auth_cfg = auth_cfg_create();
+ auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
+ auth_cfg->add(auth_cfg, AUTH_RULE_IDENTITY,
+ identification_create_from_string(local));
+ peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, TRUE);
+
+ auth_cfg = auth_cfg_create();
+ auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
+ auth_cfg->add(auth_cfg, AUTH_RULE_IDENTITY,
+ identification_create_from_string(remote));
+ peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE);
+
+ child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE,
+ MODE_TRANSPORT, ACTION_NONE, ACTION_NONE, FALSE, 0);
+ ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
+ child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
+ ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
+ child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
+ ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
+ child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
+ ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
+ child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
+ child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+ peer_cfg->add_child_cfg(peer_cfg, child_cfg);
+
+ this->backend.cfg = peer_cfg;
+ this->backend.public.create_peer_cfg_enumerator = (void*)create_peer_cfg_enumerator;
+ this->backend.public.create_ike_cfg_enumerator = (void*)create_ike_cfg_enumerator;
+ this->backend.public.get_peer_cfg_by_name = (void*)return_null;
+
+ charon->backends->add_backend(charon->backends, &this->backend.public);
+
+ /* install an acquiring trap */
+ this->trap = charon->traps->install(charon->traps, peer_cfg, child_cfg);
+}
+
+/**
+ * Implementation of ha_tunnel_t.destroy.
+ */
+static void destroy(private_ha_tunnel_t *this)
+{
+ if (this->backend.cfg)
+ {
+ charon->backends->remove_backend(charon->backends, &this->backend.public);
+ this->backend.cfg->destroy(this->backend.cfg);
+ }
+ if (this->creds.key)
+ {
+ charon->credentials->remove_set(charon->credentials, &this->creds.public);
+ this->creds.key->destroy(this->creds.key);
+ }
+ this->creds.local->destroy(this->creds.local);
+ this->creds.remote->destroy(this->creds.remote);
+ if (this->trap)
+ {
+ charon->traps->uninstall(charon->traps, this->trap);
+ }
+ free(this);
+}
+
+/**
+ * See header
+ */
+ha_tunnel_t *ha_tunnel_create(char *local, char *remote, char *secret)
+{
+ private_ha_tunnel_t *this = malloc_thing(private_ha_tunnel_t);
+
+ this->public.is_sa = (bool(*)(ha_tunnel_t*, ike_sa_t *ike_sa))is_sa;
+ this->public.destroy = (void(*)(ha_tunnel_t*))destroy;
+
+ setup_tunnel(this, local, remote, secret);
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_tunnel.h b/src/libcharon/plugins/ha/ha_tunnel.h
new file mode 100644
index 000000000..085fb6122
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_tunnel.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_ ha_tunnel
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_TUNNEL_H_
+#define HA_TUNNEL_H_
+
+#include <sa/ike_sa.h>
+
+typedef struct ha_tunnel_t ha_tunnel_t;
+
+/**
+ * Socket to send/received SA synchronization data
+ */
+struct ha_tunnel_t {
+
+ /**
+ * Check if an IKE_SA is used for exchanging HA messages.
+ *
+ * @param ike_Sa ike_sa to check
+ * @return TRUE if IKE_SA is used to secure HA messages
+ */
+ bool (*is_sa)(ha_tunnel_t *this, ike_sa_t *ike_sa);
+
+ /**
+ * Destroy a ha_tunnel_t.
+ */
+ void (*destroy)(ha_tunnel_t *this);
+};
+
+/**
+ * Create a ha_tunnel instance.
+ *
+ * @param local local address of HA tunnel
+ * @param remote remote address of HA tunnel
+ * @param secret PSK tunnel authentication secret
+ * @return HA tunnel instance
+ */
+ha_tunnel_t *ha_tunnel_create(char *local, char *remote, char *secret);
+
+#endif /* HA_TUNNEL_H_ @}*/
diff --git a/src/libcharon/plugins/kernel_klips/Makefile.am b/src/libcharon/plugins/kernel_klips/Makefile.am
new file mode 100644
index 000000000..540bbe106
--- /dev/null
+++ b/src/libcharon/plugins/kernel_klips/Makefile.am
@@ -0,0 +1,17 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-kernel-klips.la
+else
+plugin_LTLIBRARIES = libstrongswan-kernel-klips.la
+endif
+
+libstrongswan_kernel_klips_la_SOURCES = \
+ kernel_klips_plugin.h kernel_klips_plugin.c \
+ kernel_klips_ipsec.h kernel_klips_ipsec.c pfkeyv2.h
+
+libstrongswan_kernel_klips_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/kernel_klips/Makefile.in b/src/libcharon/plugins/kernel_klips/Makefile.in
index bf194ae16..f0d112a0f 100644
--- a/src/charon/plugins/kernel_klips/Makefile.in
+++ b/src/libcharon/plugins/kernel_klips/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/kernel_klips
+subdir = src/libcharon/plugins/kernel_klips
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_kernel_klips_la_LIBADD =
am_libstrongswan_kernel_klips_la_OBJECTS = kernel_klips_plugin.lo \
kernel_klips_ipsec.lo
@@ -82,6 +82,9 @@ libstrongswan_kernel_klips_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_kernel_klips_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_kernel_klips_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_kernel_klips_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,10 +258,14 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-kernel-klips.la
-libstrongswan_kernel_klips_la_SOURCES = kernel_klips_plugin.h kernel_klips_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-klips.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-klips.la
+libstrongswan_kernel_klips_la_SOURCES = \
+ kernel_klips_plugin.h kernel_klips_plugin.c \
kernel_klips_ipsec.h kernel_klips_ipsec.c pfkeyv2.h
libstrongswan_kernel_klips_la_LDFLAGS = -module -avoid-version
@@ -274,9 +282,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_klips/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_klips/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/kernel_klips/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_klips/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -295,6 +303,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +344,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-kernel-klips.la: $(libstrongswan_kernel_klips_la_OBJECTS) $(libstrongswan_kernel_klips_la_DEPENDENCIES)
- $(libstrongswan_kernel_klips_la_LINK) -rpath $(plugindir) $(libstrongswan_kernel_klips_la_OBJECTS) $(libstrongswan_kernel_klips_la_LIBADD) $(LIBS)
+ $(libstrongswan_kernel_klips_la_LINK) $(am_libstrongswan_kernel_klips_la_rpath) $(libstrongswan_kernel_klips_la_OBJECTS) $(libstrongswan_kernel_klips_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -481,8 +498,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -553,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c
index fea1b83a1..01df4f71a 100644
--- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -1532,13 +1532,9 @@ static void schedule_expire(private_kernel_klips_ipsec_t *this,
charon->scheduler->schedule_job(charon->scheduler, (job_t*)job, time);
}
-/**
- * Implementation of kernel_interface_t.get_spi.
- */
-static status_t get_spi(private_kernel_klips_ipsec_t *this,
- host_t *src, host_t *dst,
- protocol_id_t protocol, u_int32_t reqid,
- u_int32_t *spi)
+METHOD(kernel_ipsec_t, get_spi, status_t,
+ private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
+ protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
{
/* we cannot use SADB_GETSPI because KLIPS does not allow us to set the
* NAT-T type in an SADB_UPDATE which we would have to use to update the
@@ -1573,12 +1569,9 @@ static status_t get_spi(private_kernel_klips_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.get_cpi.
- */
-static status_t get_cpi(private_kernel_klips_ipsec_t *this,
- host_t *src, host_t *dst,
- u_int32_t reqid, u_int16_t *cpi)
+METHOD(kernel_ipsec_t, get_cpi, status_t,
+ private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
+ u_int32_t reqid, u_int16_t *cpi)
{
return FAILED;
}
@@ -1695,18 +1688,12 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.add_sa.
- */
-static status_t add_sa(private_kernel_klips_ipsec_t *this,
- host_t *src, host_t *dst, u_int32_t spi,
- protocol_id_t protocol, u_int32_t reqid,
- lifetime_cfg_t *lifetime,
- u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key,
- ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- bool encap, bool inbound, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts)
+METHOD(kernel_ipsec_t, add_sa, status_t,
+ private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi,
+ protocol_id_t protocol, u_int32_t reqid, lifetime_cfg_t *lifetime,
+ u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key,
+ ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap,
+ bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1859,14 +1846,10 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.update_sa.
- */
-static status_t update_sa(private_kernel_klips_ipsec_t *this,
- u_int32_t spi, protocol_id_t protocol, u_int16_t cpi,
- host_t *src, host_t *dst,
- host_t *new_src, host_t *new_dst,
- bool encap, bool new_encap)
+METHOD(kernel_ipsec_t, update_sa, status_t,
+ private_kernel_klips_ipsec_t *this, u_int32_t spi, protocol_id_t protocol,
+ u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
+ bool encap, bool new_encap)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1935,22 +1918,16 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.query_sa.
- */
-static status_t query_sa(private_kernel_klips_ipsec_t *this, host_t *src,
- host_t *dst, u_int32_t spi, protocol_id_t protocol,
- u_int64_t *bytes)
+METHOD(kernel_ipsec_t, query_sa, status_t,
+ private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes)
{
return NOT_SUPPORTED; /* TODO */
}
-/**
- * Implementation of kernel_interface_t.del_sa.
- */
-static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src,
- host_t *dst, u_int32_t spi, protocol_id_t protocol,
- u_int16_t cpi)
+METHOD(kernel_ipsec_t, del_sa, status_t,
+ private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, protocol_id_t protocol, u_int16_t cpi)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -2011,17 +1988,12 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.add_policy.
- */
-static status_t add_policy(private_kernel_klips_ipsec_t *this,
- host_t *src, host_t *dst,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, u_int32_t spi,
- protocol_id_t protocol, u_int32_t reqid,
- ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- bool routed)
+METHOD(kernel_ipsec_t, add_policy, status_t,
+ private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+ u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
+ bool routed)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -2236,13 +2208,9 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.query_policy.
- */
-static status_t query_policy(private_kernel_klips_ipsec_t *this,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, u_int32_t *use_time)
+METHOD(kernel_ipsec_t, query_policy, status_t,
+ private_kernel_klips_ipsec_t *this, traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time)
{
#define IDLE_PREFIX "idle="
static const char *path_eroute = "/proc/net/ipsec_eroute";
@@ -2395,13 +2363,9 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this,
return status;
}
-/**
- * Implementation of kernel_interface_t.del_policy.
- */
-static status_t del_policy(private_kernel_klips_ipsec_t *this,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, bool unrouted)
+METHOD(kernel_ipsec_t, del_policy, status_t,
+ private_kernel_klips_ipsec_t *this, traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg = (struct sadb_msg*)request, *out;
@@ -2592,14 +2556,28 @@ static status_t register_pfkey_socket(private_kernel_klips_ipsec_t *this, u_int8
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.destroy.
- */
-static void destroy(private_kernel_klips_ipsec_t *this)
+METHOD(kernel_ipsec_t, bypass_socket, bool,
+ private_kernel_klips_ipsec_t *this, int fd, int family)
{
- this->job->cancel(this->job);
- close(this->socket);
- close(this->socket_events);
+ /* KLIPS does not need a bypass policy for IKE */
+ return TRUE;
+}
+
+METHOD(kernel_ipsec_t, destroy, void,
+ private_kernel_klips_ipsec_t *this)
+{
+ if (this->job)
+ {
+ this->job->cancel(this->job);
+ }
+ if (this->socket > 0)
+ {
+ close(this->socket);
+ }
+ if (this->socket_evnets > 0)
+ {
+ close(this->socket_events);
+ }
this->mutex_pfkey->destroy(this->mutex_pfkey);
this->mutex->destroy(this->mutex);
this->ipsec_devices->destroy_function(this->ipsec_devices, (void*)ipsec_dev_destroy);
@@ -2614,30 +2592,31 @@ static void destroy(private_kernel_klips_ipsec_t *this)
*/
kernel_klips_ipsec_t *kernel_klips_ipsec_create()
{
- private_kernel_klips_ipsec_t *this = malloc_thing(private_kernel_klips_ipsec_t);
-
- /* public functions */
- this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
- this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
- this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa;
- this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
- this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
- this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
- this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
- this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
- this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy;
-
- this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy;
-
- /* private members */
- this->policies = linked_list_create();
- this->allocated_spis = linked_list_create();
- this->installed_sas = linked_list_create();
- this->ipsec_devices = linked_list_create();
- this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
- this->mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT);
- this->install_routes = lib->settings->get_bool(lib->settings, "charon.install_routes", TRUE);
- this->seq = 0;
+ private_kernel_klips_ipsec_t *this;
+
+ INIT(this,
+ .public.interface = {
+ .get_spi = _get_spi,
+ .get_cpi = _get_cpi,
+ .add_sa = _add_sa,
+ .update_sa = _update_sa,
+ .query_sa = _query_sa,
+ .del_sa = _del_sa,
+ .add_policy = _add_policy,
+ .query_policy = _query_policy,
+ .del_policy = _del_policy,
+ .bypass_socket = _bypass_socket,
+ .destroy = _destroy,
+ },
+ .policies = linked_list_create(),
+ .allocated_spis = linked_list_create(),
+ .installed_sas = linked_list_create(),
+ .ipsec_devices = linked_list_create(),
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT),
+ .install_routes = lib->settings->get_bool(lib->settings,
+ "charon.install_routes", TRUE),
+ );
/* initialize ipsec devices */
init_ipsec_devices(this);
@@ -2646,21 +2625,27 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create()
this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
if (this->socket <= 0)
{
- charon->kill(charon, "unable to create PF_KEY socket");
+ DBG1(DBG_KNL, "unable to create PF_KEY socket");
+ destroy(this);
+ return NULL;
}
/* create a PF_KEY socket for ACQUIRE & EXPIRE */
this->socket_events = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
if (this->socket_events <= 0)
{
- charon->kill(charon, "unable to create PF_KEY event socket");
+ DBG1(DBG_KNL, "unable to create PF_KEY event socket");
+ destroy(this);
+ return NULL;
}
/* register the event socket */
if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS ||
register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS)
{
- charon->kill(charon, "unable to register PF_KEY event socket");
+ DBG1(DBG_KNL, "unable to register PF_KEY event socket");
+ destroy(this);
+ return NULL;
}
this->job = callback_job_create((callback_job_cb_t)receive_events,
@@ -2669,3 +2654,4 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create()
return &this->public;
}
+
diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.h
index 306ec0ada..306ec0ada 100644
--- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h
+++ b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.h
diff --git a/src/charon/plugins/kernel_klips/kernel_klips_plugin.c b/src/libcharon/plugins/kernel_klips/kernel_klips_plugin.c
index b0117c10c..fa5e9eb29 100644
--- a/src/charon/plugins/kernel_klips/kernel_klips_plugin.c
+++ b/src/libcharon/plugins/kernel_klips/kernel_klips_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_kernel_klips_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *kernel_klips_plugin_create()
{
private_kernel_klips_plugin_t *this = malloc_thing(private_kernel_klips_plugin_t);
diff --git a/src/charon/plugins/kernel_klips/kernel_klips_plugin.h b/src/libcharon/plugins/kernel_klips/kernel_klips_plugin.h
index 123550bf5..6086217ad 100644
--- a/src/charon/plugins/kernel_klips/kernel_klips_plugin.h
+++ b/src/libcharon/plugins/kernel_klips/kernel_klips_plugin.h
@@ -39,9 +39,4 @@ struct kernel_klips_plugin_t {
plugin_t plugin;
};
-/**
- * Create a kernel_klips_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** KERNEL_KLIPS_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/kernel_klips/pfkeyv2.h b/src/libcharon/plugins/kernel_klips/pfkeyv2.h
index 20d1c298d..20d1c298d 100644
--- a/src/charon/plugins/kernel_klips/pfkeyv2.h
+++ b/src/libcharon/plugins/kernel_klips/pfkeyv2.h
diff --git a/src/charon/plugins/kernel_netlink/Makefile.am b/src/libcharon/plugins/kernel_netlink/Makefile.am
index 31d9c6d5c..2bb00ec0d 100644
--- a/src/charon/plugins/kernel_netlink/Makefile.am
+++ b/src/libcharon/plugins/kernel_netlink/Makefile.am
@@ -1,13 +1,20 @@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
AM_CFLAGS = -rdynamic \
-DROUTING_TABLE=${routing_table} \
-DROUTING_TABLE_PRIO=${routing_table_prio}
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-kernel-netlink.la
+else
plugin_LTLIBRARIES = libstrongswan-kernel-netlink.la
+endif
-libstrongswan_kernel_netlink_la_SOURCES = kernel_netlink_plugin.h kernel_netlink_plugin.c \
+libstrongswan_kernel_netlink_la_SOURCES = \
+ kernel_netlink_plugin.h kernel_netlink_plugin.c \
kernel_netlink_ipsec.h kernel_netlink_ipsec.c kernel_netlink_net.h kernel_netlink_net.c \
kernel_netlink_shared.h kernel_netlink_shared.c
+
libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in
index 09be50587..8c9965467 100644
--- a/src/charon/plugins/kernel_netlink/Makefile.in
+++ b/src/libcharon/plugins/kernel_netlink/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/kernel_netlink
+subdir = src/libcharon/plugins/kernel_netlink
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_kernel_netlink_la_LIBADD =
am_libstrongswan_kernel_netlink_la_OBJECTS = kernel_netlink_plugin.lo \
kernel_netlink_ipsec.lo kernel_netlink_net.lo \
@@ -83,6 +83,9 @@ libstrongswan_kernel_netlink_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_kernel_netlink_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_kernel_netlink_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_kernel_netlink_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -221,6 +224,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -255,13 +259,17 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic \
-DROUTING_TABLE=${routing_table} \
-DROUTING_TABLE_PRIO=${routing_table_prio}
-plugin_LTLIBRARIES = libstrongswan-kernel-netlink.la
-libstrongswan_kernel_netlink_la_SOURCES = kernel_netlink_plugin.h kernel_netlink_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-netlink.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-netlink.la
+libstrongswan_kernel_netlink_la_SOURCES = \
+ kernel_netlink_plugin.h kernel_netlink_plugin.c \
kernel_netlink_ipsec.h kernel_netlink_ipsec.c kernel_netlink_net.h kernel_netlink_net.c \
kernel_netlink_shared.h kernel_netlink_shared.c
@@ -279,9 +287,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_netlink/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_netlink/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/kernel_netlink/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_netlink/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -300,6 +308,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -332,7 +349,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-kernel-netlink.la: $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_DEPENDENCIES)
- $(libstrongswan_kernel_netlink_la_LINK) -rpath $(plugindir) $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_LIBADD) $(LIBS)
+ $(libstrongswan_kernel_netlink_la_LINK) $(am_libstrongswan_kernel_netlink_la_rpath) $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -488,8 +505,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -560,18 +577,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 850876b9d..1b8c1b879 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -181,7 +181,7 @@ static kernel_algorithm_t encryption_algs[] = {
{ENCR_AES_GCM_ICV8, "rfc4106(gcm(aes))" },
{ENCR_AES_GCM_ICV12, "rfc4106(gcm(aes))" },
{ENCR_AES_GCM_ICV16, "rfc4106(gcm(aes))" },
-/* {ENCR_NULL_AUTH_AES_GMAC, "***" }, */
+ {ENCR_NULL_AUTH_AES_GMAC, "rfc4543(gcm(aes))" },
{ENCR_CAMELLIA_CBC, "cbc(camellia)" },
/* {ENCR_CAMELLIA_CTR, "***" }, */
/* {ENCR_CAMELLIA_CCM_ICV8, "***" }, */
@@ -875,13 +875,9 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.get_spi.
- */
-static status_t get_spi(private_kernel_netlink_ipsec_t *this,
- host_t *src, host_t *dst,
- protocol_id_t protocol, u_int32_t reqid,
- u_int32_t *spi)
+METHOD(kernel_ipsec_t, get_spi, status_t,
+ private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
+ protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
{
DBG2(DBG_KNL, "getting SPI for reqid {%u}", reqid);
@@ -897,12 +893,9 @@ static status_t get_spi(private_kernel_netlink_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.get_cpi.
- */
-static status_t get_cpi(private_kernel_netlink_ipsec_t *this,
- host_t *src, host_t *dst,
- u_int32_t reqid, u_int16_t *cpi)
+METHOD(kernel_ipsec_t, get_cpi, status_t,
+ private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
+ u_int32_t reqid, u_int16_t *cpi)
{
u_int32_t received_spi = 0;
@@ -922,18 +915,13 @@ static status_t get_cpi(private_kernel_netlink_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.add_sa.
- */
-static status_t add_sa(private_kernel_netlink_ipsec_t *this,
- host_t *src, host_t *dst, u_int32_t spi,
- protocol_id_t protocol, u_int32_t reqid,
- lifetime_cfg_t *lifetime,
- u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key,
- ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- bool encap, bool inbound,
- traffic_selector_t* src_ts, traffic_selector_t* dst_ts)
+METHOD(kernel_ipsec_t, add_sa, status_t,
+ private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, protocol_id_t protocol, u_int32_t reqid,
+ lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
+ u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
+ u_int16_t cpi, bool encap, bool inbound, traffic_selector_t* src_ts,
+ traffic_selector_t* dst_ts)
{
netlink_buf_t request;
char *alg_name;
@@ -1007,6 +995,7 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this,
break;
case ENCR_AES_CCM_ICV16:
case ENCR_AES_GCM_ICV16:
+ case ENCR_NULL_AUTH_AES_GMAC:
case ENCR_CAMELLIA_CCM_ICV16:
icv_size += 32;
/* FALL */
@@ -1284,12 +1273,9 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this,
return FAILED;
}
-/**
- * Implementation of kernel_interface_t.query_sa.
- */
-static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src,
- host_t *dst, u_int32_t spi, protocol_id_t protocol,
- u_int64_t *bytes)
+METHOD(kernel_ipsec_t, query_sa, status_t,
+ private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes)
{
netlink_buf_t request;
struct nlmsghdr *out = NULL, *hdr;
@@ -1352,12 +1338,10 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src,
free(out);
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.del_sa.
- */
-static status_t del_sa(private_kernel_netlink_ipsec_t *this, host_t *src,
- host_t *dst, u_int32_t spi, protocol_id_t protocol,
- u_int16_t cpi)
+
+METHOD(kernel_ipsec_t, del_sa, status_t,
+ private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, protocol_id_t protocol, u_int16_t cpi)
{
netlink_buf_t request;
struct nlmsghdr *hdr;
@@ -1393,14 +1377,10 @@ static status_t del_sa(private_kernel_netlink_ipsec_t *this, host_t *src,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.update_sa.
- */
-static status_t update_sa(private_kernel_netlink_ipsec_t *this,
- u_int32_t spi, protocol_id_t protocol, u_int16_t cpi,
- host_t *src, host_t *dst,
- host_t *new_src, host_t *new_dst,
- bool old_encap, bool new_encap)
+METHOD(kernel_ipsec_t, update_sa, status_t,
+ private_kernel_netlink_ipsec_t *this, u_int32_t spi, protocol_id_t protocol,
+ u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
+ bool old_encap, bool new_encap)
{
netlink_buf_t request;
u_char *pos;
@@ -1574,17 +1554,12 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.add_policy.
- */
-static status_t add_policy(private_kernel_netlink_ipsec_t *this,
- host_t *src, host_t *dst,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, u_int32_t spi,
- protocol_id_t protocol, u_int32_t reqid,
- ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- bool routed)
+METHOD(kernel_ipsec_t, add_policy, status_t,
+ private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+ u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
+ bool routed)
{
policy_entry_t *current, *policy;
bool found = FALSE;
@@ -1764,13 +1739,9 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.query_policy.
- */
-static status_t query_policy(private_kernel_netlink_ipsec_t *this,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, u_int32_t *use_time)
+METHOD(kernel_ipsec_t, query_policy, status_t,
+ private_kernel_netlink_ipsec_t *this, traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time)
{
netlink_buf_t request;
struct nlmsghdr *out = NULL, *hdr;
@@ -1843,13 +1814,9 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.del_policy.
- */
-static status_t del_policy(private_kernel_netlink_ipsec_t *this,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, bool unrouted)
+METHOD(kernel_ipsec_t, del_policy, status_t,
+ private_kernel_netlink_ipsec_t *this, traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted)
{
policy_entry_t *current, policy, *to_delete = NULL;
route_entry_t *route;
@@ -1925,17 +1892,62 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.destroy.
- */
-static void destroy(private_kernel_netlink_ipsec_t *this)
+METHOD(kernel_ipsec_t, bypass_socket, bool,
+ private_kernel_netlink_ipsec_t *this, int fd, int family)
+{
+ struct xfrm_userpolicy_info policy;
+ u_int sol, ipsec_policy;
+
+ switch (family)
+ {
+ case AF_INET:
+ sol = SOL_IP;
+ ipsec_policy = IP_XFRM_POLICY;
+ break;
+ case AF_INET6:
+ sol = SOL_IPV6;
+ ipsec_policy = IPV6_XFRM_POLICY;
+ break;
+ default:
+ return FALSE;
+ }
+
+ memset(&policy, 0, sizeof(policy));
+ policy.action = XFRM_POLICY_ALLOW;
+ policy.sel.family = family;
+
+ policy.dir = XFRM_POLICY_OUT;
+ if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+ {
+ DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
+ strerror(errno));
+ return FALSE;
+ }
+ policy.dir = XFRM_POLICY_IN;
+ if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+ {
+ DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
+ strerror(errno));
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(kernel_ipsec_t, destroy, void,
+ private_kernel_netlink_ipsec_t *this)
{
enumerator_t *enumerator;
policy_entry_t *policy;
- this->job->cancel(this->job);
- close(this->socket_xfrm_events);
- this->socket_xfrm->destroy(this->socket_xfrm);
+ if (this->job)
+ {
+ this->job->cancel(this->job);
+ }
+ if (this->socket_xfrm_events > 0)
+ {
+ close(this->socket_xfrm_events);
+ }
+ DESTROY_IF(this->socket_xfrm);
enumerator = this->policies->create_enumerator(this->policies);
while (enumerator->enumerate(enumerator, &policy, &policy))
{
@@ -1947,87 +1959,35 @@ static void destroy(private_kernel_netlink_ipsec_t *this)
free(this);
}
-/**
- * Add bypass policies for IKE on the sockets used by charon
- */
-static bool add_bypass_policies()
-{
- int fd, family, port;
- enumerator_t *sockets;
- bool status = TRUE;
-
- sockets = charon->socket->create_enumerator(charon->socket);
- while (sockets->enumerate(sockets, &fd, &family, &port))
- {
- struct xfrm_userpolicy_info policy;
- u_int sol, ipsec_policy;
-
- switch (family)
- {
- case AF_INET:
- sol = SOL_IP;
- ipsec_policy = IP_XFRM_POLICY;
- break;
- case AF_INET6:
- sol = SOL_IPV6;
- ipsec_policy = IPV6_XFRM_POLICY;
- break;
- default:
- continue;
- }
-
- memset(&policy, 0, sizeof(policy));
- policy.action = XFRM_POLICY_ALLOW;
- policy.sel.family = family;
-
- policy.dir = XFRM_POLICY_OUT;
- if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
- {
- DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
- strerror(errno));
- status = FALSE;
- break;
- }
- policy.dir = XFRM_POLICY_IN;
- if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
- {
- DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
- strerror(errno));
- status = FALSE;
- break;
- }
- }
- sockets->destroy(sockets);
- return status;
-}
-
/*
* Described in header.
*/
kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
{
- private_kernel_netlink_ipsec_t *this = malloc_thing(private_kernel_netlink_ipsec_t);
+ private_kernel_netlink_ipsec_t *this;
struct sockaddr_nl addr;
int fd;
- /* public functions */
- this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
- this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
- this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa;
- this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
- this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
- this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
- this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
- this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
- this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy;
- this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy;
-
- /* private members */
- this->policies = hashtable_create((hashtable_hash_t)policy_hash,
- (hashtable_equals_t)policy_equals, 32);
- this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
- this->install_routes = lib->settings->get_bool(lib->settings,
- "charon.install_routes", TRUE);
+ INIT(this,
+ .public.interface = {
+ .get_spi = _get_spi,
+ .get_cpi = _get_cpi,
+ .add_sa = _add_sa,
+ .update_sa = _update_sa,
+ .query_sa = _query_sa,
+ .del_sa = _del_sa,
+ .add_policy = _add_policy,
+ .query_policy = _query_policy,
+ .del_policy = _del_policy,
+ .bypass_socket = _bypass_socket,
+ .destroy = _destroy,
+ },
+ .policies = hashtable_create((hashtable_hash_t)policy_hash,
+ (hashtable_equals_t)policy_equals, 32),
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .install_routes = lib->settings->get_bool(lib->settings,
+ "charon.install_routes", TRUE),
+ );
/* disable lifetimes for allocated SPIs in kernel */
fd = open("/proc/sys/net/core/xfrm_acq_expires", O_WRONLY);
@@ -2038,6 +1998,11 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
}
this->socket_xfrm = netlink_socket_create(NETLINK_XFRM);
+ if (!this->socket_xfrm)
+ {
+ destroy(this);
+ return NULL;
+ }
memset(&addr, 0, sizeof(addr));
addr.nl_family = AF_NETLINK;
@@ -2046,24 +2011,22 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
this->socket_xfrm_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM);
if (this->socket_xfrm_events <= 0)
{
- charon->kill(charon, "unable to create XFRM event socket");
+ DBG1(DBG_KNL, "unable to create XFRM event socket");
+ destroy(this);
+ return NULL;
}
addr.nl_groups = XFRMNLGRP(ACQUIRE) | XFRMNLGRP(EXPIRE) |
XFRMNLGRP(MIGRATE) | XFRMNLGRP(MAPPING);
if (bind(this->socket_xfrm_events, (struct sockaddr*)&addr, sizeof(addr)))
{
- charon->kill(charon, "unable to bind XFRM event socket");
+ DBG1(DBG_KNL, "unable to bind XFRM event socket");
+ destroy(this);
+ return NULL;
}
-
- /* add bypass policies on the sockets used by charon */
- if (!add_bypass_policies())
- {
- charon->kill(charon, "unable to add bypass policies on sockets");
- }
-
this->job = callback_job_create((callback_job_cb_t)receive_events,
this, NULL, NULL);
charon->processor->queue_job(charon->processor, (job_t*)this->job);
return &this->public;
}
+
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h
index 3a45cce06..3a45cce06 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index 4a9fdf69a..6750458cf 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -14,6 +14,29 @@
* for more details.
*/
+/*
+ * Copyright (C) 2010 secunet Security Networks AG
+ * Copyright (C) 2010 Thomas Egerer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
#include <sys/socket.h>
#include <linux/netlink.h>
#include <linux/rtnetlink.h>
@@ -158,6 +181,11 @@ struct private_kernel_netlink_net_t {
* whether to actually install virtual IPs
*/
bool install_virtual_ip;
+
+ /**
+ * list with routing tables to be excluded from route lookup
+ */
+ linked_list_t *rt_exclude;
};
/**
@@ -764,6 +792,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
chunk_t chunk;
size_t len;
int best = -1;
+ enumerator_t *enumerator;
host_t *src = NULL, *gtw = NULL;
DBG2(DBG_KNL, "getting address to reach %H", dest);
@@ -813,6 +842,8 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
chunk_t rta_gtw, rta_src, rta_dst;
u_int32_t rta_oif = 0;
host_t *new_src, *new_gtw;
+ bool cont = FALSE;
+ uintptr_t table;
rta_gtw = rta_src = rta_dst = chunk_empty;
msg = (struct rtmsg*)(NLMSG_DATA(current));
@@ -844,6 +875,20 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
{ /* not better than a previous one */
continue;
}
+ enumerator = this->rt_exclude->create_enumerator(this->rt_exclude);
+ while (enumerator->enumerate(enumerator, &table))
+ {
+ if (table == msg->rtm_table)
+ {
+ cont = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (cont)
+ {
+ continue;
+ }
if (this->routing_table != 0 &&
msg->rtm_table == this->routing_table)
{ /* route is from our own ipsec routing table */
@@ -1336,11 +1381,17 @@ static void destroy(private_kernel_netlink_net_t *this)
manage_rule(this, RTM_DELRULE, AF_INET6, this->routing_table,
this->routing_table_prio);
}
-
- this->job->cancel(this->job);
- close(this->socket_events);
- this->socket->destroy(this->socket);
+ if (this->job)
+ {
+ this->job->cancel(this->job);
+ }
+ if (this->socket_events > 0)
+ {
+ close(this->socket_events);
+ }
+ DESTROY_IF(this->socket);
this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
+ this->rt_exclude->destroy(this->rt_exclude);
this->condvar->destroy(this->condvar);
this->mutex->destroy(this->mutex);
free(this);
@@ -1353,6 +1404,8 @@ kernel_netlink_net_t *kernel_netlink_net_create()
{
private_kernel_netlink_net_t *this = malloc_thing(private_kernel_netlink_net_t);
struct sockaddr_nl addr;
+ enumerator_t *enumerator;
+ char *exclude;
/* public functions */
this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name;
@@ -1379,22 +1432,49 @@ kernel_netlink_net_t *kernel_netlink_net_create()
this->install_virtual_ip = lib->settings->get_bool(lib->settings,
"charon.install_virtual_ip", TRUE);
+ this->rt_exclude = linked_list_create();
+ exclude = lib->settings->get_str(lib->settings,
+ "charon.ignore_routing_tables", NULL);
+ if (exclude)
+ {
+ char *token;
+ uintptr_t table;
+
+ enumerator = enumerator_create_token(exclude, " ", " ");
+ while (enumerator->enumerate(enumerator, &token))
+ {
+ errno = 0;
+ table = strtoul(token, NULL, 10);
+
+ if (errno == 0)
+ {
+ this->rt_exclude->insert_last(this->rt_exclude, (void*)table);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+
this->socket = netlink_socket_create(NETLINK_ROUTE);
+ this->job = NULL;
memset(&addr, 0, sizeof(addr));
addr.nl_family = AF_NETLINK;
/* create and bind RT socket for events (address/interface/route changes) */
this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
- if (this->socket_events <= 0)
+ if (this->socket_events < 0)
{
- charon->kill(charon, "unable to create RT event socket");
+ DBG1(DBG_KNL, "unable to create RT event socket");
+ destroy(this);
+ return NULL;
}
addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR |
RTMGRP_IPV4_ROUTE | RTMGRP_IPV4_ROUTE | RTMGRP_LINK;
if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr)))
{
- charon->kill(charon, "unable to bind RT event socket");
+ DBG1(DBG_KNL, "unable to bind RT event socket");
+ destroy(this);
+ return NULL;
}
this->job = callback_job_create((callback_job_cb_t)receive_events,
@@ -1403,7 +1483,9 @@ kernel_netlink_net_t *kernel_netlink_net_create()
if (init_address_list(this) != SUCCESS)
{
- charon->kill(charon, "unable to get interface list");
+ DBG1(DBG_KNL, "unable to get interface list");
+ destroy(this);
+ return NULL;
}
if (this->routing_table)
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_net.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h
index ff9831d3c..ff9831d3c 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_net.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c
index cdf20f14a..4c61265aa 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c
@@ -46,7 +46,7 @@ static void destroy(private_kernel_netlink_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *kernel_netlink_plugin_create()
{
private_kernel_netlink_plugin_t *this = malloc_thing(private_kernel_netlink_plugin_t);
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h
index ec6036b98..74c9ae24f 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h
@@ -39,9 +39,4 @@ struct kernel_netlink_plugin_t {
plugin_t plugin;
};
-/**
- * Create a kernel_netlink_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** KERNEL_NETLINK_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
index b96186a3a..5ed568150 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -236,7 +236,10 @@ static status_t netlink_send_ack(private_netlink_socket_t *this, struct nlmsghdr
*/
static void destroy(private_netlink_socket_t *this)
{
- close(this->socket);
+ if (this->socket > 0)
+ {
+ close(this->socket);
+ }
this->mutex->destroy(this->mutex);
free(this);
}
@@ -244,7 +247,8 @@ static void destroy(private_netlink_socket_t *this)
/**
* Described in header.
*/
-netlink_socket_t *netlink_socket_create(int protocol) {
+netlink_socket_t *netlink_socket_create(int protocol)
+{
private_netlink_socket_t *this = malloc_thing(private_netlink_socket_t);
struct sockaddr_nl addr;
@@ -262,15 +266,19 @@ netlink_socket_t *netlink_socket_create(int protocol) {
this->protocol = protocol;
this->socket = socket(AF_NETLINK, SOCK_RAW, protocol);
- if (this->socket <= 0)
+ if (this->socket < 0)
{
- charon->kill(charon, "unable to create netlink socket");
+ DBG1(DBG_KNL, "unable to create netlink socket");
+ destroy(this);
+ return NULL;
}
addr.nl_groups = 0;
if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr)))
{
- charon->kill(charon, "unable to bind netlink socket");
+ DBG1(DBG_KNL, "unable to bind netlink socket");
+ destroy(this);
+ return NULL;
}
return &this->public;
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h
index dfd27a21a..dfd27a21a 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h
diff --git a/src/charon/plugins/kernel_pfkey/Makefile.am b/src/libcharon/plugins/kernel_pfkey/Makefile.am
index a72c6a999..778a7f9a9 100644
--- a/src/charon/plugins/kernel_pfkey/Makefile.am
+++ b/src/libcharon/plugins/kernel_pfkey/Makefile.am
@@ -1,10 +1,17 @@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-kernel-pfkey.la
+else
plugin_LTLIBRARIES = libstrongswan-kernel-pfkey.la
+endif
-libstrongswan_kernel_pfkey_la_SOURCES = kernel_pfkey_plugin.h kernel_pfkey_plugin.c \
+libstrongswan_kernel_pfkey_la_SOURCES = \
+ kernel_pfkey_plugin.h kernel_pfkey_plugin.c \
kernel_pfkey_ipsec.h kernel_pfkey_ipsec.c
+
libstrongswan_kernel_pfkey_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in
index 8a0961a7d..2b028ba71 100644
--- a/src/charon/plugins/kernel_pfkey/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/kernel_pfkey
+subdir = src/libcharon/plugins/kernel_pfkey
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_kernel_pfkey_la_LIBADD =
am_libstrongswan_kernel_pfkey_la_OBJECTS = kernel_pfkey_plugin.lo \
kernel_pfkey_ipsec.lo
@@ -82,6 +82,9 @@ libstrongswan_kernel_pfkey_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_kernel_pfkey_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_kernel_pfkey_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_kernel_pfkey_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,10 +258,14 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-kernel-pfkey.la
-libstrongswan_kernel_pfkey_la_SOURCES = kernel_pfkey_plugin.h kernel_pfkey_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-pfkey.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-pfkey.la
+libstrongswan_kernel_pfkey_la_SOURCES = \
+ kernel_pfkey_plugin.h kernel_pfkey_plugin.c \
kernel_pfkey_ipsec.h kernel_pfkey_ipsec.c
libstrongswan_kernel_pfkey_la_LDFLAGS = -module -avoid-version
@@ -274,9 +282,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfkey/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfkey/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfkey/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfkey/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -295,6 +303,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +344,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-kernel-pfkey.la: $(libstrongswan_kernel_pfkey_la_OBJECTS) $(libstrongswan_kernel_pfkey_la_DEPENDENCIES)
- $(libstrongswan_kernel_pfkey_la_LINK) -rpath $(plugindir) $(libstrongswan_kernel_pfkey_la_OBJECTS) $(libstrongswan_kernel_pfkey_la_LIBADD) $(LIBS)
+ $(libstrongswan_kernel_pfkey_la_LINK) $(am_libstrongswan_kernel_pfkey_la_rpath) $(libstrongswan_kernel_pfkey_la_OBJECTS) $(libstrongswan_kernel_pfkey_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -481,8 +498,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -553,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 9c50746ac..8a7883c8a 100644
--- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1149,13 +1149,9 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this)
return JOB_REQUEUE_DIRECT;
}
-/**
- * Implementation of kernel_interface_t.get_spi.
- */
-static status_t get_spi(private_kernel_pfkey_ipsec_t *this,
- host_t *src, host_t *dst,
- protocol_id_t protocol, u_int32_t reqid,
- u_int32_t *spi)
+METHOD(kernel_ipsec_t, get_spi, status_t,
+ private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+ protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1212,28 +1208,19 @@ static status_t get_spi(private_kernel_pfkey_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.get_cpi.
- */
-static status_t get_cpi(private_kernel_pfkey_ipsec_t *this,
- host_t *src, host_t *dst,
- u_int32_t reqid, u_int16_t *cpi)
+METHOD(kernel_ipsec_t, get_cpi, status_t,
+ private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+ u_int32_t reqid, u_int16_t *cpi)
{
return FAILED;
}
-/**
- * Implementation of kernel_interface_t.add_sa.
- */
-static status_t add_sa(private_kernel_pfkey_ipsec_t *this,
- host_t *src, host_t *dst, u_int32_t spi,
- protocol_id_t protocol, u_int32_t reqid,
- lifetime_cfg_t *lifetime,
- u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key,
- ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- bool encap, bool inbound, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts)
+METHOD(kernel_ipsec_t, add_sa, status_t,
+ private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi,
+ protocol_id_t protocol, u_int32_t reqid, lifetime_cfg_t *lifetime,
+ u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key,
+ ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap,
+ bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1374,14 +1361,10 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.update_sa.
- */
-static status_t update_sa(private_kernel_pfkey_ipsec_t *this,
- u_int32_t spi, protocol_id_t protocol, u_int16_t cpi,
- host_t *src, host_t *dst,
- host_t *new_src, host_t *new_dst,
- bool encap, bool new_encap)
+METHOD(kernel_ipsec_t, update_sa, status_t,
+ private_kernel_pfkey_ipsec_t *this, u_int32_t spi, protocol_id_t protocol,
+ u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
+ bool encap, bool new_encap)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1512,12 +1495,9 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.query_sa.
- */
-static status_t query_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
- host_t *dst, u_int32_t spi, protocol_id_t protocol,
- u_int64_t *bytes)
+METHOD(kernel_ipsec_t, query_sa, status_t,
+ private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1571,12 +1551,9 @@ static status_t query_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.del_sa.
- */
-static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
- host_t *dst, u_int32_t spi, protocol_id_t protocol,
- u_int16_t cpi)
+METHOD(kernel_ipsec_t, del_sa, status_t,
+ private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, protocol_id_t protocol, u_int16_t cpi)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1623,17 +1600,12 @@ static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.add_policy.
- */
-static status_t add_policy(private_kernel_pfkey_ipsec_t *this,
- host_t *src, host_t *dst,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, u_int32_t spi,
- protocol_id_t protocol, u_int32_t reqid,
- ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- bool routed)
+METHOD(kernel_ipsec_t, add_policy, status_t,
+ private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+ u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
+ bool routed)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1828,13 +1800,9 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.query_policy.
- */
-static status_t query_policy(private_kernel_pfkey_ipsec_t *this,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, u_int32_t *use_time)
+METHOD(kernel_ipsec_t, query_policy, status_t,
+ private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1935,13 +1903,9 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this,
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.del_policy.
- */
-static status_t del_policy(private_kernel_pfkey_ipsec_t *this,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, bool unrouted)
+METHOD(kernel_ipsec_t, del_policy, status_t,
+ private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -2049,7 +2013,8 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this,
/**
* Register a socket for AQUIRE/EXPIRE messages
*/
-static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, u_int8_t satype)
+static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this,
+ u_int8_t satype)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -2079,77 +2044,71 @@ static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, u_int8
return SUCCESS;
}
-/**
- * Implementation of kernel_interface_t.destroy.
- */
-static void destroy(private_kernel_pfkey_ipsec_t *this)
+METHOD(kernel_ipsec_t, bypass_socket, bool,
+ private_kernel_pfkey_ipsec_t *this, int fd, int family)
{
- this->job->cancel(this->job);
- close(this->socket);
- close(this->socket_events);
- this->policies->destroy_function(this->policies, (void*)policy_entry_destroy);
- this->mutex->destroy(this->mutex);
- this->mutex_pfkey->destroy(this->mutex_pfkey);
- free(this);
-}
+ struct sadb_x_policy policy;
+ u_int sol, ipsec_policy;
-/**
- * Add bypass policies for IKE on the sockets of charon
- */
-static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this)
-{
- int fd, family, port;
- enumerator_t *sockets;
- bool status = TRUE;
-
- sockets = charon->socket->create_enumerator(charon->socket);
- while (sockets->enumerate(sockets, &fd, &family, &port))
+ switch (family)
{
- struct sadb_x_policy policy;
- u_int sol, ipsec_policy;
-
- switch (family)
- {
- case AF_INET:
- {
- sol = SOL_IP;
- ipsec_policy = IP_IPSEC_POLICY;
- break;
- }
- case AF_INET6:
- {
- sol = SOL_IPV6;
- ipsec_policy = IPV6_IPSEC_POLICY;
- break;
- }
- default:
- continue;
- }
-
- memset(&policy, 0, sizeof(policy));
- policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t);
- policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
- policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS;
-
- policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND;
- if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+ case AF_INET:
{
- DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
- strerror(errno));
- status = FALSE;
+ sol = SOL_IP;
+ ipsec_policy = IP_IPSEC_POLICY;
break;
}
- policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
- if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+ case AF_INET6:
{
- DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
- strerror(errno));
- status = FALSE;
+ sol = SOL_IPV6;
+ ipsec_policy = IPV6_IPSEC_POLICY;
break;
}
+ default:
+ return FALSE;
+ }
+
+ memset(&policy, 0, sizeof(policy));
+ policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t);
+ policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
+ policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS;
+
+ policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND;
+ if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+ {
+ DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
+ strerror(errno));
+ return FALSE;
+ }
+ policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
+ if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+ {
+ DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
+ strerror(errno));
+ return FALSE;
}
- sockets->destroy(sockets);
- return status;
+ return TRUE;
+}
+
+METHOD(kernel_ipsec_t, destroy, void,
+ private_kernel_pfkey_ipsec_t *this)
+{
+ if (this->job)
+ {
+ this->job->cancel(this->job);
+ }
+ if (this->socket > 0)
+ {
+ close(this->socket);
+ }
+ if (this->socket_events > 0)
+ {
+ close(this->socket_events);
+ }
+ this->policies->destroy_function(this->policies, (void*)policy_entry_destroy);
+ this->mutex->destroy(this->mutex);
+ this->mutex_pfkey->destroy(this->mutex_pfkey);
+ free(this);
}
/*
@@ -2157,54 +2116,54 @@ static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this)
*/
kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
{
- private_kernel_pfkey_ipsec_t *this = malloc_thing(private_kernel_pfkey_ipsec_t);
-
- /* public functions */
- this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
- this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
- this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa;
- this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
- this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
- this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
- this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
- this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
- this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy;
-
- this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy;
-
- /* private members */
- this->policies = linked_list_create();
- this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
- this->mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT);
- this->install_routes = lib->settings->get_bool(lib->settings,
- "charon.install_routes", TRUE);
- this->seq = 0;
+ private_kernel_pfkey_ipsec_t *this;
+
+ INIT(this,
+ .public.interface = {
+ .get_spi = _get_spi,
+ .get_cpi = _get_cpi,
+ .add_sa = _add_sa,
+ .update_sa = _update_sa,
+ .query_sa = _query_sa,
+ .del_sa = _del_sa,
+ .add_policy = _add_policy,
+ .query_policy = _query_policy,
+ .del_policy = _del_policy,
+ .bypass_socket = _bypass_socket,
+ .destroy = _destroy,
+ },
+ .policies = linked_list_create(),
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT),
+ .install_routes = lib->settings->get_bool(lib->settings,
+ "charon.install_routes", TRUE),
+ );
/* create a PF_KEY socket to communicate with the kernel */
this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
if (this->socket <= 0)
{
- charon->kill(charon, "unable to create PF_KEY socket");
+ DBG1(DBG_KNL, "unable to create PF_KEY socket");
+ destroy(this);
+ return NULL;
}
/* create a PF_KEY socket for ACQUIRE & EXPIRE */
this->socket_events = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
if (this->socket_events <= 0)
{
- charon->kill(charon, "unable to create PF_KEY event socket");
- }
-
- /* add bypass policies on the sockets used by charon */
- if (!add_bypass_policies(this))
- {
- charon->kill(charon, "unable to add bypass policies on sockets");
+ DBG1(DBG_KNL, "unable to create PF_KEY event socket");
+ destroy(this);
+ return NULL;
}
/* register the event socket */
if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS ||
register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS)
{
- charon->kill(charon, "unable to register PF_KEY event socket");
+ DBG1(DBG_KNL, "unable to register PF_KEY event socket");
+ destroy(this);
+ return NULL;
}
this->job = callback_job_create((callback_job_cb_t)receive_events,
@@ -2213,3 +2172,4 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
return &this->public;
}
+
diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h
index 649f93733..649f93733 100644
--- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h
diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c
index 3380c328c..b84ccf150 100644
--- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_kernel_pfkey_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *kernel_pfkey_plugin_create()
{
private_kernel_pfkey_plugin_t *this = malloc_thing(private_kernel_pfkey_plugin_t);
diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h
index 2f168aa9c..ecccc6303 100644
--- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h
@@ -39,9 +39,4 @@ struct kernel_pfkey_plugin_t {
plugin_t plugin;
};
-/**
- * Create a kernel_pfkey_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** KERNEL_PFKEY_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/kernel_pfroute/Makefile.am b/src/libcharon/plugins/kernel_pfroute/Makefile.am
index 0065d9b0a..83db48160 100644
--- a/src/charon/plugins/kernel_pfroute/Makefile.am
+++ b/src/libcharon/plugins/kernel_pfroute/Makefile.am
@@ -1,10 +1,17 @@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-kernel-pfroute.la
+else
plugin_LTLIBRARIES = libstrongswan-kernel-pfroute.la
+endif
-libstrongswan_kernel_pfroute_la_SOURCES = kernel_pfroute_plugin.h kernel_pfroute_plugin.c \
+libstrongswan_kernel_pfroute_la_SOURCES = \
+ kernel_pfroute_plugin.h kernel_pfroute_plugin.c \
kernel_pfroute_net.h kernel_pfroute_net.c
+
libstrongswan_kernel_pfroute_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in
index da8c7585f..3a4d2c3b5 100644
--- a/src/charon/plugins/kernel_pfroute/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/kernel_pfroute
+subdir = src/libcharon/plugins/kernel_pfroute
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_kernel_pfroute_la_LIBADD =
am_libstrongswan_kernel_pfroute_la_OBJECTS = kernel_pfroute_plugin.lo \
kernel_pfroute_net.lo
@@ -82,6 +82,9 @@ libstrongswan_kernel_pfroute_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_kernel_pfroute_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_kernel_pfroute_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_kernel_pfroute_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,10 +258,14 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-kernel-pfroute.la
-libstrongswan_kernel_pfroute_la_SOURCES = kernel_pfroute_plugin.h kernel_pfroute_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-pfroute.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-pfroute.la
+libstrongswan_kernel_pfroute_la_SOURCES = \
+ kernel_pfroute_plugin.h kernel_pfroute_plugin.c \
kernel_pfroute_net.h kernel_pfroute_net.c
libstrongswan_kernel_pfroute_la_LDFLAGS = -module -avoid-version
@@ -274,9 +282,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfroute/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfroute/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfroute/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfroute/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -295,6 +303,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +344,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-kernel-pfroute.la: $(libstrongswan_kernel_pfroute_la_OBJECTS) $(libstrongswan_kernel_pfroute_la_DEPENDENCIES)
- $(libstrongswan_kernel_pfroute_la_LINK) -rpath $(plugindir) $(libstrongswan_kernel_pfroute_la_OBJECTS) $(libstrongswan_kernel_pfroute_la_LIBADD) $(LIBS)
+ $(libstrongswan_kernel_pfroute_la_LINK) $(am_libstrongswan_kernel_pfroute_la_rpath) $(libstrongswan_kernel_pfroute_la_OBJECTS) $(libstrongswan_kernel_pfroute_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -481,8 +498,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -553,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
index 9f1baf5b5..97c019b58 100644
--- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -650,9 +650,18 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this)
*/
static void destroy(private_kernel_pfroute_net_t *this)
{
- this->job->cancel(this->job);
- close(this->socket);
- close(this->socket_events);
+ if (this->job)
+ {
+ this->job->cancel(this->job);
+ }
+ if (this->socket > 0)
+ {
+ close(this->socket);
+ }
+ if (this->socket_events)
+ {
+ close(this->socket_events);
+ }
this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
this->mutex->destroy(this->mutex);
this->mutex_pfroute->destroy(this->mutex_pfroute);
@@ -684,19 +693,25 @@ kernel_pfroute_net_t *kernel_pfroute_net_create()
this->mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT);
this->seq = 0;
+ this->socket_events = 0;
+ this->job = NULL;
/* create a PF_ROUTE socket to communicate with the kernel */
this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
- if (this->socket <= 0)
+ if (this->socket < 0)
{
- charon->kill(charon, "unable to create PF_ROUTE socket");
+ DBG1(DBG_KNL, "unable to create PF_ROUTE socket");
+ destroy(this);
+ return NULL;
}
/* create a PF_ROUTE socket to receive events */
this->socket_events = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
- if (this->socket_events <= 0)
+ if (this->socket_events < 0)
{
- charon->kill(charon, "unable to create PF_ROUTE event socket");
+ DBG1(DBG_KNL, "unable to create PF_ROUTE event socket");
+ destroy(this);
+ return NULL;
}
this->job = callback_job_create((callback_job_cb_t)receive_events,
@@ -705,7 +720,9 @@ kernel_pfroute_net_t *kernel_pfroute_net_create()
if (init_address_list(this) != SUCCESS)
{
- charon->kill(charon, "unable to get interface list");
+ DBG1(DBG_KNL, "unable to get interface list");
+ destroy(this);
+ return NULL;
}
return &this->public;
diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.h b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h
index 10c3c9eb7..10c3c9eb7 100644
--- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.h
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h
diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c
index e73cbeafb..97139fb56 100644
--- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c
@@ -45,7 +45,7 @@ static void destroy(private_kernel_pfroute_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *kernel_pfroute_plugin_create()
{
private_kernel_pfroute_plugin_t *this = malloc_thing(private_kernel_pfroute_plugin_t);
diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.h b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h
index 6caf097c6..50642a572 100644
--- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.h
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h
@@ -39,9 +39,4 @@ struct kernel_pfroute_plugin_t {
plugin_t plugin;
};
-/**
- * Create a kernel_pfroute_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** KERNEL_PFROUTE_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/load_tester/Makefile.am b/src/libcharon/plugins/load_tester/Makefile.am
new file mode 100644
index 000000000..cdd0445a9
--- /dev/null
+++ b/src/libcharon/plugins/load_tester/Makefile.am
@@ -0,0 +1,21 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-load-tester.la
+else
+plugin_LTLIBRARIES = libstrongswan-load-tester.la
+endif
+
+libstrongswan_load_tester_la_SOURCES = \
+ load_tester_plugin.c load_tester_plugin.h \
+ load_tester_config.c load_tester_config.h \
+ load_tester_creds.c load_tester_creds.h \
+ load_tester_ipsec.c load_tester_ipsec.h \
+ load_tester_listener.c load_tester_listener.h \
+ load_tester_diffie_hellman.c load_tester_diffie_hellman.h
+
+libstrongswan_load_tester_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index 70c7d3c99..8965aff78 100644
--- a/src/charon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/load_tester
+subdir = src/libcharon/plugins/load_tester
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_load_tester_la_LIBADD =
am_libstrongswan_load_tester_la_OBJECTS = load_tester_plugin.lo \
load_tester_config.lo load_tester_creds.lo \
@@ -84,6 +84,9 @@ libstrongswan_load_tester_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_load_tester_la_LDFLAGS) \
$(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_load_tester_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_load_tester_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -222,6 +225,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -256,16 +260,19 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-load-tester.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-load-tester.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-load-tester.la
libstrongswan_load_tester_la_SOURCES = \
- load_tester_plugin.c load_tester_plugin.h \
- load_tester_config.c load_tester_config.h \
- load_tester_creds.c load_tester_creds.h \
- load_tester_ipsec.c load_tester_ipsec.h \
- load_tester_listener.c load_tester_listener.h \
- load_tester_diffie_hellman.c load_tester_diffie_hellman.h
+ load_tester_plugin.c load_tester_plugin.h \
+ load_tester_config.c load_tester_config.h \
+ load_tester_creds.c load_tester_creds.h \
+ load_tester_ipsec.c load_tester_ipsec.h \
+ load_tester_listener.c load_tester_listener.h \
+ load_tester_diffie_hellman.c load_tester_diffie_hellman.h
libstrongswan_load_tester_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -281,9 +288,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/load_tester/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/load_tester/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/load_tester/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/load_tester/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -302,6 +309,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -334,7 +350,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-load-tester.la: $(libstrongswan_load_tester_la_OBJECTS) $(libstrongswan_load_tester_la_DEPENDENCIES)
- $(libstrongswan_load_tester_la_LINK) -rpath $(plugindir) $(libstrongswan_load_tester_la_OBJECTS) $(libstrongswan_load_tester_la_LIBADD) $(LIBS)
+ $(libstrongswan_load_tester_la_LINK) $(am_libstrongswan_load_tester_la_rpath) $(libstrongswan_load_tester_la_OBJECTS) $(libstrongswan_load_tester_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -492,8 +508,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -564,18 +580,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c
index 82f408d45..c1f98f2fe 100644
--- a/src/charon/plugins/load_tester/load_tester_config.c
+++ b/src/libcharon/plugins/load_tester/load_tester_config.c
@@ -78,6 +78,11 @@ struct private_load_tester_config_t {
* incremental numbering of generated configs
*/
u_int num;
+
+ /**
+ * Dynamic source port, if used
+ */
+ u_int16_t port;
};
/**
@@ -189,7 +194,16 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
}
};
- ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", this->remote);
+ if (this->port && num)
+ {
+ ike_cfg = ike_cfg_create(FALSE, FALSE,
+ "0.0.0.0", this->port + num - 1, this->remote, IKEV2_NATT_PORT);
+ }
+ else
+ {
+ ike_cfg = ike_cfg_create(FALSE, FALSE,
+ "0.0.0.0", IKEV2_UDP_PORT, this->remote, IKEV2_UDP_PORT);
+ }
ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
peer_cfg = peer_cfg_create("load-test", 2, ike_cfg,
CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */
@@ -308,6 +322,9 @@ load_tester_config_t *load_tester_config_create()
this->responder_auth = lib->settings->get_str(lib->settings,
"charon.plugins.load-tester.responder_auth", "pubkey");
+ this->port = lib->settings->get_int(lib->settings,
+ "charon.plugins.load-tester.dynamic_port", 0);
+
this->num = 1;
this->peer_cfg = generate_config(this, 0);
diff --git a/src/charon/plugins/load_tester/load_tester_config.h b/src/libcharon/plugins/load_tester/load_tester_config.h
index c22387743..c22387743 100644
--- a/src/charon/plugins/load_tester/load_tester_config.h
+++ b/src/libcharon/plugins/load_tester/load_tester_config.h
diff --git a/src/charon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c
index 890703c1a..890703c1a 100644
--- a/src/charon/plugins/load_tester/load_tester_creds.c
+++ b/src/libcharon/plugins/load_tester/load_tester_creds.c
diff --git a/src/charon/plugins/load_tester/load_tester_creds.h b/src/libcharon/plugins/load_tester/load_tester_creds.h
index fb3541164..fb3541164 100644
--- a/src/charon/plugins/load_tester/load_tester_creds.h
+++ b/src/libcharon/plugins/load_tester/load_tester_creds.h
diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.c b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c
index d5ec3599b..d5ec3599b 100644
--- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.c
+++ b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c
diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h
index 672157fb8..672157fb8 100644
--- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h
+++ b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h
diff --git a/src/charon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
index 1218443cc..1218443cc 100644
--- a/src/charon/plugins/load_tester/load_tester_ipsec.c
+++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
diff --git a/src/charon/plugins/load_tester/load_tester_ipsec.h b/src/libcharon/plugins/load_tester/load_tester_ipsec.h
index 1e1bff84a..1e1bff84a 100644
--- a/src/charon/plugins/load_tester/load_tester_ipsec.h
+++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.h
diff --git a/src/charon/plugins/load_tester/load_tester_listener.c b/src/libcharon/plugins/load_tester/load_tester_listener.c
index 96b0cf1ec..96b0cf1ec 100644
--- a/src/charon/plugins/load_tester/load_tester_listener.c
+++ b/src/libcharon/plugins/load_tester/load_tester_listener.c
diff --git a/src/charon/plugins/load_tester/load_tester_listener.h b/src/libcharon/plugins/load_tester/load_tester_listener.h
index b9599294c..b9599294c 100644
--- a/src/charon/plugins/load_tester/load_tester_listener.h
+++ b/src/libcharon/plugins/load_tester/load_tester_listener.h
diff --git a/src/charon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c
index e25f97423..46145b803 100644
--- a/src/charon/plugins/load_tester/load_tester_plugin.c
+++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c
@@ -173,7 +173,7 @@ static void destroy(private_load_tester_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *load_tester_plugin_create()
{
private_load_tester_plugin_t *this;
u_int i, shutdown_on = 0;
diff --git a/src/charon/plugins/load_tester/load_tester_plugin.h b/src/libcharon/plugins/load_tester/load_tester_plugin.h
index e33f06ac7..15f2d1127 100644
--- a/src/charon/plugins/load_tester/load_tester_plugin.h
+++ b/src/libcharon/plugins/load_tester/load_tester_plugin.h
@@ -41,9 +41,4 @@ struct load_tester_plugin_t {
plugin_t plugin;
};
-/**
- * Create a load_tester_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** LOAD_TESTER_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/medcli/Makefile.am b/src/libcharon/plugins/medcli/Makefile.am
new file mode 100644
index 000000000..cdff8d854
--- /dev/null
+++ b/src/libcharon/plugins/medcli/Makefile.am
@@ -0,0 +1,19 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-medcli.la
+else
+plugin_LTLIBRARIES = libstrongswan-medcli.la
+endif
+
+libstrongswan_medcli_la_SOURCES = \
+ medcli_plugin.h medcli_plugin.c \
+ medcli_creds.h medcli_creds.c \
+ medcli_config.h medcli_config.c \
+ medcli_listener.h medcli_listener.c
+
+libstrongswan_medcli_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index 47eeecd5b..539890ec3 100644
--- a/src/charon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/medcli
+subdir = src/libcharon/plugins/medcli
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_medcli_la_LIBADD =
am_libstrongswan_medcli_la_OBJECTS = medcli_plugin.lo medcli_creds.lo \
medcli_config.lo medcli_listener.lo
@@ -81,6 +81,9 @@ libstrongswan_medcli_la_OBJECTS = \
libstrongswan_medcli_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_medcli_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_medcli_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_medcli_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,13 +257,17 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-medcli.la
-libstrongswan_medcli_la_SOURCES = medcli_plugin.h medcli_plugin.c \
- medcli_creds.h medcli_creds.c \
- medcli_config.h medcli_config.c \
- medcli_listener.h medcli_listener.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-medcli.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-medcli.la
+libstrongswan_medcli_la_SOURCES = \
+ medcli_plugin.h medcli_plugin.c \
+ medcli_creds.h medcli_creds.c \
+ medcli_config.h medcli_config.c \
+ medcli_listener.h medcli_listener.c
libstrongswan_medcli_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -275,9 +283,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/medcli/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/medcli/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/medcli/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/medcli/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -296,6 +304,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +345,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-medcli.la: $(libstrongswan_medcli_la_OBJECTS) $(libstrongswan_medcli_la_DEPENDENCIES)
- $(libstrongswan_medcli_la_LINK) -rpath $(plugindir) $(libstrongswan_medcli_la_OBJECTS) $(libstrongswan_medcli_la_LIBADD) $(LIBS)
+ $(libstrongswan_medcli_la_LINK) $(am_libstrongswan_medcli_la_rpath) $(libstrongswan_medcli_la_OBJECTS) $(libstrongswan_medcli_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -484,8 +501,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -556,18 +573,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c
index 2e49ebbf7..e355d55f7 100644
--- a/src/charon/plugins/medcli/medcli_config.c
+++ b/src/libcharon/plugins/medcli/medcli_config.c
@@ -120,7 +120,8 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
DESTROY_IF(e);
return NULL;
}
- ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", address);
+ ike_cfg = ike_cfg_create(FALSE, FALSE,
+ "0.0.0.0", IKEV2_UDP_PORT, address, IKEV2_UDP_PORT);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
med_cfg = peer_cfg_create(
"mediation", 2, ike_cfg,
@@ -395,7 +396,8 @@ medcli_config_t *medcli_config_create(database_t *db)
this->db = db;
this->rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200);
this->dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300);
- this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0");
+ this->ike = ike_cfg_create(FALSE, FALSE,
+ "0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT);
this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
schedule_autoinit(this);
diff --git a/src/charon/plugins/medcli/medcli_config.h b/src/libcharon/plugins/medcli/medcli_config.h
index 36c20adf7..36c20adf7 100644
--- a/src/charon/plugins/medcli/medcli_config.h
+++ b/src/libcharon/plugins/medcli/medcli_config.h
diff --git a/src/charon/plugins/medcli/medcli_creds.c b/src/libcharon/plugins/medcli/medcli_creds.c
index 9729df3f5..9729df3f5 100644
--- a/src/charon/plugins/medcli/medcli_creds.c
+++ b/src/libcharon/plugins/medcli/medcli_creds.c
diff --git a/src/charon/plugins/medcli/medcli_creds.h b/src/libcharon/plugins/medcli/medcli_creds.h
index 4b5402653..4b5402653 100644
--- a/src/charon/plugins/medcli/medcli_creds.h
+++ b/src/libcharon/plugins/medcli/medcli_creds.h
diff --git a/src/charon/plugins/medcli/medcli_listener.c b/src/libcharon/plugins/medcli/medcli_listener.c
index 142f02e6c..142f02e6c 100644
--- a/src/charon/plugins/medcli/medcli_listener.c
+++ b/src/libcharon/plugins/medcli/medcli_listener.c
diff --git a/src/charon/plugins/medcli/medcli_listener.h b/src/libcharon/plugins/medcli/medcli_listener.h
index 4768beccd..4768beccd 100644
--- a/src/charon/plugins/medcli/medcli_listener.h
+++ b/src/libcharon/plugins/medcli/medcli_listener.h
diff --git a/src/charon/plugins/medcli/medcli_plugin.c b/src/libcharon/plugins/medcli/medcli_plugin.c
index 148eded61..397168d46 100644
--- a/src/charon/plugins/medcli/medcli_plugin.c
+++ b/src/libcharon/plugins/medcli/medcli_plugin.c
@@ -72,7 +72,7 @@ static void destroy(private_medcli_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *medcli_plugin_create()
{
char *uri;
private_medcli_plugin_t *this = malloc_thing(private_medcli_plugin_t);
diff --git a/src/charon/plugins/medcli/medcli_plugin.h b/src/libcharon/plugins/medcli/medcli_plugin.h
index 06f674b37..44e7bb525 100644
--- a/src/charon/plugins/medcli/medcli_plugin.h
+++ b/src/libcharon/plugins/medcli/medcli_plugin.h
@@ -39,9 +39,4 @@ struct medcli_plugin_t {
plugin_t plugin;
};
-/**
- * Create a medcli_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** MEDCLI_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/medsrv/Makefile.am b/src/libcharon/plugins/medsrv/Makefile.am
new file mode 100644
index 000000000..7f5c8e2b3
--- /dev/null
+++ b/src/libcharon/plugins/medsrv/Makefile.am
@@ -0,0 +1,18 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-medsrv.la
+else
+plugin_LTLIBRARIES = libstrongswan-medsrv.la
+endif
+
+libstrongswan_medsrv_la_SOURCES = \
+ medsrv_plugin.h medsrv_plugin.c \
+ medsrv_creds.h medsrv_creds.c \
+ medsrv_config.h medsrv_config.c
+
+libstrongswan_medsrv_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index c72887889..a103a1340 100644
--- a/src/charon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/medsrv
+subdir = src/libcharon/plugins/medsrv
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_medsrv_la_LIBADD =
am_libstrongswan_medsrv_la_OBJECTS = medsrv_plugin.lo medsrv_creds.lo \
medsrv_config.lo
@@ -81,6 +81,9 @@ libstrongswan_medsrv_la_OBJECTS = \
libstrongswan_medsrv_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_medsrv_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_medsrv_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_medsrv_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,12 +257,16 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-medsrv.la
-libstrongswan_medsrv_la_SOURCES = medsrv_plugin.h medsrv_plugin.c \
- medsrv_creds.h medsrv_creds.c \
- medsrv_config.h medsrv_config.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-medsrv.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-medsrv.la
+libstrongswan_medsrv_la_SOURCES = \
+ medsrv_plugin.h medsrv_plugin.c \
+ medsrv_creds.h medsrv_creds.c \
+ medsrv_config.h medsrv_config.c
libstrongswan_medsrv_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -274,9 +282,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/medsrv/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/medsrv/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/medsrv/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/medsrv/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -295,6 +303,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +344,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-medsrv.la: $(libstrongswan_medsrv_la_OBJECTS) $(libstrongswan_medsrv_la_DEPENDENCIES)
- $(libstrongswan_medsrv_la_LINK) -rpath $(plugindir) $(libstrongswan_medsrv_la_OBJECTS) $(libstrongswan_medsrv_la_LIBADD) $(LIBS)
+ $(libstrongswan_medsrv_la_LINK) $(am_libstrongswan_medsrv_la_rpath) $(libstrongswan_medsrv_la_OBJECTS) $(libstrongswan_medsrv_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -482,8 +499,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -554,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c
index 3df720967..c23955ad0 100644
--- a/src/charon/plugins/medsrv/medsrv_config.c
+++ b/src/libcharon/plugins/medsrv/medsrv_config.c
@@ -145,7 +145,8 @@ medsrv_config_t *medsrv_config_create(database_t *db)
this->db = db;
this->rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200);
this->dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300);
- this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0");
+ this->ike = ike_cfg_create(FALSE, FALSE,
+ "0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT);
this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
return &this->public;
diff --git a/src/charon/plugins/medsrv/medsrv_config.h b/src/libcharon/plugins/medsrv/medsrv_config.h
index fc8b0e972..fc8b0e972 100644
--- a/src/charon/plugins/medsrv/medsrv_config.h
+++ b/src/libcharon/plugins/medsrv/medsrv_config.h
diff --git a/src/charon/plugins/medsrv/medsrv_creds.c b/src/libcharon/plugins/medsrv/medsrv_creds.c
index 8d1643908..8d1643908 100644
--- a/src/charon/plugins/medsrv/medsrv_creds.c
+++ b/src/libcharon/plugins/medsrv/medsrv_creds.c
diff --git a/src/charon/plugins/medsrv/medsrv_creds.h b/src/libcharon/plugins/medsrv/medsrv_creds.h
index d08adf3bf..d08adf3bf 100644
--- a/src/charon/plugins/medsrv/medsrv_creds.h
+++ b/src/libcharon/plugins/medsrv/medsrv_creds.h
diff --git a/src/charon/plugins/medsrv/medsrv_plugin.c b/src/libcharon/plugins/medsrv/medsrv_plugin.c
index 7c533f10e..262d26d6b 100644
--- a/src/charon/plugins/medsrv/medsrv_plugin.c
+++ b/src/libcharon/plugins/medsrv/medsrv_plugin.c
@@ -64,7 +64,7 @@ static void destroy(private_medsrv_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *medsrv_plugin_create()
{
char *uri;
private_medsrv_plugin_t *this = malloc_thing(private_medsrv_plugin_t);
diff --git a/src/charon/plugins/medsrv/medsrv_plugin.h b/src/libcharon/plugins/medsrv/medsrv_plugin.h
index 4b183994f..8736822ee 100644
--- a/src/charon/plugins/medsrv/medsrv_plugin.h
+++ b/src/libcharon/plugins/medsrv/medsrv_plugin.h
@@ -39,9 +39,4 @@ struct medsrv_plugin_t {
plugin_t plugin;
};
-/**
- * Create a medsrv_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** MEDSRV_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/nm/Makefile.am b/src/libcharon/plugins/nm/Makefile.am
new file mode 100644
index 000000000..8e12a72be
--- /dev/null
+++ b/src/libcharon/plugins/nm/Makefile.am
@@ -0,0 +1,21 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon ${nm_CFLAGS}
+
+AM_CFLAGS = -rdynamic \
+ -DNM_CA_DIR=\"${nm_ca_dir}\"
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-nm.la
+else
+plugin_LTLIBRARIES = libstrongswan-nm.la
+endif
+
+libstrongswan_nm_la_SOURCES = \
+ nm_plugin.h nm_plugin.c \
+ nm_service.h nm_service.c \
+ nm_creds.h nm_creds.c \
+ nm_handler.h nm_handler.c
+
+libstrongswan_nm_la_LDFLAGS = -module -avoid-version
+libstrongswan_nm_la_LIBADD = ${nm_LIBS}
diff --git a/src/charon/plugins/nm/Makefile.in b/src/libcharon/plugins/nm/Makefile.in
index 90a50cfae..c7f288f54 100644
--- a/src/charon/plugins/nm/Makefile.in
+++ b/src/libcharon/plugins/nm/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/nm
+subdir = src/libcharon/plugins/nm
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
am__DEPENDENCIES_1 =
libstrongswan_nm_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
am_libstrongswan_nm_la_OBJECTS = nm_plugin.lo nm_service.lo \
@@ -81,6 +81,8 @@ libstrongswan_nm_la_OBJECTS = $(am_libstrongswan_nm_la_OBJECTS)
libstrongswan_nm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_nm_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_nm_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_nm_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -219,6 +221,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,16 +256,19 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${nm_CFLAGS}
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon ${nm_CFLAGS}
+
AM_CFLAGS = -rdynamic \
-DNM_CA_DIR=\"${nm_ca_dir}\"
-plugin_LTLIBRARIES = libstrongswan-nm.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-nm.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-nm.la
libstrongswan_nm_la_SOURCES = \
- nm_plugin.h nm_plugin.c \
- nm_service.h nm_service.c \
- nm_creds.h nm_creds.c \
- nm_handler.h nm_handler.c
+ nm_plugin.h nm_plugin.c \
+ nm_service.h nm_service.c \
+ nm_creds.h nm_creds.c \
+ nm_handler.h nm_handler.c
libstrongswan_nm_la_LDFLAGS = -module -avoid-version
libstrongswan_nm_la_LIBADD = ${nm_LIBS}
@@ -279,9 +285,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/nm/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/nm/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/nm/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/nm/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -300,6 +306,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -332,7 +347,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-nm.la: $(libstrongswan_nm_la_OBJECTS) $(libstrongswan_nm_la_DEPENDENCIES)
- $(libstrongswan_nm_la_LINK) -rpath $(plugindir) $(libstrongswan_nm_la_OBJECTS) $(libstrongswan_nm_la_LIBADD) $(LIBS)
+ $(libstrongswan_nm_la_LINK) $(am_libstrongswan_nm_la_rpath) $(libstrongswan_nm_la_OBJECTS) $(libstrongswan_nm_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -488,8 +503,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -560,18 +575,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/nm/nm_creds.c b/src/libcharon/plugins/nm/nm_creds.c
index 193838e6b..193838e6b 100644
--- a/src/charon/plugins/nm/nm_creds.c
+++ b/src/libcharon/plugins/nm/nm_creds.c
diff --git a/src/charon/plugins/nm/nm_creds.h b/src/libcharon/plugins/nm/nm_creds.h
index b55cff31e..b55cff31e 100644
--- a/src/charon/plugins/nm/nm_creds.h
+++ b/src/libcharon/plugins/nm/nm_creds.h
diff --git a/src/charon/plugins/nm/nm_handler.c b/src/libcharon/plugins/nm/nm_handler.c
index eacb54dda..eacb54dda 100644
--- a/src/charon/plugins/nm/nm_handler.c
+++ b/src/libcharon/plugins/nm/nm_handler.c
diff --git a/src/charon/plugins/nm/nm_handler.h b/src/libcharon/plugins/nm/nm_handler.h
index bb35ce767..bb35ce767 100644
--- a/src/charon/plugins/nm/nm_handler.h
+++ b/src/libcharon/plugins/nm/nm_handler.h
diff --git a/src/charon/plugins/nm/nm_plugin.c b/src/libcharon/plugins/nm/nm_plugin.c
index daf2cc660..6087f6589 100644
--- a/src/charon/plugins/nm/nm_plugin.c
+++ b/src/libcharon/plugins/nm/nm_plugin.c
@@ -18,6 +18,7 @@
#include "nm_creds.h"
#include "nm_handler.h"
+#include <hydra.h>
#include <daemon.h>
#include <processing/jobs/callback_job.h>
@@ -84,7 +85,7 @@ static void destroy(private_nm_plugin_t *this)
g_object_unref(this->plugin);
}
charon->credentials->remove_set(charon->credentials, &this->creds->set);
- lib->attributes->remove_handler(lib->attributes, &this->handler->handler);
+ hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler);
this->creds->destroy(this->creds);
this->handler->destroy(this->handler);
free(this);
@@ -93,7 +94,7 @@ static void destroy(private_nm_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *nm_plugin_create()
{
private_nm_plugin_t *this = malloc_thing(private_nm_plugin_t);
@@ -108,7 +109,7 @@ plugin_t *plugin_create()
this->creds = nm_creds_create();
this->handler = nm_handler_create();
- lib->attributes->add_handler(lib->attributes, &this->handler->handler);
+ hydra->attributes->add_handler(hydra->attributes, &this->handler->handler);
charon->credentials->add_set(charon->credentials, &this->creds->set);
this->plugin = nm_strongswan_plugin_new(this->creds, this->handler);
if (!this->plugin)
diff --git a/src/charon/plugins/nm/nm_plugin.h b/src/libcharon/plugins/nm/nm_plugin.h
index 18d053e11..b64b3edf6 100644
--- a/src/charon/plugins/nm/nm_plugin.h
+++ b/src/libcharon/plugins/nm/nm_plugin.h
@@ -39,9 +39,4 @@ struct nm_plugin_t {
plugin_t plugin;
};
-/**
- * Create a nm_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** NM_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/nm/nm_service.c b/src/libcharon/plugins/nm/nm_service.c
index b05383c2b..cdf7dc962 100644
--- a/src/charon/plugins/nm/nm_service.c
+++ b/src/libcharon/plugins/nm/nm_service.c
@@ -423,7 +423,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
/**
* Set up configurations
*/
- ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address);
+ ike_cfg = ike_cfg_create(TRUE, encap,
+ "0.0.0.0", IKEV2_UDP_PORT, (char*)address, IKEV2_UDP_PORT);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create(priv->name, 2, ike_cfg,
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
diff --git a/src/charon/plugins/nm/nm_service.h b/src/libcharon/plugins/nm/nm_service.h
index b00000b6f..b00000b6f 100644
--- a/src/charon/plugins/nm/nm_service.h
+++ b/src/libcharon/plugins/nm/nm_service.h
diff --git a/src/charon/plugins/resolve/Makefile.am b/src/libcharon/plugins/resolve/Makefile.am
index 9d18b00b4..f8830d42e 100644
--- a/src/charon/plugins/resolve/Makefile.am
+++ b/src/libcharon/plugins/resolve/Makefile.am
@@ -1,13 +1,18 @@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
AM_CFLAGS = -rdynamic \
- -DRESOLV_CONF=\"${resolv_conf}\"
+ -DRESOLV_CONF=\"${resolv_conf}\"
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-resolve.la
+else
plugin_LTLIBRARIES = libstrongswan-resolve.la
-libstrongswan_resolve_la_SOURCES = \
- resolve_plugin.h resolve_plugin.c \
- resolve_handler.h resolve_handler.c
-libstrongswan_resolve_la_LDFLAGS = -module -avoid-version
+endif
+libstrongswan_resolve_la_SOURCES = \
+ resolve_plugin.h resolve_plugin.c \
+ resolve_handler.h resolve_handler.c
+libstrongswan_resolve_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in
index 478935752..92ee85539 100644
--- a/src/charon/plugins/resolve/Makefile.in
+++ b/src/libcharon/plugins/resolve/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/resolve
+subdir = src/libcharon/plugins/resolve
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_resolve_la_LIBADD =
am_libstrongswan_resolve_la_OBJECTS = resolve_plugin.lo \
resolve_handler.lo
@@ -81,6 +81,9 @@ libstrongswan_resolve_la_OBJECTS = \
libstrongswan_resolve_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_resolve_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_resolve_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_resolve_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,14 +257,17 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic \
- -DRESOLV_CONF=\"${resolv_conf}\"
+ -DRESOLV_CONF=\"${resolv_conf}\"
-plugin_LTLIBRARIES = libstrongswan-resolve.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-resolve.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-resolve.la
libstrongswan_resolve_la_SOURCES = \
- resolve_plugin.h resolve_plugin.c \
- resolve_handler.h resolve_handler.c
+ resolve_plugin.h resolve_plugin.c \
+ resolve_handler.h resolve_handler.c
libstrongswan_resolve_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -276,9 +283,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/resolve/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/resolve/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -297,6 +304,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -329,7 +345,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-resolve.la: $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_DEPENDENCIES)
- $(libstrongswan_resolve_la_LINK) -rpath $(plugindir) $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_LIBADD) $(LIBS)
+ $(libstrongswan_resolve_la_LINK) $(am_libstrongswan_resolve_la_rpath) $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -483,8 +499,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -555,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/resolve/resolve_handler.c b/src/libcharon/plugins/resolve/resolve_handler.c
index 714c751a6..714c751a6 100644
--- a/src/charon/plugins/resolve/resolve_handler.c
+++ b/src/libcharon/plugins/resolve/resolve_handler.c
diff --git a/src/charon/plugins/resolve/resolve_handler.h b/src/libcharon/plugins/resolve/resolve_handler.h
index 77bf9781c..77bf9781c 100644
--- a/src/charon/plugins/resolve/resolve_handler.h
+++ b/src/libcharon/plugins/resolve/resolve_handler.h
diff --git a/src/charon/plugins/resolve/resolve_plugin.c b/src/libcharon/plugins/resolve/resolve_plugin.c
index c564981ef..502129593 100644
--- a/src/charon/plugins/resolve/resolve_plugin.c
+++ b/src/libcharon/plugins/resolve/resolve_plugin.c
@@ -16,7 +16,7 @@
#include "resolve_plugin.h"
#include "resolve_handler.h"
-#include <daemon.h>
+#include <hydra.h>
typedef struct private_resolve_plugin_t private_resolve_plugin_t;
@@ -41,7 +41,7 @@ struct private_resolve_plugin_t {
*/
static void destroy(private_resolve_plugin_t *this)
{
- lib->attributes->remove_handler(lib->attributes, &this->handler->handler);
+ hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler);
this->handler->destroy(this->handler);
free(this);
}
@@ -49,13 +49,13 @@ static void destroy(private_resolve_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *resolve_plugin_create()
{
private_resolve_plugin_t *this = malloc_thing(private_resolve_plugin_t);
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
this->handler = resolve_handler_create();
- lib->attributes->add_handler(lib->attributes, &this->handler->handler);
+ hydra->attributes->add_handler(hydra->attributes, &this->handler->handler);
return &this->public.plugin;
}
diff --git a/src/charon/plugins/resolve/resolve_plugin.h b/src/libcharon/plugins/resolve/resolve_plugin.h
index d7e09f284..0148b10d7 100644
--- a/src/charon/plugins/resolve/resolve_plugin.h
+++ b/src/libcharon/plugins/resolve/resolve_plugin.h
@@ -39,9 +39,4 @@ struct resolve_plugin_t {
plugin_t plugin;
};
-/**
- * Create a resolve_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** RESOLVE_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/smp/Makefile.am b/src/libcharon/plugins/smp/Makefile.am
index a434b388b..f17235835 100644
--- a/src/charon/plugins/smp/Makefile.am
+++ b/src/libcharon/plugins/smp/Makefile.am
@@ -1,10 +1,17 @@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${xml_CFLAGS}
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon ${xml_CFLAGS}
AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-smp.la
+else
plugin_LTLIBRARIES = libstrongswan-smp.la
-libstrongswan_smp_la_SOURCES = smp.h smp.c
-libstrongswan_smp_la_LDFLAGS = -module -avoid-version
-libstrongswan_smp_la_LIBADD = ${xml_LIBS}
+endif
+
+libstrongswan_smp_la_SOURCES = \
+ smp.h smp.c
+libstrongswan_smp_la_LDFLAGS = -module -avoid-version
+libstrongswan_smp_la_LIBADD = ${xml_LIBS}
diff --git a/src/charon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index 7512cd2f7..b88283f38 100644
--- a/src/charon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/smp
+subdir = src/libcharon/plugins/smp
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
am__DEPENDENCIES_1 =
libstrongswan_smp_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
am_libstrongswan_smp_la_OBJECTS = smp.lo
@@ -80,6 +80,8 @@ libstrongswan_smp_la_OBJECTS = $(am_libstrongswan_smp_la_OBJECTS)
libstrongswan_smp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_smp_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_smp_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_smp_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -252,10 +255,15 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${xml_CFLAGS}
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon ${xml_CFLAGS}
+
AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
-plugin_LTLIBRARIES = libstrongswan-smp.la
-libstrongswan_smp_la_SOURCES = smp.h smp.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-smp.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-smp.la
+libstrongswan_smp_la_SOURCES = \
+ smp.h smp.c
+
libstrongswan_smp_la_LDFLAGS = -module -avoid-version
libstrongswan_smp_la_LIBADD = ${xml_LIBS}
all: all-am
@@ -271,9 +279,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/smp/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/smp/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/smp/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/smp/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -292,6 +300,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -324,7 +341,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-smp.la: $(libstrongswan_smp_la_OBJECTS) $(libstrongswan_smp_la_DEPENDENCIES)
- $(libstrongswan_smp_la_LINK) -rpath $(plugindir) $(libstrongswan_smp_la_OBJECTS) $(libstrongswan_smp_la_LIBADD) $(LIBS)
+ $(libstrongswan_smp_la_LINK) $(am_libstrongswan_smp_la_rpath) $(libstrongswan_smp_la_OBJECTS) $(libstrongswan_smp_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -477,8 +494,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -549,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c
index 21e682a0a..64820eb45 100644
--- a/src/charon/plugins/smp/smp.c
+++ b/src/libcharon/plugins/smp/smp.c
@@ -720,7 +720,7 @@ static void destroy(private_smp_t *this)
/*
* Described in header file
*/
-plugin_t *plugin_create()
+plugin_t *smp_plugin_create()
{
struct sockaddr_un unix_addr = { AF_UNIX, IPSEC_PIDDIR "/charon.xml"};
private_smp_t *this = malloc_thing(private_smp_t);
diff --git a/src/charon/plugins/smp/smp.h b/src/libcharon/plugins/smp/smp.h
index 5ec9f3bf8..74c85fb5f 100644
--- a/src/charon/plugins/smp/smp.h
+++ b/src/libcharon/plugins/smp/smp.h
@@ -42,9 +42,4 @@ struct smp_t {
plugin_t plugin;
};
-/**
- * Create a smp plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** XML_H_ @}*/
diff --git a/src/libcharon/plugins/socket_default/Makefile.am b/src/libcharon/plugins/socket_default/Makefile.am
new file mode 100644
index 000000000..635a1c548
--- /dev/null
+++ b/src/libcharon/plugins/socket_default/Makefile.am
@@ -0,0 +1,17 @@
+
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-socket-default.la
+else
+plugin_LTLIBRARIES = libstrongswan-socket-default.la
+endif
+
+libstrongswan_socket_default_la_SOURCES = \
+ socket_default_socket.h socket_default_socket.c \
+ socket_default_plugin.h socket_default_plugin.c
+
+libstrongswan_socket_default_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
new file mode 100644
index 000000000..03c438acd
--- /dev/null
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -0,0 +1,590 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/socket_default
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_socket_default_la_LIBADD =
+am_libstrongswan_socket_default_la_OBJECTS = socket_default_socket.lo \
+ socket_default_plugin.lo
+libstrongswan_socket_default_la_OBJECTS = \
+ $(am_libstrongswan_socket_default_la_OBJECTS)
+libstrongswan_socket_default_la_LINK = $(LIBTOOL) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_socket_default_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_socket_default_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_socket_default_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_socket_default_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_socket_default_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-socket-default.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-socket-default.la
+libstrongswan_socket_default_la_SOURCES = \
+ socket_default_socket.h socket_default_socket.c \
+ socket_default_plugin.h socket_default_plugin.c
+
+libstrongswan_socket_default_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_default/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libcharon/plugins/socket_default/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-socket-default.la: $(libstrongswan_socket_default_la_OBJECTS) $(libstrongswan_socket_default_la_DEPENDENCIES)
+ $(libstrongswan_socket_default_la_LINK) $(am_libstrongswan_socket_default_la_rpath) $(libstrongswan_socket_default_la_OBJECTS) $(libstrongswan_socket_default_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_default_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_default_socket.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/socket_default/socket_default_plugin.c b/src/libcharon/plugins/socket_default/socket_default_plugin.c
new file mode 100644
index 000000000..45390ddae
--- /dev/null
+++ b/src/libcharon/plugins/socket_default/socket_default_plugin.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "socket_default_plugin.h"
+
+#include "socket_default_socket.h"
+
+#include <daemon.h>
+
+typedef struct private_socket_default_plugin_t private_socket_default_plugin_t;
+
+/**
+ * Private data of socket plugin
+ */
+struct private_socket_default_plugin_t {
+
+ /**
+ * Implements plugin interface
+ */
+ socket_default_plugin_t public;
+
+ /**
+ * Socket instance.
+ */
+ socket_default_socket_t *socket;
+};
+
+METHOD(plugin_t, destroy, void,
+ private_socket_default_plugin_t *this)
+{
+ charon->socket->remove_socket(charon->socket, &this->socket->socket);
+ this->socket->destroy(this->socket);
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *socket_default_plugin_create()
+{
+ private_socket_default_plugin_t *this;
+
+ INIT(this,
+ .public.plugin.destroy = _destroy,
+ .socket = socket_default_socket_create(),
+ );
+
+ if (!this->socket)
+ {
+ free(this);
+ return NULL;
+ }
+ charon->socket->add_socket(charon->socket, &this->socket->socket);
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/socket_default/socket_default_plugin.h b/src/libcharon/plugins/socket_default/socket_default_plugin.h
new file mode 100644
index 000000000..6270d93ad
--- /dev/null
+++ b/src/libcharon/plugins/socket_default/socket_default_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_default socket_default
+ * @ingroup cplugins
+ *
+ * @defgroup socket_default_plugin socket_default_plugin
+ * @{ @ingroup socket_default
+ */
+
+#ifndef SOCKET_DEFAULT_PLUGIN_H_
+#define SOCKET_DEFAULT_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct socket_default_plugin_t socket_default_plugin_t;
+
+/**
+ * Default socket implementation plugin.
+ */
+struct socket_default_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** SOCKET_DEFAULT_PLUGIN_H_ @}*/
diff --git a/src/charon/network/socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index 81f860b15..bc998182e 100644
--- a/src/charon/network/socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2006-2009 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
- * Copyright (C) 2005-2007 Martin Willi
+ * Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -23,6 +23,8 @@
#define __EXTENSIONS__
#endif
+#include "socket_default_socket.h"
+
#include <sys/types.h>
#include <sys/socket.h>
#include <string.h>
@@ -40,11 +42,12 @@
#include <sys/sysctl.h>
#endif
-#include "socket.h"
-
#include <daemon.h>
#include <threading/thread.h>
+/* Maximum size of a packet */
+#define MAX_PACKET 5000
+
/* length of non-esp marker */
#define MARKER_LEN sizeof(u_int32_t)
@@ -82,16 +85,17 @@
static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
#endif
-typedef struct private_socket_t private_socket_t;
+typedef struct private_socket_default_socket_t private_socket_default_socket_t;
/**
* Private data of an socket_t object
*/
-struct private_socket_t {
+struct private_socket_default_socket_t {
+
/**
* public functions
*/
- socket_t public;
+ socket_default_socket_t public;
/**
* IPv4 socket (500)
@@ -114,10 +118,8 @@ struct private_socket_t {
int ipv6_natt;
};
-/**
- * implementation of socket_t.receive
- */
-static status_t receiver(private_socket_t *this, packet_t **packet)
+METHOD(socket_t, receiver, status_t,
+ private_socket_default_socket_t *this, packet_t **packet)
{
char buffer[MAX_PACKET];
chunk_t data;
@@ -304,10 +306,8 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
return SUCCESS;
}
-/**
- * implementation of socket_t.send
- */
-status_t sender(private_socket_t *this, packet_t *packet)
+METHOD(socket_t, sender, status_t,
+ private_socket_default_socket_t *this, packet_t *packet)
{
int sport, skt, family;
ssize_t bytes_sent;
@@ -446,7 +446,8 @@ status_t sender(private_socket_t *this, packet_t *packet)
/**
* open a socket to send and receive packets
*/
-static int open_socket(private_socket_t *this, int family, u_int16_t port)
+static int open_socket(private_socket_default_socket_t *this,
+ int family, u_int16_t port)
{
int on = TRUE;
struct sockaddr_storage addr;
@@ -520,6 +521,12 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port)
}
}
+ if (!charon->kernel_interface->bypass_socket(charon->kernel_interface,
+ skt, family))
+ {
+ DBG1(DBG_NET, "installing IKE bypass policy failed");
+ }
+
#ifndef __APPLE__
{
/* enable UDP decapsulation globally, only for one socket needed */
@@ -534,68 +541,8 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port)
return skt;
}
-/**
- * enumerator for underlying sockets
- */
-typedef struct {
- /** implements enumerator_t */
- enumerator_t public;
- /** sockets we enumerate */
- private_socket_t *socket;
- /** counter */
- int index;
-} socket_enumerator_t;
-
-/**
- * enumerate function for socket_enumerator_t
- */
-static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port)
-{
- static const struct {
- int fd_offset;
- int family;
- int port;
- } sockets[] = {
- { offsetof(private_socket_t, ipv4), AF_INET, IKEV2_UDP_PORT },
- { offsetof(private_socket_t, ipv6), AF_INET6, IKEV2_UDP_PORT },
- { offsetof(private_socket_t, ipv4_natt), AF_INET, IKEV2_NATT_PORT },
- { offsetof(private_socket_t, ipv6_natt), AF_INET6, IKEV2_NATT_PORT }
- };
-
- while(++this->index < countof(sockets))
- {
- int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset);
- if (!sock)
- {
- continue;
- }
- *fd = sock;
- *family = sockets[this->index].family;
- *port = sockets[this->index].port;
- return TRUE;
- }
- return FALSE;
-}
-
-/**
- * implementation of socket_t.create_enumerator
- */
-static enumerator_t *create_enumerator(private_socket_t *this)
-{
- socket_enumerator_t *enumerator;
-
- enumerator = malloc_thing(socket_enumerator_t);
- enumerator->index = -1;
- enumerator->socket = this;
- enumerator->public.enumerate = (void*)enumerate;
- enumerator->public.destroy = (void*)free;
- return &enumerator->public;
-}
-
-/**
- * implementation of socket_t.destroy
- */
-static void destroy(private_socket_t *this)
+METHOD(socket_default_socket_t, destroy, void,
+ private_socket_default_socket_t *this)
{
if (this->ipv4)
{
@@ -619,20 +566,19 @@ static void destroy(private_socket_t *this)
/*
* See header for description
*/
-socket_t *socket_create()
+socket_default_socket_t *socket_default_socket_create()
{
- private_socket_t *this = malloc_thing(private_socket_t);
-
- /* public functions */
- this->public.send = (status_t(*)(socket_t*, packet_t*))sender;
- this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver;
- this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator;
- this->public.destroy = (void(*)(socket_t*)) destroy;
-
- this->ipv4 = 0;
- this->ipv6 = 0;
- this->ipv4_natt = 0;
- this->ipv6_natt = 0;
+ private_socket_default_socket_t *this;
+
+ INIT(this,
+ .public = {
+ .socket = {
+ .send = _sender,
+ .receive = _receiver,
+ },
+ .destroy = _destroy,
+ },
+ );
#ifdef __APPLE__
{
@@ -678,8 +624,8 @@ socket_t *socket_create()
{
DBG1(DBG_NET, "could not create any sockets");
destroy(this);
- charon->kill(charon, "socket initialization failed");
+ return NULL;
}
- return (socket_t*)this;
+ return &this->public;
}
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.h b/src/libcharon/plugins/socket_default/socket_default_socket.h
new file mode 100644
index 000000000..755016662
--- /dev/null
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_default_socket socket_default_socket
+ * @{ @ingroup socket_default
+ */
+
+#ifndef SOCKET_DEFAULT_SOCKET_H_
+#define SOCKET_DEFAULT_SOCKET_H_
+
+typedef struct socket_default_socket_t socket_default_socket_t;
+
+#include <network/socket.h>
+
+/**
+ * Default socket, binds to port 500/4500 using any IPv4/IPv6 address.
+ */
+struct socket_default_socket_t {
+
+ /**
+ * Implements the socket_t interface.
+ */
+ socket_t socket;
+
+ /**
+ * Destroy a socket_default_socket_t.
+ */
+ void (*destroy)(socket_default_socket_t *this);
+};
+
+/**
+ * Create a socket_default_socket instance.
+ */
+socket_default_socket_t *socket_default_socket_create();
+
+#endif /** SOCKET_DEFAULT_SOCKET_H_ @}*/
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.am b/src/libcharon/plugins/socket_dynamic/Makefile.am
new file mode 100644
index 000000000..914945535
--- /dev/null
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.am
@@ -0,0 +1,17 @@
+
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-socket-dynamic.la
+else
+plugin_LTLIBRARIES = libstrongswan-socket-dynamic.la
+endif
+
+libstrongswan_socket_dynamic_la_SOURCES = \
+ socket_dynamic_plugin.h socket_dynamic_plugin.c \
+ socket_dynamic_socket.h socket_dynamic_socket.c
+
+libstrongswan_socket_dynamic_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
new file mode 100644
index 000000000..3a5fb3778
--- /dev/null
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -0,0 +1,590 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/socket_dynamic
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_socket_dynamic_la_LIBADD =
+am_libstrongswan_socket_dynamic_la_OBJECTS = socket_dynamic_plugin.lo \
+ socket_dynamic_socket.lo
+libstrongswan_socket_dynamic_la_OBJECTS = \
+ $(am_libstrongswan_socket_dynamic_la_OBJECTS)
+libstrongswan_socket_dynamic_la_LINK = $(LIBTOOL) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_socket_dynamic_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_socket_dynamic_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_socket_dynamic_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_socket_dynamic_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_socket_dynamic_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-socket-dynamic.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-socket-dynamic.la
+libstrongswan_socket_dynamic_la_SOURCES = \
+ socket_dynamic_plugin.h socket_dynamic_plugin.c \
+ socket_dynamic_socket.h socket_dynamic_socket.c
+
+libstrongswan_socket_dynamic_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_dynamic/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libcharon/plugins/socket_dynamic/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-socket-dynamic.la: $(libstrongswan_socket_dynamic_la_OBJECTS) $(libstrongswan_socket_dynamic_la_DEPENDENCIES)
+ $(libstrongswan_socket_dynamic_la_LINK) $(am_libstrongswan_socket_dynamic_la_rpath) $(libstrongswan_socket_dynamic_la_OBJECTS) $(libstrongswan_socket_dynamic_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_dynamic_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_dynamic_socket.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c
new file mode 100644
index 000000000..3410fc7a4
--- /dev/null
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "socket_dynamic_plugin.h"
+
+#include "socket_dynamic_socket.h"
+
+#include <daemon.h>
+
+typedef struct private_socket_dynamic_plugin_t private_socket_dynamic_plugin_t;
+
+/**
+ * Private data of socket plugin
+ */
+struct private_socket_dynamic_plugin_t {
+
+ /**
+ * Implements plugin interface
+ */
+ socket_dynamic_plugin_t public;
+
+ /**
+ * Socket instance.
+ */
+ socket_dynamic_socket_t *socket;
+};
+
+METHOD(plugin_t, destroy, void,
+ private_socket_dynamic_plugin_t *this)
+{
+ charon->socket->remove_socket(charon->socket, &this->socket->socket);
+ this->socket->destroy(this->socket);
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *socket_dynamic_plugin_create()
+{
+ private_socket_dynamic_plugin_t *this;
+
+ INIT(this,
+ .public.plugin.destroy = _destroy,
+ .socket = socket_dynamic_socket_create(),
+ );
+
+ if (!this->socket)
+ {
+ free(this);
+ return NULL;
+ }
+ charon->socket->add_socket(charon->socket, &this->socket->socket);
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.h b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.h
new file mode 100644
index 000000000..8d870795f
--- /dev/null
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_dynamic socket_dynamic
+ * @ingroup cplugins
+ *
+ * @defgroup socket_dynamic_plugin socket_dynamic_plugin
+ * @{ @ingroup socket_dynamic
+ */
+
+#ifndef SOCKET_DYNAMIC_PLUGIN_H_
+#define SOCKET_DYNAMIC_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct socket_dynamic_plugin_t socket_dynamic_plugin_t;
+
+/**
+ * Plugin providing a socket that binds ports dynamically.
+ */
+struct socket_dynamic_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** SOCKET_DYNAMIC_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
new file mode 100644
index 000000000..a7db59ce5
--- /dev/null
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
@@ -0,0 +1,620 @@
+/*
+ * Copyright (C) 2006-2009 Tobias Brunner
+ * Copyright (C) 2006 Daniel Roethlisberger
+ * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/* for struct in6_pktinfo */
+#define _GNU_SOURCE
+
+#include "socket_dynamic_socket.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <sys/ioctl.h>
+#include <netinet/in_systm.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/udp.h>
+#include <net/if.h>
+
+#include <daemon.h>
+#include <threading/thread.h>
+#include <threading/rwlock.h>
+#include <utils/hashtable.h>
+
+/* Maximum size of a packet */
+#define MAX_PACKET 5000
+
+/* length of non-esp marker */
+#define MARKER_LEN sizeof(u_int32_t)
+
+/* from linux/udp.h */
+#ifndef UDP_ENCAP
+#define UDP_ENCAP 100
+#endif /*UDP_ENCAP*/
+
+#ifndef UDP_ENCAP_ESPINUDP
+#define UDP_ENCAP_ESPINUDP 2
+#endif /*UDP_ENCAP_ESPINUDP*/
+
+/* these are not defined on some platforms */
+#ifndef SOL_IP
+#define SOL_IP IPPROTO_IP
+#endif
+#ifndef SOL_IPV6
+#define SOL_IPV6 IPPROTO_IPV6
+#endif
+#ifndef SOL_UDP
+#define SOL_UDP IPPROTO_UDP
+#endif
+
+/* IPV6_RECVPKTINFO is defined in RFC 3542 which obsoletes RFC 2292 that
+ * previously defined IPV6_PKTINFO */
+#ifndef IPV6_RECVPKTINFO
+#define IPV6_RECVPKTINFO IPV6_PKTINFO
+#endif
+
+typedef struct private_socket_dynamic_socket_t private_socket_dynamic_socket_t;
+typedef struct dynsock_t dynsock_t;
+
+/**
+ * Private data of an socket_t object
+ */
+struct private_socket_dynamic_socket_t {
+
+ /**
+ * public functions
+ */
+ socket_dynamic_socket_t public;
+
+ /**
+ * Hashtable of bound sockets
+ */
+ hashtable_t *sockets;
+
+ /**
+ * Lock for sockets hashtable
+ */
+ rwlock_t *lock;
+
+ /**
+ * Notification pipe to signal receiver
+ */
+ int notify[2];
+};
+
+/**
+ * Struct for a dynamically allocated socket
+ */
+struct dynsock_t {
+
+ /**
+ * File descriptor of socket
+ */
+ int fd;
+
+ /**
+ * Address family
+ */
+ int family;
+
+ /**
+ * Bound source port
+ */
+ u_int16_t port;
+};
+
+/**
+ * Hash function for hashtable
+ */
+static u_int hash(dynsock_t *key)
+{
+ return (key->family << 16) | key->port;
+}
+
+/**
+ * Equals function for hashtable
+ */
+static bool equals(dynsock_t *a, dynsock_t *b)
+{
+ return a->family == b->family && a->port == b->port;
+}
+
+/**
+ * Create a fd_set from all bound sockets
+ */
+static int build_fds(private_socket_dynamic_socket_t *this, fd_set *fds)
+{
+ enumerator_t *enumerator;
+ dynsock_t *key, *value;
+ int maxfd;
+
+ FD_ZERO(fds);
+ FD_SET(this->notify[0], fds);
+ maxfd = this->notify[0];
+
+ this->lock->read_lock(this->lock);
+ enumerator = this->sockets->create_enumerator(this->sockets);
+ while (enumerator->enumerate(enumerator, &key, &value))
+ {
+ FD_SET(value->fd, fds);
+ maxfd = max(maxfd, value->fd);
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+
+ return maxfd + 1;
+}
+
+/**
+ * Find the socket select()ed
+ */
+static dynsock_t* scan_fds(private_socket_dynamic_socket_t *this, fd_set *fds)
+{
+ enumerator_t *enumerator;
+ dynsock_t *key, *value, *selected = NULL;
+
+ this->lock->read_lock(this->lock);
+ enumerator = this->sockets->create_enumerator(this->sockets);
+ while (enumerator->enumerate(enumerator, &key, &value))
+ {
+ if (FD_ISSET(value->fd, fds))
+ {
+ selected = value;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+
+ return selected;
+}
+
+/**
+ * Receive a packet from a given socket fd
+ */
+static packet_t *receive_packet(private_socket_dynamic_socket_t *this,
+ dynsock_t *skt)
+{
+ host_t *source = NULL, *dest = NULL;
+ ssize_t len;
+ char buffer[MAX_PACKET];
+ chunk_t data;
+ packet_t *packet;
+ struct msghdr msg;
+ struct cmsghdr *cmsgptr;
+ struct iovec iov;
+ char ancillary[64];
+ union {
+ struct sockaddr_in in4;
+ struct sockaddr_in6 in6;
+ } src;
+
+ msg.msg_name = &src;
+ msg.msg_namelen = sizeof(src);
+ iov.iov_base = buffer;
+ iov.iov_len = sizeof(buffer);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_control = ancillary;
+ msg.msg_controllen = sizeof(ancillary);
+ msg.msg_flags = 0;
+ len = recvmsg(skt->fd, &msg, 0);
+ if (len < 0)
+ {
+ DBG1(DBG_NET, "error reading socket: %s", strerror(errno));
+ return NULL;
+ }
+ DBG3(DBG_NET, "received packet %b", buffer, len);
+
+ if (len < MARKER_LEN)
+ {
+ DBG3(DBG_NET, "received packet too short (%d bytes)", len);
+ return NULL;
+ }
+
+ /* read ancillary data to get destination address */
+ for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL;
+ cmsgptr = CMSG_NXTHDR(&msg, cmsgptr))
+ {
+ if (cmsgptr->cmsg_len == 0)
+ {
+ DBG1(DBG_NET, "error reading ancillary data");
+ return NULL;
+ }
+
+ if (cmsgptr->cmsg_level == SOL_IPV6 &&
+ cmsgptr->cmsg_type == IPV6_PKTINFO)
+ {
+ struct in6_pktinfo *pktinfo;
+ struct sockaddr_in6 dst;
+
+ pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
+ memset(&dst, 0, sizeof(dst));
+ memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
+ dst.sin6_family = AF_INET6;
+ dst.sin6_port = htons(skt->port);
+ dest = host_create_from_sockaddr((sockaddr_t*)&dst);
+ }
+ if (cmsgptr->cmsg_level == SOL_IP &&
+ cmsgptr->cmsg_type == IP_PKTINFO)
+ {
+ struct in_pktinfo *pktinfo;
+ struct sockaddr_in dst;
+
+ pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr);
+ memset(&dst, 0, sizeof(dst));
+ memcpy(&dst.sin_addr, &pktinfo->ipi_addr, sizeof(dst.sin_addr));
+
+ dst.sin_family = AF_INET;
+ dst.sin_port = htons(skt->port);
+ dest = host_create_from_sockaddr((sockaddr_t*)&dst);
+ }
+ if (dest)
+ {
+ break;
+ }
+ }
+ if (dest == NULL)
+ {
+ DBG1(DBG_NET, "error reading IP header");
+ return NULL;
+ }
+ source = host_create_from_sockaddr((sockaddr_t*)&src);
+ DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
+ data = chunk_create(buffer, len);
+
+ packet = packet_create();
+ packet->set_source(packet, source);
+ packet->set_destination(packet, dest);
+ /* we assume a non-ESP marker if none of the ports is on 500 */
+ if (dest->get_port(dest) != IKEV2_UDP_PORT &&
+ source->get_port(source) != IKEV2_UDP_PORT)
+ {
+ data = chunk_skip(data, MARKER_LEN);
+ }
+ packet->set_data(packet, chunk_clone(data));
+ return packet;
+}
+
+METHOD(socket_t, receiver, status_t,
+ private_socket_dynamic_socket_t *this, packet_t **packet)
+{
+ dynsock_t *selected;
+ packet_t *pkt;
+ bool oldstate;
+ fd_set fds;
+ int maxfd;
+
+ while (TRUE)
+ {
+ maxfd = build_fds(this, &fds);
+
+ DBG2(DBG_NET, "waiting for data on sockets");
+ oldstate = thread_cancelability(TRUE);
+ if (select(maxfd, &fds, NULL, NULL, NULL) <= 0)
+ {
+ thread_cancelability(oldstate);
+ return FAILED;
+ }
+ thread_cancelability(oldstate);
+
+ if (FD_ISSET(this->notify[0], &fds))
+ { /* got notified, read garbage, rebuild fdset */
+ char buf[1];
+
+ ignore_result(read(this->notify[0], buf, sizeof(buf)));
+ DBG2(DBG_NET, "rebuilding fdset due to newly bound ports");
+ continue;
+ }
+ selected = scan_fds(this, &fds);
+ if (selected)
+ {
+ break;
+ }
+ }
+ pkt = receive_packet(this, selected);
+ if (pkt)
+ {
+ *packet = pkt;
+ return SUCCESS;
+ }
+ return FAILED;
+}
+
+/**
+ * open a socket to send and receive packets
+ */
+static int open_socket(private_socket_dynamic_socket_t *this,
+ int family, u_int16_t port)
+{
+ int on = TRUE, type = UDP_ENCAP_ESPINUDP;
+ struct sockaddr_storage addr;
+ socklen_t addrlen;
+ u_int sol, pktinfo = 0;
+ int fd;
+
+ memset(&addr, 0, sizeof(addr));
+ /* precalculate constants depending on address family */
+ switch (family)
+ {
+ case AF_INET:
+ {
+ struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
+ sin->sin_family = AF_INET;
+ sin->sin_addr.s_addr = INADDR_ANY;
+ sin->sin_port = htons(port);
+ addrlen = sizeof(struct sockaddr_in);
+ sol = SOL_IP;
+ pktinfo = IP_PKTINFO;
+ break;
+ }
+ case AF_INET6:
+ {
+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
+ sin6->sin6_family = AF_INET6;
+ memset(&sin6->sin6_addr, 0, sizeof(sin6->sin6_addr));
+ sin6->sin6_port = htons(port);
+ addrlen = sizeof(struct sockaddr_in6);
+ sol = SOL_IPV6;
+ pktinfo = IPV6_RECVPKTINFO;
+ break;
+ }
+ default:
+ return 0;
+ }
+
+ fd = socket(family, SOCK_DGRAM, IPPROTO_UDP);
+ if (fd < 0)
+ {
+ DBG1(DBG_NET, "could not open socket: %s", strerror(errno));
+ return 0;
+ }
+ if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
+ {
+ DBG1(DBG_NET, "unable to set SO_REUSEADDR on socket: %s", strerror(errno));
+ close(fd);
+ return 0;
+ }
+
+ /* bind the socket */
+ if (bind(fd, (struct sockaddr *)&addr, addrlen) < 0)
+ {
+ DBG1(DBG_NET, "unable to bind socket: %s", strerror(errno));
+ close(fd);
+ return 0;
+ }
+
+ /* get additional packet info on receive */
+ if (setsockopt(fd, sol, pktinfo, &on, sizeof(on)) < 0)
+ {
+ DBG1(DBG_NET, "unable to set IP_PKTINFO on socket: %s", strerror(errno));
+ close(fd);
+ return 0;
+ }
+
+ if (!charon->kernel_interface->bypass_socket(charon->kernel_interface,
+ fd, family))
+ {
+ DBG1(DBG_NET, "installing IKE bypass policy failed");
+ }
+
+ /* enable UDP decapsulation on each socket */
+ if (setsockopt(fd, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
+ {
+ DBG1(DBG_NET, "unable to set UDP_ENCAP: %s", strerror(errno));
+ }
+ return fd;
+}
+
+/**
+ * Find/Create a socket to send from host
+ */
+static dynsock_t *find_socket(private_socket_dynamic_socket_t *this,
+ int family, u_int16_t port)
+{
+ dynsock_t *skt, lookup = {
+ .family = family,
+ .port = port,
+ };
+ char buf[] = {0x01};
+ int fd;
+
+ this->lock->read_lock(this->lock);
+ skt = this->sockets->get(this->sockets, &lookup);
+ this->lock->unlock(this->lock);
+ if (skt)
+ {
+ return skt;
+ }
+ fd = open_socket(this, family, port);
+ if (!fd)
+ {
+ return NULL;
+ }
+ INIT(skt,
+ .family = family,
+ .port = port,
+ .fd = fd,
+ );
+ this->lock->write_lock(this->lock);
+ this->sockets->put(this->sockets, skt, skt);
+ this->lock->unlock(this->lock);
+ /* notify receiver thread to reread socket list */
+ ignore_result(write(this->notify[1], buf, sizeof(buf)));
+
+ return skt;
+}
+
+METHOD(socket_t, sender, status_t,
+ private_socket_dynamic_socket_t *this, packet_t *packet)
+{
+ dynsock_t *skt;
+ host_t *src, *dst;
+ int port, family;
+ ssize_t len;
+ chunk_t data, marked;
+ struct msghdr msg;
+ struct cmsghdr *cmsg;
+ struct iovec iov;
+
+ src = packet->get_source(packet);
+ dst = packet->get_destination(packet);
+ family = src->get_family(src);
+ port = src->get_port(src);
+ skt = find_socket(this, family, port);
+ if (!skt)
+ {
+ return FAILED;
+ }
+
+ data = packet->get_data(packet);
+ DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
+
+ /* use non-ESP marker if none of the ports is 500, not for keep alives */
+ if (port != IKEV2_UDP_PORT && dst->get_port(dst) != IKEV2_UDP_PORT &&
+ !(data.len == 1 && data.ptr[0] == 0xFF))
+ {
+ /* add non esp marker to packet */
+ if (data.len > MAX_PACKET - MARKER_LEN)
+ {
+ DBG1(DBG_NET, "unable to send packet: it's too big (%d bytes)",
+ data.len);
+ return FAILED;
+ }
+ marked = chunk_alloc(data.len + MARKER_LEN);
+ memset(marked.ptr, 0, MARKER_LEN);
+ memcpy(marked.ptr + MARKER_LEN, data.ptr, data.len);
+ /* let the packet do the clean up for us */
+ packet->set_data(packet, marked);
+ data = marked;
+ }
+
+ memset(&msg, 0, sizeof(struct msghdr));
+ msg.msg_name = dst->get_sockaddr(dst);;
+ msg.msg_namelen = *dst->get_sockaddr_len(dst);
+ iov.iov_base = data.ptr;
+ iov.iov_len = data.len;
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_flags = 0;
+
+ if (!src->is_anyaddr(src))
+ {
+ if (family == AF_INET)
+ {
+ struct in_addr *addr;
+ struct sockaddr_in *sin;
+ char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
+ struct in_pktinfo *pktinfo;
+
+ msg.msg_control = buf;
+ msg.msg_controllen = sizeof(buf);
+ cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg->cmsg_level = SOL_IP;
+ cmsg->cmsg_type = IP_PKTINFO;
+ cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
+ pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
+ memset(pktinfo, 0, sizeof(struct in_pktinfo));
+ addr = &pktinfo->ipi_spec_dst;
+ sin = (struct sockaddr_in*)src->get_sockaddr(src);
+ memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
+ }
+ else
+ {
+ char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
+ struct in6_pktinfo *pktinfo;
+ struct sockaddr_in6 *sin;
+
+ msg.msg_control = buf;
+ msg.msg_controllen = sizeof(buf);
+ cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg->cmsg_level = SOL_IPV6;
+ cmsg->cmsg_type = IPV6_PKTINFO;
+ cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
+ pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
+ memset(pktinfo, 0, sizeof(struct in6_pktinfo));
+ sin = (struct sockaddr_in6*)src->get_sockaddr(src);
+ memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
+ }
+ }
+
+ len = sendmsg(skt->fd, &msg, 0);
+ if (len != data.len)
+ {
+ DBG1(DBG_NET, "error writing to socket: %s", strerror(errno));
+ return FAILED;
+ }
+ return SUCCESS;
+}
+
+METHOD(socket_dynamic_socket_t, destroy, void,
+ private_socket_dynamic_socket_t *this)
+{
+ enumerator_t *enumerator;
+ dynsock_t *key, *value;
+
+ enumerator = this->sockets->create_enumerator(this->sockets);
+ while (enumerator->enumerate(enumerator, &key, &value))
+ {
+ close(value->fd);
+ free(value);
+ }
+ enumerator->destroy(enumerator);
+ this->sockets->destroy(this->sockets);
+ this->lock->destroy(this->lock);
+
+ close(this->notify[0]);
+ close(this->notify[1]);
+ free(this);
+}
+
+/*
+ * See header for description
+ */
+socket_dynamic_socket_t *socket_dynamic_socket_create()
+{
+ private_socket_dynamic_socket_t *this;
+
+ INIT(this,
+ .public = {
+ .socket = {
+ .send = _sender,
+ .receive = _receiver,
+ },
+ .destroy = _destroy,
+ },
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
+
+ if (pipe(this->notify) != 0)
+ {
+ DBG1(DBG_NET, "creating notify pipe for dynamic socket failed");
+ free(this);
+ return NULL;
+ }
+
+ this->sockets = hashtable_create((void*)hash, (void*)equals, 8);
+
+ return &this->public;
+}
+
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.h b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.h
new file mode 100644
index 000000000..72551e545
--- /dev/null
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_dynamic_socket socket_dynamic_socket
+ * @{ @ingroup socket_dynamic
+ */
+
+#ifndef SOCKET_DYNAMIC_SOCKET_H_
+#define SOCKET_DYNAMIC_SOCKET_H_
+
+typedef struct socket_dynamic_socket_t socket_dynamic_socket_t;
+
+#include <network/socket.h>
+
+/**
+ * A socket implementation binding to ports on demand as required.
+ */
+struct socket_dynamic_socket_t {
+
+ /**
+ * Implements the socket_t interface.
+ */
+ socket_t socket;
+
+ /**
+ * Destroy a socket_dynamic_socket_t.
+ */
+ void (*destroy)(socket_dynamic_socket_t *this);
+};
+
+/**
+ * Create a socket_dynamic_socket instance.
+ */
+socket_dynamic_socket_t *socket_dynamic_socket_create();
+
+#endif /** SOCKET_DYNAMIC_SOCKET_H_ @}*/
diff --git a/src/libcharon/plugins/socket_raw/Makefile.am b/src/libcharon/plugins/socket_raw/Makefile.am
new file mode 100644
index 000000000..2109ae5f3
--- /dev/null
+++ b/src/libcharon/plugins/socket_raw/Makefile.am
@@ -0,0 +1,17 @@
+
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-socket-raw.la
+else
+plugin_LTLIBRARIES = libstrongswan-socket-raw.la
+endif
+
+libstrongswan_socket_raw_la_SOURCES = \
+ socket_raw_plugin.h socket_raw_plugin.c \
+ socket_raw_socket.h socket_raw_socket.c
+
+libstrongswan_socket_raw_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/socket_raw/Makefile.in b/src/libcharon/plugins/socket_raw/Makefile.in
new file mode 100644
index 000000000..65ad6a7a9
--- /dev/null
+++ b/src/libcharon/plugins/socket_raw/Makefile.in
@@ -0,0 +1,590 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/socket_raw
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_socket_raw_la_LIBADD =
+am_libstrongswan_socket_raw_la_OBJECTS = socket_raw_plugin.lo \
+ socket_raw_socket.lo
+libstrongswan_socket_raw_la_OBJECTS = \
+ $(am_libstrongswan_socket_raw_la_OBJECTS)
+libstrongswan_socket_raw_la_LINK = $(LIBTOOL) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_socket_raw_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_socket_raw_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_socket_raw_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_socket_raw_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_socket_raw_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-socket-raw.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-socket-raw.la
+libstrongswan_socket_raw_la_SOURCES = \
+ socket_raw_plugin.h socket_raw_plugin.c \
+ socket_raw_socket.h socket_raw_socket.c
+
+libstrongswan_socket_raw_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_raw/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libcharon/plugins/socket_raw/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-socket-raw.la: $(libstrongswan_socket_raw_la_OBJECTS) $(libstrongswan_socket_raw_la_DEPENDENCIES)
+ $(libstrongswan_socket_raw_la_LINK) $(am_libstrongswan_socket_raw_la_rpath) $(libstrongswan_socket_raw_la_OBJECTS) $(libstrongswan_socket_raw_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_raw_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_raw_socket.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/socket_raw/socket_raw_plugin.c b/src/libcharon/plugins/socket_raw/socket_raw_plugin.c
new file mode 100644
index 000000000..5b011abcf
--- /dev/null
+++ b/src/libcharon/plugins/socket_raw/socket_raw_plugin.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "socket_raw_plugin.h"
+
+#include "socket_raw_socket.h"
+
+#include <daemon.h>
+
+typedef struct private_socket_raw_plugin_t private_socket_raw_plugin_t;
+
+/**
+ * Private data of socket plugin
+ */
+struct private_socket_raw_plugin_t {
+
+ /**
+ * Implements plugin interface
+ */
+ socket_raw_plugin_t public;
+
+ /**
+ * Raw socket instance.
+ */
+ socket_raw_socket_t *socket;
+};
+
+METHOD(plugin_t, destroy, void,
+ private_socket_raw_plugin_t *this)
+{
+ charon->socket->remove_socket(charon->socket, &this->socket->socket);
+ this->socket->destroy(this->socket);
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *socket_raw_plugin_create()
+{
+ private_socket_raw_plugin_t *this;
+
+ INIT(this,
+ .public.plugin.destroy = _destroy,
+ .socket = socket_raw_socket_create(),
+ );
+
+ if (!this->socket)
+ {
+ free(this);
+ return NULL;
+ }
+ charon->socket->add_socket(charon->socket, &this->socket->socket);
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/socket_raw/socket_raw_plugin.h b/src/libcharon/plugins/socket_raw/socket_raw_plugin.h
new file mode 100644
index 000000000..a692b7594
--- /dev/null
+++ b/src/libcharon/plugins/socket_raw/socket_raw_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_raw socket_raw
+ * @ingroup cplugins
+ *
+ * @defgroup socket_raw_plugin socket_raw_plugin
+ * @{ @ingroup socket_raw
+ */
+
+#ifndef SOCKET_RAW_PLUGIN_H_
+#define SOCKET_RAW_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct socket_raw_plugin_t socket_raw_plugin_t;
+
+/**
+ * RAW socket implementation plugin.
+ */
+struct socket_raw_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** SOCKET_RAW_PLUGIN_H_ @}*/
diff --git a/src/charon/network/socket-raw.c b/src/libcharon/plugins/socket_raw/socket_raw_socket.c
index 6cc0463b2..e0155fa87 100644
--- a/src/charon/network/socket-raw.c
+++ b/src/libcharon/plugins/socket_raw/socket_raw_socket.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
- * Copyright (C) 2005-2008 Martin Willi
+ * Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -18,6 +18,8 @@
/* for struct in6_pktinfo */
#define _GNU_SOURCE
+#include "socket_raw_socket.h"
+
#include <sys/types.h>
#include <sys/socket.h>
#include <string.h>
@@ -34,11 +36,12 @@
#include <linux/filter.h>
#include <net/if.h>
-#include "socket.h"
-
#include <daemon.h>
#include <threading/thread.h>
+/* Maximum size of a packet */
+#define MAX_PACKET 5000
+
/* constants for packet handling */
#define IP_LEN sizeof(struct iphdr)
#define IP6_LEN sizeof(struct ip6_hdr)
@@ -65,62 +68,61 @@
#define IPV6_2292PKTINFO 2
#endif /*IPV6_2292PKTINFO*/
-typedef struct private_socket_t private_socket_t;
+typedef struct private_socket_raw_socket_t private_socket_raw_socket_t;
/**
* Private data of an socket_t object
*/
-struct private_socket_t{
+struct private_socket_raw_socket_t {
+
/**
* public functions
*/
- socket_t public;
-
- /**
- * regular port
- */
- int port;
-
- /**
- * port used for nat-t
- */
- int natt_port;
-
- /**
- * raw receiver socket for IPv4
- */
- int recv4;
-
- /**
- * raw receiver socket for IPv6
- */
- int recv6;
-
- /**
- * send socket on regular port for IPv4
- */
- int send4;
-
- /**
- * send socket on regular port for IPv6
- */
- int send6;
-
- /**
- * send socket on nat-t port for IPv4
- */
- int send4_natt;
-
- /**
- * send socket on nat-t port for IPv6
- */
- int send6_natt;
+ socket_raw_socket_t public;
+
+ /**
+ * regular port
+ */
+ int port;
+
+ /**
+ * port used for nat-t
+ */
+ int natt_port;
+
+ /**
+ * raw receiver socket for IPv4
+ */
+ int recv4;
+
+ /**
+ * raw receiver socket for IPv6
+ */
+ int recv6;
+
+ /**
+ * send socket on regular port for IPv4
+ */
+ int send4;
+
+ /**
+ * send socket on regular port for IPv6
+ */
+ int send6;
+
+ /**
+ * send socket on nat-t port for IPv4
+ */
+ int send4_natt;
+
+ /**
+ * send socket on nat-t port for IPv6
+ */
+ int send6_natt;
};
-/**
- * implementation of socket_t.receive
- */
-static status_t receiver(private_socket_t *this, packet_t **packet)
+METHOD(socket_t, receiver, status_t,
+ private_socket_raw_socket_t *this, packet_t **packet)
{
char buffer[MAX_PACKET];
chunk_t data;
@@ -296,10 +298,8 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
return SUCCESS;
}
-/**
- * implementation of socket_t.send
- */
-status_t sender(private_socket_t *this, packet_t *packet)
+METHOD(socket_t, sender, status_t,
+ private_socket_raw_socket_t *this, packet_t *packet)
{
int sport, skt, family;
ssize_t bytes_sent;
@@ -423,7 +423,8 @@ status_t sender(private_socket_t *this, packet_t *packet)
/**
* open a socket to send packets
*/
-static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
+static int open_send_socket(private_socket_raw_socket_t *this,
+ int family, u_int16_t port)
{
int on = TRUE;
int type = UDP_ENCAP_ESPINUDP;
@@ -491,13 +492,19 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
}
}
+ if (!charon->kernel_interface->bypass_socket(charon->kernel_interface,
+ skt, family))
+ {
+ DBG1(DBG_NET, "installing bypass policy on send socket failed");
+ }
+
return skt;
}
/**
* open a socket to receive packets
*/
-static int open_recv_socket(private_socket_t *this, int family)
+static int open_recv_socket(private_socket_raw_socket_t *this, int family)
{
int skt;
int on = TRUE;
@@ -589,73 +596,17 @@ static int open_recv_socket(private_socket_t *this, int family)
return 0;
}
- return skt;
-}
-
-/**
- * enumerator for underlying sockets
- */
-typedef struct {
- /** implements enumerator_t */
- enumerator_t public;
- /** sockets we enumerate */
- private_socket_t *socket;
- /** counter */
- int index;
-} socket_enumerator_t;
-
-/**
- * enumerate function for socket_enumerator_t
- */
-static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port)
-{
- static const struct {
- int fd_offset;
- int family;
- int port;
- } sockets[] = {
- { offsetof(private_socket_t, recv4), AF_INET, IKEV2_UDP_PORT },
- { offsetof(private_socket_t, recv6), AF_INET6, IKEV2_UDP_PORT },
- { offsetof(private_socket_t, send4), AF_INET, IKEV2_UDP_PORT },
- { offsetof(private_socket_t, send6), AF_INET6, IKEV2_UDP_PORT },
- { offsetof(private_socket_t, send4_natt), AF_INET, IKEV2_NATT_PORT },
- { offsetof(private_socket_t, send6_natt), AF_INET6, IKEV2_NATT_PORT }
- };
-
- while(++this->index < countof(sockets))
+ if (!charon->kernel_interface->bypass_socket(charon->kernel_interface,
+ skt, family))
{
- int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset);
- if (!sock)
- {
- continue;
- }
- *fd = sock;
- *family = sockets[this->index].family;
- *port = sockets[this->index].port;
- return TRUE;
+ DBG1(DBG_NET, "installing bypass policy on receive socket failed");
}
- return FALSE;
-}
-/**
- * implementation of socket_t.create_enumerator
- */
-static enumerator_t *create_enumerator(private_socket_t *this)
-{
- socket_enumerator_t *enumerator;
-
- enumerator = malloc_thing(socket_enumerator_t);
- enumerator->index = -1;
- enumerator->socket = this;
- enumerator->public.enumerate = (void*)enumerate;
- enumerator->public.destroy = (void*)free;
- return &enumerator->public;
+ return skt;
}
-/**
- * implementation of socket_t.destroy
- */
-static void destroy(private_socket_t *this)
+METHOD(socket_raw_socket_t, destroy, void,
+ private_socket_raw_socket_t *this)
{
if (this->recv4)
{
@@ -687,22 +638,19 @@ static void destroy(private_socket_t *this)
/*
* See header for description
*/
-socket_t *socket_create()
+socket_raw_socket_t *socket_raw_socket_create()
{
- private_socket_t *this = malloc_thing(private_socket_t);
-
- /* public functions */
- this->public.send = (status_t(*)(socket_t*, packet_t*))sender;
- this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver;
- this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator;
- this->public.destroy = (void(*)(socket_t*)) destroy;
-
- this->recv4 = 0;
- this->recv6 = 0;
- this->send4 = 0;
- this->send6 = 0;
- this->send4_natt = 0;
- this->send6_natt = 0;
+ private_socket_raw_socket_t *this;
+
+ INIT(this,
+ .public = {
+ .socket = {
+ .send = _sender,
+ .receive = _receiver,
+ },
+ .destroy = _destroy,
+ },
+ );
this->recv4 = open_recv_socket(this, AF_INET);
if (this->recv4 == 0)
@@ -754,8 +702,8 @@ socket_t *socket_create()
{
DBG1(DBG_NET, "could not create any sockets");
destroy(this);
- charon->kill(charon, "socket initialization failed");
+ return NULL;
}
- return (socket_t*)this;
+ return &this->public;
}
diff --git a/src/libcharon/plugins/socket_raw/socket_raw_socket.h b/src/libcharon/plugins/socket_raw/socket_raw_socket.h
new file mode 100644
index 000000000..94cf666e8
--- /dev/null
+++ b/src/libcharon/plugins/socket_raw/socket_raw_socket.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_raw_socket socket_raw_socket
+ * @{ @ingroup socket_raw
+ */
+
+#ifndef SOCKET_RAW_SOCKET_H_
+#define SOCKET_RAW_SOCKET_H_
+
+typedef struct socket_raw_socket_t socket_raw_socket_t;
+
+#include <network/socket.h>
+
+/**
+ * Raw socket, binds to port 500/4500 using any IPv4/IPv6 address.
+ *
+ * This imeplementation uses raw sockets to allow binding of other daemons
+ * (pluto) to UDP/500/4500. An installed "Linux socket filter" filters out
+ * all non-IKEv2 traffic and handles just IKEv2 messages. An other daemon
+ * must handle all traffic separately, e.g. ignore IKEv2 traffic, since charon
+ * handles that.
+ */
+struct socket_raw_socket_t {
+
+ /**
+ * Implements the socket_t interface.
+ */
+ socket_t socket;
+
+ /**
+ * Destroy a socket_raw_socket_t.
+ */
+ void (*destroy)(socket_raw_socket_t *this);
+};
+
+/**
+ * Create a socket_raw_socket instance.
+ */
+socket_raw_socket_t *socket_raw_socket_create();
+
+#endif /** SOCKET_RAW_SOCKET_H_ @}*/
diff --git a/src/charon/plugins/sql/Makefile.am b/src/libcharon/plugins/sql/Makefile.am
index 60135bf08..68b7e8cb2 100644
--- a/src/charon/plugins/sql/Makefile.am
+++ b/src/libcharon/plugins/sql/Makefile.am
@@ -1,12 +1,18 @@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
AM_CFLAGS = -rdynamic \
-DPLUGINS=\""${libstrongswan_plugins}\""
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-sql.la
+else
plugin_LTLIBRARIES = libstrongswan-sql.la
+endif
+
libstrongswan_sql_la_SOURCES = \
- sql_plugin.h sql_plugin.c sql_config.h sql_config.c \
- sql_cred.h sql_cred.c sql_logger.h sql_logger.c
-libstrongswan_sql_la_LDFLAGS = -module -avoid-version
+ sql_plugin.h sql_plugin.c sql_config.h sql_config.c \
+ sql_cred.h sql_cred.c sql_logger.h sql_logger.c
+libstrongswan_sql_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index ef9c33a1c..5803dc898 100644
--- a/src/charon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/sql
+subdir = src/libcharon/plugins/sql
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_sql_la_LIBADD =
am_libstrongswan_sql_la_OBJECTS = sql_plugin.lo sql_config.lo \
sql_cred.lo sql_logger.lo
@@ -80,6 +80,8 @@ libstrongswan_sql_la_OBJECTS = $(am_libstrongswan_sql_la_OBJECTS)
libstrongswan_sql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_sql_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_sql_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_sql_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -252,14 +255,17 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic \
-DPLUGINS=\""${libstrongswan_plugins}\""
-plugin_LTLIBRARIES = libstrongswan-sql.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sql.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sql.la
libstrongswan_sql_la_SOURCES = \
- sql_plugin.h sql_plugin.c sql_config.h sql_config.c \
- sql_cred.h sql_cred.c sql_logger.h sql_logger.c
+ sql_plugin.h sql_plugin.c sql_config.h sql_config.c \
+ sql_cred.h sql_cred.c sql_logger.h sql_logger.c
libstrongswan_sql_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -275,9 +281,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/sql/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/sql/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/sql/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/sql/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -296,6 +302,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +343,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-sql.la: $(libstrongswan_sql_la_OBJECTS) $(libstrongswan_sql_la_DEPENDENCIES)
- $(libstrongswan_sql_la_LINK) -rpath $(plugindir) $(libstrongswan_sql_la_OBJECTS) $(libstrongswan_sql_la_LIBADD) $(LIBS)
+ $(libstrongswan_sql_la_LINK) $(am_libstrongswan_sql_la_rpath) $(libstrongswan_sql_la_OBJECTS) $(libstrongswan_sql_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -484,8 +499,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -556,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c
index afee0896c..23366898a 100644
--- a/src/charon/plugins/sql/sql_config.c
+++ b/src/libcharon/plugins/sql/sql_config.c
@@ -182,7 +182,8 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e,
{
ike_cfg_t *ike_cfg;
- ike_cfg = ike_cfg_create(certreq, force_encap, local, remote);
+ ike_cfg = ike_cfg_create(certreq, force_encap,
+ local, IKEV2_UDP_PORT, remote, IKEV2_UDP_PORT);
/* TODO: read proposal from db */
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
return ike_cfg;
diff --git a/src/charon/plugins/sql/sql_config.h b/src/libcharon/plugins/sql/sql_config.h
index 700d00a97..700d00a97 100644
--- a/src/charon/plugins/sql/sql_config.h
+++ b/src/libcharon/plugins/sql/sql_config.h
diff --git a/src/charon/plugins/sql/sql_cred.c b/src/libcharon/plugins/sql/sql_cred.c
index 12f4ab045..12f4ab045 100644
--- a/src/charon/plugins/sql/sql_cred.c
+++ b/src/libcharon/plugins/sql/sql_cred.c
diff --git a/src/charon/plugins/sql/sql_cred.h b/src/libcharon/plugins/sql/sql_cred.h
index 7f387398e..7f387398e 100644
--- a/src/charon/plugins/sql/sql_cred.h
+++ b/src/libcharon/plugins/sql/sql_cred.h
diff --git a/src/charon/plugins/sql/sql_logger.c b/src/libcharon/plugins/sql/sql_logger.c
index d350c4c3d..d350c4c3d 100644
--- a/src/charon/plugins/sql/sql_logger.c
+++ b/src/libcharon/plugins/sql/sql_logger.c
diff --git a/src/charon/plugins/sql/sql_logger.h b/src/libcharon/plugins/sql/sql_logger.h
index a933705da..a933705da 100644
--- a/src/charon/plugins/sql/sql_logger.h
+++ b/src/libcharon/plugins/sql/sql_logger.h
diff --git a/src/charon/plugins/sql/sql_plugin.c b/src/libcharon/plugins/sql/sql_plugin.c
index e2e410a8a..e2d2d63b3 100644
--- a/src/charon/plugins/sql/sql_plugin.c
+++ b/src/libcharon/plugins/sql/sql_plugin.c
@@ -71,7 +71,7 @@ static void destroy(private_sql_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *sql_plugin_create()
{
char *uri;
private_sql_plugin_t *this;
diff --git a/src/charon/plugins/sql/sql_plugin.h b/src/libcharon/plugins/sql/sql_plugin.h
index 8de04a891..c6f9ba905 100644
--- a/src/charon/plugins/sql/sql_plugin.h
+++ b/src/libcharon/plugins/sql/sql_plugin.h
@@ -39,9 +39,4 @@ struct sql_plugin_t {
plugin_t plugin;
};
-/**
- * Create a sql_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** SQL_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/stroke/Makefile.am b/src/libcharon/plugins/stroke/Makefile.am
new file mode 100644
index 000000000..40888a40b
--- /dev/null
+++ b/src/libcharon/plugins/stroke/Makefile.am
@@ -0,0 +1,27 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/stroke
+
+AM_CFLAGS = \
+-rdynamic \
+-DIPSEC_CONFDIR=\"${sysconfdir}\" \
+-DIPSEC_PIDDIR=\"${piddir}\"
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-stroke.la
+else
+plugin_LTLIBRARIES = libstrongswan-stroke.la
+endif
+
+libstrongswan_stroke_la_SOURCES = \
+ stroke_plugin.h stroke_plugin.c \
+ stroke_socket.h stroke_socket.c \
+ stroke_config.h stroke_config.c \
+ stroke_control.h stroke_control.c \
+ stroke_cred.h stroke_cred.c \
+ stroke_ca.h stroke_ca.c \
+ stroke_attribute.h stroke_attribute.c \
+ stroke_list.h stroke_list.c \
+ stroke_shared_key.h stroke_shared_key.c
+
+libstrongswan_stroke_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 6e6b3b813..8815ba741 100644
--- a/src/charon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/stroke
+subdir = src/libcharon/plugins/stroke
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_stroke_la_LIBADD =
am_libstrongswan_stroke_la_OBJECTS = stroke_plugin.lo stroke_socket.lo \
stroke_config.lo stroke_control.lo stroke_cred.lo stroke_ca.lo \
@@ -82,6 +82,9 @@ libstrongswan_stroke_la_OBJECTS = \
libstrongswan_stroke_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_stroke_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_stroke_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_stroke_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,22 +258,26 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/stroke
+
AM_CFLAGS = \
-rdynamic \
-DIPSEC_CONFDIR=\"${sysconfdir}\" \
-DIPSEC_PIDDIR=\"${piddir}\"
-plugin_LTLIBRARIES = libstrongswan-stroke.la
-libstrongswan_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \
- stroke_socket.h stroke_socket.c \
- stroke_config.h stroke_config.c \
- stroke_control.h stroke_control.c \
- stroke_cred.h stroke_cred.c \
- stroke_ca.h stroke_ca.c \
- stroke_attribute.h stroke_attribute.c \
- stroke_list.h stroke_list.c \
- stroke_shared_key.h stroke_shared_key.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-stroke.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-stroke.la
+libstrongswan_stroke_la_SOURCES = \
+ stroke_plugin.h stroke_plugin.c \
+ stroke_socket.h stroke_socket.c \
+ stroke_config.h stroke_config.c \
+ stroke_control.h stroke_control.c \
+ stroke_cred.h stroke_cred.c \
+ stroke_ca.h stroke_ca.c \
+ stroke_attribute.h stroke_attribute.c \
+ stroke_list.h stroke_list.c \
+ stroke_shared_key.h stroke_shared_key.c
libstrongswan_stroke_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -285,9 +293,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/stroke/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/stroke/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/stroke/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/stroke/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -306,6 +314,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -338,7 +355,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-stroke.la: $(libstrongswan_stroke_la_OBJECTS) $(libstrongswan_stroke_la_DEPENDENCIES)
- $(libstrongswan_stroke_la_LINK) -rpath $(plugindir) $(libstrongswan_stroke_la_OBJECTS) $(libstrongswan_stroke_la_LIBADD) $(LIBS)
+ $(libstrongswan_stroke_la_LINK) $(am_libstrongswan_stroke_la_rpath) $(libstrongswan_stroke_la_OBJECTS) $(libstrongswan_stroke_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -499,8 +516,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -571,18 +588,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libcharon/plugins/stroke/stroke_attribute.c b/src/libcharon/plugins/stroke/stroke_attribute.c
new file mode 100644
index 000000000..1e4615e12
--- /dev/null
+++ b/src/libcharon/plugins/stroke/stroke_attribute.c
@@ -0,0 +1,226 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "stroke_attribute.h"
+
+#include <daemon.h>
+#include <attributes/mem_pool.h>
+#include <utils/linked_list.h>
+#include <threading/rwlock.h>
+
+typedef struct private_stroke_attribute_t private_stroke_attribute_t;
+
+/**
+ * private data of stroke_attribute
+ */
+struct private_stroke_attribute_t {
+
+ /**
+ * public functions
+ */
+ stroke_attribute_t public;
+
+ /**
+ * list of pools, contains mem_pool_t
+ */
+ linked_list_t *pools;
+
+ /**
+ * rwlock to lock access to pools
+ */
+ rwlock_t *lock;
+};
+
+/**
+ * find a pool by name
+ */
+static mem_pool_t *find_pool(private_stroke_attribute_t *this, char *name)
+{
+ enumerator_t *enumerator;
+ mem_pool_t *current, *found = NULL;
+
+ enumerator = this->pools->create_enumerator(this->pools);
+ while (enumerator->enumerate(enumerator, &current))
+ {
+ if (streq(name, current->get_name(current)))
+ {
+ found = current;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return found;
+}
+
+METHOD(attribute_provider_t, acquire_address, host_t*,
+ private_stroke_attribute_t *this, char *name, identification_t *id,
+ host_t *requested)
+{
+ mem_pool_t *pool;
+ host_t *addr = NULL;
+ this->lock->read_lock(this->lock);
+ pool = find_pool(this, name);
+ if (pool)
+ {
+ addr = pool->acquire_address(pool, id, requested);
+ }
+ this->lock->unlock(this->lock);
+ return addr;
+}
+
+METHOD(attribute_provider_t, release_address, bool,
+ private_stroke_attribute_t *this, char *name, host_t *address,
+ identification_t *id)
+{
+ mem_pool_t *pool;
+ bool found = FALSE;
+ this->lock->read_lock(this->lock);
+ pool = find_pool(this, name);
+ if (pool)
+ {
+ found = pool->release_address(pool, address, id);
+ }
+ this->lock->unlock(this->lock);
+ return found;
+}
+
+METHOD(stroke_attribute_t, add_pool, void,
+ private_stroke_attribute_t *this, stroke_msg_t *msg)
+{
+ if (msg->add_conn.other.sourceip_mask)
+ {
+ mem_pool_t *pool;
+ host_t *base = NULL;
+ u_int32_t bits = 0;
+
+ /* if %config, add an empty pool, otherwise */
+ if (msg->add_conn.other.sourceip)
+ {
+ DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d",
+ msg->add_conn.name, msg->add_conn.other.sourceip,
+ msg->add_conn.other.sourceip_mask);
+ base = host_create_from_string(msg->add_conn.other.sourceip, 0);
+ if (!base)
+ {
+ DBG1(DBG_CFG, "virtual IP address invalid, discarded");
+ return;
+ }
+ bits = msg->add_conn.other.sourceip_mask;
+ }
+ pool = mem_pool_create(msg->add_conn.name, base, bits);
+ DESTROY_IF(base);
+
+ this->lock->write_lock(this->lock);
+ this->pools->insert_last(this->pools, pool);
+ this->lock->unlock(this->lock);
+ }
+}
+
+METHOD(stroke_attribute_t, del_pool, void,
+ private_stroke_attribute_t *this, stroke_msg_t *msg)
+{
+ enumerator_t *enumerator;
+ mem_pool_t *pool;
+
+ this->lock->write_lock(this->lock);
+ enumerator = this->pools->create_enumerator(this->pools);
+ while (enumerator->enumerate(enumerator, &pool))
+ {
+ if (streq(msg->del_conn.name, pool->get_name(pool)))
+ {
+ this->pools->remove_at(this->pools, enumerator);
+ pool->destroy(pool);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+}
+
+/**
+ * Pool enumerator filter function, converts pool_t to name, size, ...
+ */
+static bool pool_filter(void *lock, mem_pool_t **poolp, const char **name,
+ void *d1, u_int *size, void *d2, u_int *online,
+ void *d3, u_int *offline)
+{
+ mem_pool_t *pool = *poolp;
+ *name = pool->get_name(pool);
+ *size = pool->get_size(pool);
+ *online = pool->get_online(pool);
+ *offline = pool->get_offline(pool);
+ return TRUE;
+}
+
+METHOD(stroke_attribute_t, create_pool_enumerator, enumerator_t*,
+ private_stroke_attribute_t *this)
+{
+ this->lock->read_lock(this->lock);
+ return enumerator_create_filter(this->pools->create_enumerator(this->pools),
+ (void*)pool_filter,
+ this->lock, (void*)this->lock->unlock);
+}
+
+METHOD(stroke_attribute_t, create_lease_enumerator, enumerator_t*,
+ private_stroke_attribute_t *this, char *name)
+{
+ mem_pool_t *pool;
+ this->lock->read_lock(this->lock);
+ pool = find_pool(this, name);
+ if (!pool)
+ {
+ this->lock->unlock(this->lock);
+ return NULL;
+ }
+ return enumerator_create_cleaner(pool->create_lease_enumerator(pool),
+ (void*)this->lock->unlock, this->lock);
+}
+
+METHOD(stroke_attribute_t, destroy, void,
+ private_stroke_attribute_t *this)
+{
+ this->lock->destroy(this->lock);
+ this->pools->destroy_offset(this->pools, offsetof(mem_pool_t, destroy));
+ free(this);
+}
+
+/*
+ * see header file
+ */
+stroke_attribute_t *stroke_attribute_create()
+{
+ private_stroke_attribute_t *this;
+
+ INIT(this,
+ .public = {
+ .provider = {
+ .acquire_address = _acquire_address,
+ .release_address = _release_address,
+ .create_attribute_enumerator = enumerator_create_empty,
+ },
+ .add_pool = _add_pool,
+ .del_pool = _del_pool,
+ .create_pool_enumerator = _create_pool_enumerator,
+ .create_lease_enumerator = _create_lease_enumerator,
+ .destroy = _destroy,
+ },
+ .pools = linked_list_create(),
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
+
+ return &this->public;
+}
+
diff --git a/src/charon/plugins/stroke/stroke_attribute.h b/src/libcharon/plugins/stroke/stroke_attribute.h
index cf6c950a6..249a9899b 100644
--- a/src/charon/plugins/stroke/stroke_attribute.h
+++ b/src/libcharon/plugins/stroke/stroke_attribute.h
@@ -37,15 +37,14 @@ struct stroke_attribute_t {
attribute_provider_t provider;
/**
- * Add a virtual IP address.
+ * Add a virtual IP address pool.
*
* @param msg stroke message
- * @param end end of stroke message that contains virtual IP.
*/
void (*add_pool)(stroke_attribute_t *this, stroke_msg_t *msg);
/**
- * Remove a virtual IP address.
+ * Remove a virtual IP address pool.
*
* @param msg stroke message
*/
@@ -68,10 +67,11 @@ struct stroke_attribute_t {
* identification_t *id, host_t *address, bool online
*
* @param pool name of the pool to enumerate
- * @return enumerator, NULL if pool not found
+ * @return enumerator, NULL if pool not found
*/
enumerator_t* (*create_lease_enumerator)(stroke_attribute_t *this,
char *pool);
+
/**
* Destroy a stroke_attribute instance.
*/
diff --git a/src/charon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c
index 49146f18b..49146f18b 100644
--- a/src/charon/plugins/stroke/stroke_ca.c
+++ b/src/libcharon/plugins/stroke/stroke_ca.c
diff --git a/src/charon/plugins/stroke/stroke_ca.h b/src/libcharon/plugins/stroke/stroke_ca.h
index 21af912ea..21af912ea 100644
--- a/src/charon/plugins/stroke/stroke_ca.h
+++ b/src/libcharon/plugins/stroke/stroke_ca.h
diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 0752f3c93..bbc1e7a31 100644
--- a/src/charon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -232,9 +232,9 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg
}
}
ike_cfg = ike_cfg_create(msg->add_conn.other.sendcert != CERT_NEVER_SEND,
- msg->add_conn.force_encap,
- msg->add_conn.me.address,
- msg->add_conn.other.address);
+ msg->add_conn.force_encap,
+ msg->add_conn.me.address, msg->add_conn.me.ikeport,
+ msg->add_conn.other.address, msg->add_conn.other.ikeport);
add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL);
return ike_cfg;
}
@@ -697,7 +697,7 @@ static void add_ts(private_stroke_config_t *this,
if (!end->subnets)
{
- net = host_create_from_string(end->address, IKEV2_UDP_PORT);
+ net = host_create_from_string(end->address, 0);
if (net)
{
ts = traffic_selector_create_from_subnet(net, 0, end->protocol,
@@ -726,7 +726,7 @@ static void add_ts(private_stroke_config_t *this,
intbits = atoi(bits + 1);
}
- net = host_create_from_string(start, IKEV2_UDP_PORT);
+ net = host_create_from_string(start, 0);
if (net)
{
ts = traffic_selector_create_from_subnet(net, intbits,
diff --git a/src/charon/plugins/stroke/stroke_config.h b/src/libcharon/plugins/stroke/stroke_config.h
index 05e4665ca..05e4665ca 100644
--- a/src/charon/plugins/stroke/stroke_config.h
+++ b/src/libcharon/plugins/stroke/stroke_config.h
diff --git a/src/charon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index a03aef697..a03aef697 100644
--- a/src/charon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
diff --git a/src/charon/plugins/stroke/stroke_control.h b/src/libcharon/plugins/stroke/stroke_control.h
index 9b49bdc31..9b49bdc31 100644
--- a/src/charon/plugins/stroke/stroke_control.h
+++ b/src/libcharon/plugins/stroke/stroke_control.h
diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index bc0b2f6fc..e0a5210a9 100644
--- a/src/charon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -993,6 +993,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level,
}
else if ((match("PSK", &token) && (type = SHARED_IKE)) ||
(match("EAP", &token) && (type = SHARED_EAP)) ||
+ (match("NTLM", &token) && (type = SHARED_NT_HASH)) ||
(match("XAUTH", &token) && (type = SHARED_EAP)))
{
stroke_shared_key_t *shared_key;
diff --git a/src/charon/plugins/stroke/stroke_cred.h b/src/libcharon/plugins/stroke/stroke_cred.h
index ccee7d87c..ccee7d87c 100644
--- a/src/charon/plugins/stroke/stroke_cred.h
+++ b/src/libcharon/plugins/stroke/stroke_cred.h
diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index c2a98da33..c2a98da33 100644
--- a/src/charon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
diff --git a/src/charon/plugins/stroke/stroke_list.h b/src/libcharon/plugins/stroke/stroke_list.h
index b5bedc6c2..b5bedc6c2 100644
--- a/src/charon/plugins/stroke/stroke_list.h
+++ b/src/libcharon/plugins/stroke/stroke_list.h
diff --git a/src/charon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c
index 61ae10953..4361e5050 100644
--- a/src/charon/plugins/stroke/stroke_plugin.c
+++ b/src/libcharon/plugins/stroke/stroke_plugin.c
@@ -48,7 +48,7 @@ static void destroy(private_stroke_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *stroke_plugin_create()
{
private_stroke_plugin_t *this = malloc_thing(private_stroke_plugin_t);
diff --git a/src/charon/plugins/stroke/stroke_plugin.h b/src/libcharon/plugins/stroke/stroke_plugin.h
index 3a1e81df6..464979910 100644
--- a/src/charon/plugins/stroke/stroke_plugin.h
+++ b/src/libcharon/plugins/stroke/stroke_plugin.h
@@ -42,9 +42,4 @@ struct stroke_plugin_t {
plugin_t plugin;
};
-/**
- * Instanciate stroke plugin.
- */
-plugin_t *plugin_create();
-
#endif /** STROKE_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_shared_key.c b/src/libcharon/plugins/stroke/stroke_shared_key.c
index 4f716e83a..4f716e83a 100644
--- a/src/charon/plugins/stroke/stroke_shared_key.c
+++ b/src/libcharon/plugins/stroke/stroke_shared_key.c
diff --git a/src/charon/plugins/stroke/stroke_shared_key.h b/src/libcharon/plugins/stroke/stroke_shared_key.h
index 05ad55083..05ad55083 100644
--- a/src/charon/plugins/stroke/stroke_shared_key.h
+++ b/src/libcharon/plugins/stroke/stroke_shared_key.h
diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 820e097f1..56c18da38 100644
--- a/src/charon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -25,6 +25,7 @@
#include <errno.h>
#include <processing/jobs/callback_job.h>
+#include <hydra.h>
#include <daemon.h>
#include <threading/thread.h>
@@ -624,7 +625,7 @@ static void destroy(private_stroke_socket_t *this)
charon->credentials->remove_set(charon->credentials, &this->ca->set);
charon->credentials->remove_set(charon->credentials, &this->cred->set);
charon->backends->remove_backend(charon->backends, &this->config->backend);
- lib->attributes->remove_provider(lib->attributes, &this->attribute->provider);
+ hydra->attributes->remove_provider(hydra->attributes, &this->attribute->provider);
this->cred->destroy(this->cred);
this->ca->destroy(this->ca);
this->config->destroy(this->config);
@@ -659,7 +660,7 @@ stroke_socket_t *stroke_socket_create()
charon->credentials->add_set(charon->credentials, &this->ca->set);
charon->credentials->add_set(charon->credentials, &this->cred->set);
charon->backends->add_backend(charon->backends, &this->config->backend);
- lib->attributes->add_provider(lib->attributes, &this->attribute->provider);
+ hydra->attributes->add_provider(hydra->attributes, &this->attribute->provider);
this->job = callback_job_create((callback_job_cb_t)receive,
this, NULL, NULL);
diff --git a/src/charon/plugins/stroke/stroke_socket.h b/src/libcharon/plugins/stroke/stroke_socket.h
index 2aac8be9b..2aac8be9b 100644
--- a/src/charon/plugins/stroke/stroke_socket.h
+++ b/src/libcharon/plugins/stroke/stroke_socket.h
diff --git a/src/libcharon/plugins/uci/Makefile.am b/src/libcharon/plugins/uci/Makefile.am
new file mode 100644
index 000000000..6decdb9da
--- /dev/null
+++ b/src/libcharon/plugins/uci/Makefile.am
@@ -0,0 +1,19 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-uci.la
+else
+plugin_LTLIBRARIES = libstrongswan-uci.la
+endif
+
+libstrongswan_uci_la_SOURCES = \
+ uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \
+ uci_config.h uci_config.c uci_creds.h uci_creds.c \
+ uci_control.h uci_control.c
+
+libstrongswan_uci_la_LDFLAGS = -module -avoid-version
+libstrongswan_uci_la_LIBADD = -luci
diff --git a/src/charon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index 00436f509..c10829bb3 100644
--- a/src/charon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/uci
+subdir = src/libcharon/plugins/uci
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_uci_la_DEPENDENCIES =
am_libstrongswan_uci_la_OBJECTS = uci_plugin.lo uci_parser.lo \
uci_config.lo uci_creds.lo uci_control.lo
@@ -80,6 +80,8 @@ libstrongswan_uci_la_OBJECTS = $(am_libstrongswan_uci_la_OBJECTS)
libstrongswan_uci_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_uci_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_uci_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_uci_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -252,13 +255,16 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-uci.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-uci.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-uci.la
libstrongswan_uci_la_SOURCES = \
- uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \
- uci_config.h uci_config.c uci_creds.h uci_creds.c \
- uci_control.h uci_control.c
+ uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \
+ uci_config.h uci_config.c uci_creds.h uci_creds.c \
+ uci_control.h uci_control.c
libstrongswan_uci_la_LDFLAGS = -module -avoid-version
libstrongswan_uci_la_LIBADD = -luci
@@ -275,9 +281,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/uci/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/uci/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/uci/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/uci/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -296,6 +302,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +343,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-uci.la: $(libstrongswan_uci_la_OBJECTS) $(libstrongswan_uci_la_DEPENDENCIES)
- $(libstrongswan_uci_la_LINK) -rpath $(plugindir) $(libstrongswan_uci_la_OBJECTS) $(libstrongswan_uci_la_LIBADD) $(LIBS)
+ $(libstrongswan_uci_la_LINK) $(am_libstrongswan_uci_la_rpath) $(libstrongswan_uci_la_OBJECTS) $(libstrongswan_uci_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -485,8 +500,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -557,18 +572,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c
index a6ee970ad..bd58afbf0 100644
--- a/src/charon/plugins/uci/uci_config.c
+++ b/src/libcharon/plugins/uci/uci_config.c
@@ -170,7 +170,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
&ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey))
{
DESTROY_IF(this->peer_cfg);
- ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, remote_addr);
+ ike_cfg = ike_cfg_create(FALSE, FALSE,
+ local_addr, IKEV2_UDP_PORT, remote_addr, IKEV2_UDP_PORT);
ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
this->peer_cfg = peer_cfg_create(
name, 2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
@@ -268,7 +269,8 @@ static bool ike_enumerator_enumerate(ike_enumerator_t *this, ike_cfg_t **cfg)
&local_addr, &remote_addr, &ike_proposal))
{
DESTROY_IF(this->ike_cfg);
- this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, remote_addr);
+ this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, IKEV2_UDP_PORT,
+ remote_addr, IKEV2_UDP_PORT);
this->ike_cfg->add_proposal(this->ike_cfg,
create_proposal(ike_proposal, PROTO_IKE));
diff --git a/src/charon/plugins/uci/uci_config.h b/src/libcharon/plugins/uci/uci_config.h
index 130f15d85..130f15d85 100644
--- a/src/charon/plugins/uci/uci_config.h
+++ b/src/libcharon/plugins/uci/uci_config.h
diff --git a/src/charon/plugins/uci/uci_control.c b/src/libcharon/plugins/uci/uci_control.c
index 3c4928be4..3c4928be4 100644
--- a/src/charon/plugins/uci/uci_control.c
+++ b/src/libcharon/plugins/uci/uci_control.c
diff --git a/src/charon/plugins/uci/uci_control.h b/src/libcharon/plugins/uci/uci_control.h
index 794220aa1..794220aa1 100644
--- a/src/charon/plugins/uci/uci_control.h
+++ b/src/libcharon/plugins/uci/uci_control.h
diff --git a/src/charon/plugins/uci/uci_creds.c b/src/libcharon/plugins/uci/uci_creds.c
index 4d664feb2..4d664feb2 100644
--- a/src/charon/plugins/uci/uci_creds.c
+++ b/src/libcharon/plugins/uci/uci_creds.c
diff --git a/src/charon/plugins/uci/uci_creds.h b/src/libcharon/plugins/uci/uci_creds.h
index a283ed9f5..a283ed9f5 100644
--- a/src/charon/plugins/uci/uci_creds.h
+++ b/src/libcharon/plugins/uci/uci_creds.h
diff --git a/src/charon/plugins/uci/uci_parser.c b/src/libcharon/plugins/uci/uci_parser.c
index 6de55d218..6de55d218 100644
--- a/src/charon/plugins/uci/uci_parser.c
+++ b/src/libcharon/plugins/uci/uci_parser.c
diff --git a/src/charon/plugins/uci/uci_parser.h b/src/libcharon/plugins/uci/uci_parser.h
index 7217e507a..7217e507a 100644
--- a/src/charon/plugins/uci/uci_parser.h
+++ b/src/libcharon/plugins/uci/uci_parser.h
diff --git a/src/charon/plugins/uci/uci_plugin.c b/src/libcharon/plugins/uci/uci_plugin.c
index 2a79b9109..742fcf4d0 100644
--- a/src/charon/plugins/uci/uci_plugin.c
+++ b/src/libcharon/plugins/uci/uci_plugin.c
@@ -75,7 +75,7 @@ static void destroy(private_uci_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *uci_plugin_create()
{
private_uci_plugin_t *this = malloc_thing(private_uci_plugin_t);
diff --git a/src/charon/plugins/uci/uci_plugin.h b/src/libcharon/plugins/uci/uci_plugin.h
index e7743227c..980ab26fd 100644
--- a/src/charon/plugins/uci/uci_plugin.h
+++ b/src/libcharon/plugins/uci/uci_plugin.h
@@ -40,9 +40,4 @@ struct uci_plugin_t {
plugin_t plugin;
};
-/**
- * Create a uci_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** UCI_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/unit_tester/Makefile.am b/src/libcharon/plugins/unit_tester/Makefile.am
new file mode 100644
index 000000000..e27d1f859
--- /dev/null
+++ b/src/libcharon/plugins/unit_tester/Makefile.am
@@ -0,0 +1,29 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-unit-tester.la
+else
+plugin_LTLIBRARIES = libstrongswan-unit-tester.la
+endif
+
+libstrongswan_unit_tester_la_SOURCES = \
+ unit_tester.c unit_tester.h tests.h \
+ tests/test_enumerator.c \
+ tests/test_auth_info.c \
+ tests/test_curl.c \
+ tests/test_mysql.c \
+ tests/test_sqlite.c \
+ tests/test_mutex.c \
+ tests/test_rsa_gen.c \
+ tests/test_cert.c \
+ tests/test_med_db.c \
+ tests/test_chunk.c \
+ tests/test_pool.c \
+ tests/test_agent.c \
+ tests/test_id.c
+
+libstrongswan_unit_tester_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in
index 9926c43e8..6ca43a38f 100644
--- a/src/charon/plugins/unit_tester/Makefile.in
+++ b/src/libcharon/plugins/unit_tester/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/unit_tester
+subdir = src/libcharon/plugins/unit_tester
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_unit_tester_la_LIBADD =
am_libstrongswan_unit_tester_la_OBJECTS = unit_tester.lo \
test_enumerator.lo test_auth_info.lo test_curl.lo \
@@ -85,6 +85,9 @@ libstrongswan_unit_tester_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_unit_tester_la_LDFLAGS) \
$(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_unit_tester_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_unit_tester_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -223,6 +226,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -257,23 +261,27 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-unit-tester.la
-libstrongswan_unit_tester_la_SOURCES = unit_tester.c unit_tester.h tests.h \
- tests/test_enumerator.c \
- tests/test_auth_info.c \
- tests/test_curl.c \
- tests/test_mysql.c \
- tests/test_sqlite.c \
- tests/test_mutex.c \
- tests/test_rsa_gen.c \
- tests/test_cert.c \
- tests/test_med_db.c \
- tests/test_chunk.c \
- tests/test_pool.c \
- tests/test_agent.c \
- tests/test_id.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-unit-tester.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-unit-tester.la
+libstrongswan_unit_tester_la_SOURCES = \
+ unit_tester.c unit_tester.h tests.h \
+ tests/test_enumerator.c \
+ tests/test_auth_info.c \
+ tests/test_curl.c \
+ tests/test_mysql.c \
+ tests/test_sqlite.c \
+ tests/test_mutex.c \
+ tests/test_rsa_gen.c \
+ tests/test_cert.c \
+ tests/test_med_db.c \
+ tests/test_chunk.c \
+ tests/test_pool.c \
+ tests/test_agent.c \
+ tests/test_id.c
libstrongswan_unit_tester_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -289,9 +297,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/unit_tester/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/unit_tester/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/unit_tester/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/unit_tester/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -310,6 +318,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -342,7 +359,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-unit-tester.la: $(libstrongswan_unit_tester_la_OBJECTS) $(libstrongswan_unit_tester_la_DEPENDENCIES)
- $(libstrongswan_unit_tester_la_LINK) -rpath $(plugindir) $(libstrongswan_unit_tester_la_OBJECTS) $(libstrongswan_unit_tester_la_LIBADD) $(LIBS)
+ $(libstrongswan_unit_tester_la_LINK) $(am_libstrongswan_unit_tester_la_rpath) $(libstrongswan_unit_tester_la_OBJECTS) $(libstrongswan_unit_tester_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -599,8 +616,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -671,18 +688,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/unit_tester/tests.h b/src/libcharon/plugins/unit_tester/tests.h
index 96313d390..96313d390 100644
--- a/src/charon/plugins/unit_tester/tests.h
+++ b/src/libcharon/plugins/unit_tester/tests.h
diff --git a/src/charon/plugins/unit_tester/tests/test_agent.c b/src/libcharon/plugins/unit_tester/tests/test_agent.c
index baab629be..baab629be 100644
--- a/src/charon/plugins/unit_tester/tests/test_agent.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_agent.c
diff --git a/src/charon/plugins/unit_tester/tests/test_auth_info.c b/src/libcharon/plugins/unit_tester/tests/test_auth_info.c
index d6abe7a05..d6abe7a05 100644
--- a/src/charon/plugins/unit_tester/tests/test_auth_info.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_auth_info.c
diff --git a/src/charon/plugins/unit_tester/tests/test_cert.c b/src/libcharon/plugins/unit_tester/tests/test_cert.c
index 3b00421f8..3b00421f8 100644
--- a/src/charon/plugins/unit_tester/tests/test_cert.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_cert.c
diff --git a/src/charon/plugins/unit_tester/tests/test_chunk.c b/src/libcharon/plugins/unit_tester/tests/test_chunk.c
index 2e0905b2c..2e0905b2c 100644
--- a/src/charon/plugins/unit_tester/tests/test_chunk.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_chunk.c
diff --git a/src/charon/plugins/unit_tester/tests/test_curl.c b/src/libcharon/plugins/unit_tester/tests/test_curl.c
index 21656a94e..21656a94e 100644
--- a/src/charon/plugins/unit_tester/tests/test_curl.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_curl.c
diff --git a/src/charon/plugins/unit_tester/tests/test_enumerator.c b/src/libcharon/plugins/unit_tester/tests/test_enumerator.c
index edbf0f5bb..edbf0f5bb 100644
--- a/src/charon/plugins/unit_tester/tests/test_enumerator.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_enumerator.c
diff --git a/src/charon/plugins/unit_tester/tests/test_id.c b/src/libcharon/plugins/unit_tester/tests/test_id.c
index 868a2ca8b..868a2ca8b 100644
--- a/src/charon/plugins/unit_tester/tests/test_id.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_id.c
diff --git a/src/charon/plugins/unit_tester/tests/test_med_db.c b/src/libcharon/plugins/unit_tester/tests/test_med_db.c
index 7fd78b0bc..7fd78b0bc 100644
--- a/src/charon/plugins/unit_tester/tests/test_med_db.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_med_db.c
diff --git a/src/charon/plugins/unit_tester/tests/test_mutex.c b/src/libcharon/plugins/unit_tester/tests/test_mutex.c
index 77085cb2f..77085cb2f 100644
--- a/src/charon/plugins/unit_tester/tests/test_mutex.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_mutex.c
diff --git a/src/charon/plugins/unit_tester/tests/test_mysql.c b/src/libcharon/plugins/unit_tester/tests/test_mysql.c
index 252441ef8..252441ef8 100644
--- a/src/charon/plugins/unit_tester/tests/test_mysql.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_mysql.c
diff --git a/src/charon/plugins/unit_tester/tests/test_pool.c b/src/libcharon/plugins/unit_tester/tests/test_pool.c
index 109c06fda..a68246fff 100644
--- a/src/charon/plugins/unit_tester/tests/test_pool.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_pool.c
@@ -14,9 +14,10 @@
*/
#include <time.h>
-#include <pthread.h>
#include <library.h>
+#include <threading/thread.h>
+#include <hydra.h>
#define ALLOCS 1000
#define THREADS 20
@@ -39,8 +40,8 @@ static void* testing(void *thread)
/* allocate addresses */
for (i = 0; i < ALLOCS; i++)
{
- addr[i] = lib->attributes->acquire_address(lib->attributes,
- "test", id[i], NULL);
+ addr[i] = hydra->attributes->acquire_address(hydra->attributes,
+ "test", id[i], NULL);
if (!addr[i])
{
return (void*)FALSE;
@@ -50,8 +51,8 @@ static void* testing(void *thread)
/* release addresses */
for (i = 0; i < ALLOCS; i++)
{
- lib->attributes->release_address(lib->attributes,
- "test", addr[i], id[i]);
+ hydra->attributes->release_address(hydra->attributes,
+ "test", addr[i], id[i]);
}
/* cleanup */
@@ -69,21 +70,20 @@ static void* testing(void *thread)
******************************************************************************/
bool test_pool()
{
+ thread_t *threads[THREADS];
uintptr_t i;
- void *res;
- pthread_t thread[THREADS];
for (i = 0; i < THREADS; i++)
{
- if (pthread_create(&thread[i], NULL, (void*)testing, (void*)i) < 0)
+ if (!(threads[i] = thread_create((thread_main_t)testing, (void*)i)))
{
return FALSE;
}
}
for (i = 0; i < THREADS; i++)
{
- pthread_join(thread[i], &res);
- if (res == NULL)
+ bool *res = threads[i]->join(threads[i]);
+ if (!res)
{
return FALSE;
}
diff --git a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c b/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c
index 59da15644..59da15644 100644
--- a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c
diff --git a/src/charon/plugins/unit_tester/tests/test_sqlite.c b/src/libcharon/plugins/unit_tester/tests/test_sqlite.c
index dd8d1955e..dd8d1955e 100644
--- a/src/charon/plugins/unit_tester/tests/test_sqlite.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_sqlite.c
diff --git a/src/charon/plugins/unit_tester/unit_tester.c b/src/libcharon/plugins/unit_tester/unit_tester.c
index 3c39688c6..5f6f94e03 100644
--- a/src/charon/plugins/unit_tester/unit_tester.c
+++ b/src/libcharon/plugins/unit_tester/unit_tester.c
@@ -103,7 +103,7 @@ static void destroy(private_unit_tester_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *unit_tester_plugin_create()
{
private_unit_tester_t *this = malloc_thing(private_unit_tester_t);
diff --git a/src/charon/plugins/unit_tester/unit_tester.h b/src/libcharon/plugins/unit_tester/unit_tester.h
index 79d5bc021..08784f6f4 100644
--- a/src/charon/plugins/unit_tester/unit_tester.h
+++ b/src/libcharon/plugins/unit_tester/unit_tester.h
@@ -41,9 +41,4 @@ struct unit_tester_t {
plugin_t plugin;
};
-/**
- * Create a unit_tester plugin.
- */
-plugin_t *plugin_create();
-
#endif /** UNIT_TESTER_H_ @}*/
diff --git a/src/charon/plugins/updown/Makefile.am b/src/libcharon/plugins/updown/Makefile.am
index 6cad02a96..312c8d7e8 100644
--- a/src/charon/plugins/updown/Makefile.am
+++ b/src/libcharon/plugins/updown/Makefile.am
@@ -1,12 +1,17 @@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-updown.la
+else
plugin_LTLIBRARIES = libstrongswan-updown.la
-libstrongswan_updown_la_SOURCES = \
- updown_plugin.h updown_plugin.c \
- updown_listener.h updown_listener.c
-libstrongswan_updown_la_LDFLAGS = -module -avoid-version
+endif
+libstrongswan_updown_la_SOURCES = \
+ updown_plugin.h updown_plugin.c \
+ updown_listener.h updown_listener.c
+libstrongswan_updown_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index 78ba19d65..d3c509a32 100644
--- a/src/charon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/updown
+subdir = src/libcharon/plugins/updown
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_updown_la_LIBADD =
am_libstrongswan_updown_la_OBJECTS = updown_plugin.lo \
updown_listener.lo
@@ -81,6 +81,9 @@ libstrongswan_updown_la_OBJECTS = \
libstrongswan_updown_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_updown_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_updown_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_updown_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,12 +257,15 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-updown.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-updown.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-updown.la
libstrongswan_updown_la_SOURCES = \
- updown_plugin.h updown_plugin.c \
- updown_listener.h updown_listener.c
+ updown_plugin.h updown_plugin.c \
+ updown_listener.h updown_listener.c
libstrongswan_updown_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -274,9 +281,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/updown/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/updown/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/updown/Makefile
+ $(AUTOMAKE) --gnu src/libcharon/plugins/updown/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -295,6 +302,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +343,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-updown.la: $(libstrongswan_updown_la_OBJECTS) $(libstrongswan_updown_la_DEPENDENCIES)
- $(libstrongswan_updown_la_LINK) -rpath $(plugindir) $(libstrongswan_updown_la_OBJECTS) $(libstrongswan_updown_la_LIBADD) $(LIBS)
+ $(libstrongswan_updown_la_LINK) $(am_libstrongswan_updown_la_rpath) $(libstrongswan_updown_la_OBJECTS) $(libstrongswan_updown_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -481,8 +497,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -553,18 +569,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c
index 5a6746f92..5a6746f92 100644
--- a/src/charon/plugins/updown/updown_listener.c
+++ b/src/libcharon/plugins/updown/updown_listener.c
diff --git a/src/charon/plugins/updown/updown_listener.h b/src/libcharon/plugins/updown/updown_listener.h
index 5b866c4e5..5b866c4e5 100644
--- a/src/charon/plugins/updown/updown_listener.h
+++ b/src/libcharon/plugins/updown/updown_listener.h
diff --git a/src/charon/plugins/updown/updown_plugin.c b/src/libcharon/plugins/updown/updown_plugin.c
index 6cb0efdcd..9d0591e62 100644
--- a/src/charon/plugins/updown/updown_plugin.c
+++ b/src/libcharon/plugins/updown/updown_plugin.c
@@ -49,7 +49,7 @@ static void destroy(private_updown_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *updown_plugin_create()
{
private_updown_plugin_t *this = malloc_thing(private_updown_plugin_t);
diff --git a/src/charon/plugins/updown/updown_plugin.h b/src/libcharon/plugins/updown/updown_plugin.h
index 2873b499d..abcb953a0 100644
--- a/src/charon/plugins/updown/updown_plugin.h
+++ b/src/libcharon/plugins/updown/updown_plugin.h
@@ -39,9 +39,4 @@ struct updown_plugin_t {
plugin_t plugin;
};
-/**
- * Create a updown_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** UPDOWN_PLUGIN_H_ @}*/
diff --git a/src/charon/processing/jobs/acquire_job.c b/src/libcharon/processing/jobs/acquire_job.c
index 45ace9312..45ace9312 100644
--- a/src/charon/processing/jobs/acquire_job.c
+++ b/src/libcharon/processing/jobs/acquire_job.c
diff --git a/src/charon/processing/jobs/acquire_job.h b/src/libcharon/processing/jobs/acquire_job.h
index eff79a9b0..eff79a9b0 100644
--- a/src/charon/processing/jobs/acquire_job.h
+++ b/src/libcharon/processing/jobs/acquire_job.h
diff --git a/src/charon/processing/jobs/callback_job.c b/src/libcharon/processing/jobs/callback_job.c
index 7e35dcdcb..45e49112e 100644
--- a/src/charon/processing/jobs/callback_job.c
+++ b/src/libcharon/processing/jobs/callback_job.c
@@ -182,7 +182,7 @@ static void cancel(private_callback_job_t *this)
*/
static void execute(private_callback_job_t *this)
{
- bool cleanup = FALSE;
+ bool cleanup = FALSE, requeue = FALSE;
thread_cleanup_push((thread_cleanup_t)destroy, this);
@@ -206,8 +206,7 @@ static void execute(private_callback_job_t *this)
continue;
case JOB_REQUEUE_FAIR:
{
- charon->processor->queue_job(charon->processor,
- &this->public.job_interface);
+ requeue = TRUE;
break;
}
case JOB_REQUEUE_NONE:
@@ -225,6 +224,11 @@ static void execute(private_callback_job_t *this)
/* manually create a cancellation point to avoid that a cancelled thread
* goes back into the thread pool */
thread_cancellation_point();
+ if (requeue)
+ {
+ charon->processor->queue_job(charon->processor,
+ &this->public.job_interface);
+ }
thread_cleanup_pop(cleanup);
}
diff --git a/src/charon/processing/jobs/callback_job.h b/src/libcharon/processing/jobs/callback_job.h
index 62da1edd1..62da1edd1 100644
--- a/src/charon/processing/jobs/callback_job.h
+++ b/src/libcharon/processing/jobs/callback_job.h
diff --git a/src/charon/processing/jobs/delete_child_sa_job.c b/src/libcharon/processing/jobs/delete_child_sa_job.c
index ca55721f2..ca55721f2 100644
--- a/src/charon/processing/jobs/delete_child_sa_job.c
+++ b/src/libcharon/processing/jobs/delete_child_sa_job.c
diff --git a/src/charon/processing/jobs/delete_child_sa_job.h b/src/libcharon/processing/jobs/delete_child_sa_job.h
index 662a7b7c7..662a7b7c7 100644
--- a/src/charon/processing/jobs/delete_child_sa_job.h
+++ b/src/libcharon/processing/jobs/delete_child_sa_job.h
diff --git a/src/charon/processing/jobs/delete_ike_sa_job.c b/src/libcharon/processing/jobs/delete_ike_sa_job.c
index dffd08ba3..dffd08ba3 100644
--- a/src/charon/processing/jobs/delete_ike_sa_job.c
+++ b/src/libcharon/processing/jobs/delete_ike_sa_job.c
diff --git a/src/charon/processing/jobs/delete_ike_sa_job.h b/src/libcharon/processing/jobs/delete_ike_sa_job.h
index f641deea3..f641deea3 100644
--- a/src/charon/processing/jobs/delete_ike_sa_job.h
+++ b/src/libcharon/processing/jobs/delete_ike_sa_job.h
diff --git a/src/charon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c
index 13fc5e3d0..13fc5e3d0 100644
--- a/src/charon/processing/jobs/inactivity_job.c
+++ b/src/libcharon/processing/jobs/inactivity_job.c
diff --git a/src/charon/processing/jobs/inactivity_job.h b/src/libcharon/processing/jobs/inactivity_job.h
index 9c9daced8..9c9daced8 100644
--- a/src/charon/processing/jobs/inactivity_job.h
+++ b/src/libcharon/processing/jobs/inactivity_job.h
diff --git a/src/charon/processing/jobs/initiate_mediation_job.c b/src/libcharon/processing/jobs/initiate_mediation_job.c
index ffe8755e2..ffe8755e2 100644
--- a/src/charon/processing/jobs/initiate_mediation_job.c
+++ b/src/libcharon/processing/jobs/initiate_mediation_job.c
diff --git a/src/charon/processing/jobs/initiate_mediation_job.h b/src/libcharon/processing/jobs/initiate_mediation_job.h
index fddb1dd7b..fddb1dd7b 100644
--- a/src/charon/processing/jobs/initiate_mediation_job.h
+++ b/src/libcharon/processing/jobs/initiate_mediation_job.h
diff --git a/src/charon/processing/jobs/job.h b/src/libcharon/processing/jobs/job.h
index 0f1c16ebe..0f1c16ebe 100644
--- a/src/charon/processing/jobs/job.h
+++ b/src/libcharon/processing/jobs/job.h
diff --git a/src/charon/processing/jobs/mediation_job.c b/src/libcharon/processing/jobs/mediation_job.c
index b5b8af3b3..b5b8af3b3 100644
--- a/src/charon/processing/jobs/mediation_job.c
+++ b/src/libcharon/processing/jobs/mediation_job.c
diff --git a/src/charon/processing/jobs/mediation_job.h b/src/libcharon/processing/jobs/mediation_job.h
index 0574c65eb..0574c65eb 100644
--- a/src/charon/processing/jobs/mediation_job.h
+++ b/src/libcharon/processing/jobs/mediation_job.h
diff --git a/src/charon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c
index 05f47340c..05f47340c 100644
--- a/src/charon/processing/jobs/migrate_job.c
+++ b/src/libcharon/processing/jobs/migrate_job.c
diff --git a/src/charon/processing/jobs/migrate_job.h b/src/libcharon/processing/jobs/migrate_job.h
index de313d517..de313d517 100644
--- a/src/charon/processing/jobs/migrate_job.h
+++ b/src/libcharon/processing/jobs/migrate_job.h
diff --git a/src/charon/processing/jobs/process_message_job.c b/src/libcharon/processing/jobs/process_message_job.c
index a47d48e38..a47d48e38 100644
--- a/src/charon/processing/jobs/process_message_job.c
+++ b/src/libcharon/processing/jobs/process_message_job.c
diff --git a/src/charon/processing/jobs/process_message_job.h b/src/libcharon/processing/jobs/process_message_job.h
index 5e3f44d1f..5e3f44d1f 100644
--- a/src/charon/processing/jobs/process_message_job.h
+++ b/src/libcharon/processing/jobs/process_message_job.h
diff --git a/src/charon/processing/jobs/rekey_child_sa_job.c b/src/libcharon/processing/jobs/rekey_child_sa_job.c
index b797d181e..b797d181e 100644
--- a/src/charon/processing/jobs/rekey_child_sa_job.c
+++ b/src/libcharon/processing/jobs/rekey_child_sa_job.c
diff --git a/src/charon/processing/jobs/rekey_child_sa_job.h b/src/libcharon/processing/jobs/rekey_child_sa_job.h
index 62887d6b9..62887d6b9 100644
--- a/src/charon/processing/jobs/rekey_child_sa_job.h
+++ b/src/libcharon/processing/jobs/rekey_child_sa_job.h
diff --git a/src/charon/processing/jobs/rekey_ike_sa_job.c b/src/libcharon/processing/jobs/rekey_ike_sa_job.c
index 5ec0b1b88..5ec0b1b88 100644
--- a/src/charon/processing/jobs/rekey_ike_sa_job.c
+++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.c
diff --git a/src/charon/processing/jobs/rekey_ike_sa_job.h b/src/libcharon/processing/jobs/rekey_ike_sa_job.h
index a5c1028aa..a5c1028aa 100644
--- a/src/charon/processing/jobs/rekey_ike_sa_job.h
+++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.h
diff --git a/src/charon/processing/jobs/retransmit_job.c b/src/libcharon/processing/jobs/retransmit_job.c
index fc787f208..fc787f208 100644
--- a/src/charon/processing/jobs/retransmit_job.c
+++ b/src/libcharon/processing/jobs/retransmit_job.c
diff --git a/src/charon/processing/jobs/retransmit_job.h b/src/libcharon/processing/jobs/retransmit_job.h
index c8c13479b..c8c13479b 100644
--- a/src/charon/processing/jobs/retransmit_job.h
+++ b/src/libcharon/processing/jobs/retransmit_job.h
diff --git a/src/charon/processing/jobs/roam_job.c b/src/libcharon/processing/jobs/roam_job.c
index adc884a8a..adc884a8a 100644
--- a/src/charon/processing/jobs/roam_job.c
+++ b/src/libcharon/processing/jobs/roam_job.c
diff --git a/src/charon/processing/jobs/roam_job.h b/src/libcharon/processing/jobs/roam_job.h
index 55bdf2b28..55bdf2b28 100644
--- a/src/charon/processing/jobs/roam_job.h
+++ b/src/libcharon/processing/jobs/roam_job.h
diff --git a/src/charon/processing/jobs/send_dpd_job.c b/src/libcharon/processing/jobs/send_dpd_job.c
index 1c2da52b8..1c2da52b8 100644
--- a/src/charon/processing/jobs/send_dpd_job.c
+++ b/src/libcharon/processing/jobs/send_dpd_job.c
diff --git a/src/charon/processing/jobs/send_dpd_job.h b/src/libcharon/processing/jobs/send_dpd_job.h
index 8078a38bc..8078a38bc 100644
--- a/src/charon/processing/jobs/send_dpd_job.h
+++ b/src/libcharon/processing/jobs/send_dpd_job.h
diff --git a/src/charon/processing/jobs/send_keepalive_job.c b/src/libcharon/processing/jobs/send_keepalive_job.c
index 3d02cea2e..3d02cea2e 100644
--- a/src/charon/processing/jobs/send_keepalive_job.c
+++ b/src/libcharon/processing/jobs/send_keepalive_job.c
diff --git a/src/charon/processing/jobs/send_keepalive_job.h b/src/libcharon/processing/jobs/send_keepalive_job.h
index cda83cd7e..cda83cd7e 100644
--- a/src/charon/processing/jobs/send_keepalive_job.h
+++ b/src/libcharon/processing/jobs/send_keepalive_job.h
diff --git a/src/charon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c
index 17dce2548..17dce2548 100644
--- a/src/charon/processing/jobs/update_sa_job.c
+++ b/src/libcharon/processing/jobs/update_sa_job.c
diff --git a/src/charon/processing/jobs/update_sa_job.h b/src/libcharon/processing/jobs/update_sa_job.h
index 11d1ac9b6..11d1ac9b6 100644
--- a/src/charon/processing/jobs/update_sa_job.h
+++ b/src/libcharon/processing/jobs/update_sa_job.h
diff --git a/src/charon/processing/processor.c b/src/libcharon/processing/processor.c
index d5774af26..d5774af26 100644
--- a/src/charon/processing/processor.c
+++ b/src/libcharon/processing/processor.c
diff --git a/src/charon/processing/processor.h b/src/libcharon/processing/processor.h
index 5bf8cf573..5bf8cf573 100644
--- a/src/charon/processing/processor.h
+++ b/src/libcharon/processing/processor.h
diff --git a/src/charon/processing/scheduler.c b/src/libcharon/processing/scheduler.c
index 345af502a..345af502a 100644
--- a/src/charon/processing/scheduler.c
+++ b/src/libcharon/processing/scheduler.c
diff --git a/src/charon/processing/scheduler.h b/src/libcharon/processing/scheduler.h
index 5f5d2a563..5f5d2a563 100644
--- a/src/charon/processing/scheduler.h
+++ b/src/libcharon/processing/scheduler.h
diff --git a/src/charon/sa/authenticators/authenticator.c b/src/libcharon/sa/authenticators/authenticator.c
index 13586a23e..13586a23e 100644
--- a/src/charon/sa/authenticators/authenticator.c
+++ b/src/libcharon/sa/authenticators/authenticator.c
diff --git a/src/charon/sa/authenticators/authenticator.h b/src/libcharon/sa/authenticators/authenticator.h
index fff91ed34..fff91ed34 100644
--- a/src/charon/sa/authenticators/authenticator.h
+++ b/src/libcharon/sa/authenticators/authenticator.h
diff --git a/src/charon/sa/authenticators/eap/eap_manager.c b/src/libcharon/sa/authenticators/eap/eap_manager.c
index f795183f0..f795183f0 100644
--- a/src/charon/sa/authenticators/eap/eap_manager.c
+++ b/src/libcharon/sa/authenticators/eap/eap_manager.c
diff --git a/src/charon/sa/authenticators/eap/eap_manager.h b/src/libcharon/sa/authenticators/eap/eap_manager.h
index 0333fb6da..0333fb6da 100644
--- a/src/charon/sa/authenticators/eap/eap_manager.h
+++ b/src/libcharon/sa/authenticators/eap/eap_manager.h
diff --git a/src/charon/sa/authenticators/eap/eap_method.c b/src/libcharon/sa/authenticators/eap/eap_method.c
index 91fa5305f..91fa5305f 100644
--- a/src/charon/sa/authenticators/eap/eap_method.c
+++ b/src/libcharon/sa/authenticators/eap/eap_method.c
diff --git a/src/charon/sa/authenticators/eap/eap_method.h b/src/libcharon/sa/authenticators/eap/eap_method.h
index 4cab84535..4cab84535 100644
--- a/src/charon/sa/authenticators/eap/eap_method.h
+++ b/src/libcharon/sa/authenticators/eap/eap_method.h
diff --git a/src/charon/sa/authenticators/eap/sim_manager.c b/src/libcharon/sa/authenticators/eap/sim_manager.c
index 5060a3147..157865083 100644
--- a/src/charon/sa/authenticators/eap/sim_manager.c
+++ b/src/libcharon/sa/authenticators/eap/sim_manager.c
@@ -450,27 +450,20 @@ static void remove_hooks(private_sim_manager_t *this, sim_hooks_t *hooks)
}
/**
- * Implementation of sim_manager_t.attribute_hook
+ * Implementation of sim_manager_t.message_hook
*/
-static bool attribute_hook(private_sim_manager_t *this, eap_code_t code,
- eap_type_t type, u_int8_t subtype,
- u_int8_t attribute, chunk_t data)
+static void message_hook(private_sim_manager_t *this,
+ simaka_message_t *message, bool inbound, bool decrypted)
{
enumerator_t *enumerator;
sim_hooks_t *hooks;
- bool filter = FALSE;
enumerator = this->hooks->create_enumerator(this->hooks);
while (enumerator->enumerate(enumerator, &hooks))
{
- if (hooks->attribute(hooks, code, type, subtype, attribute, data))
- {
- filter = TRUE;
- break;
- }
+ hooks->message(hooks, message, inbound, decrypted);
}
enumerator->destroy(enumerator);
- return filter;
}
/**
@@ -528,7 +521,7 @@ sim_manager_t *sim_manager_create()
this->public.provider_gen_reauth = (identification_t*(*)(sim_manager_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))provider_gen_reauth;
this->public.add_hooks = (void(*)(sim_manager_t*, sim_hooks_t *hooks))add_hooks;
this->public.remove_hooks = (void(*)(sim_manager_t*, sim_hooks_t *hooks))remove_hooks;
- this->public.attribute_hook = (bool(*)(sim_manager_t*, eap_code_t code, eap_type_t type, u_int8_t subtype, u_int8_t attribute, chunk_t data))attribute_hook;
+ this->public.message_hook = (void(*)(sim_manager_t*, simaka_message_t *message, bool inbound, bool decrypted))message_hook;
this->public.key_hook = (void(*)(sim_manager_t*, chunk_t k_encr, chunk_t k_auth))key_hook;
this->public.destroy = (void(*)(sim_manager_t*))destroy;
diff --git a/src/charon/sa/authenticators/eap/sim_manager.h b/src/libcharon/sa/authenticators/eap/sim_manager.h
index 49d27cbaa..9aa661ac8 100644
--- a/src/charon/sa/authenticators/eap/sim_manager.h
+++ b/src/libcharon/sa/authenticators/eap/sim_manager.h
@@ -31,6 +31,9 @@ typedef struct sim_card_t sim_card_t;
typedef struct sim_provider_t sim_provider_t;
typedef struct sim_hooks_t sim_hooks_t;
+/** implemented in libsimaka, but we need it for the message hook */
+typedef struct simaka_message_t simaka_message_t;
+
#define SIM_RAND_LEN 16
#define SIM_SRES_LEN 4
#define SIM_KC_LEN 8
@@ -245,17 +248,17 @@ struct sim_provider_t {
struct sim_hooks_t {
/**
- * SIM/AKA attribute parsing hook.
+ * SIM/AKA message parsing.
+ *
+ * As a SIM/AKA optionally contains encrypted attributes, the hook
+ * might get invoked twice, once before and once after decryption.
*
- * @param code code of EAP message the attribute was parsed from
- * @param type EAP method, SIM or AKA
- * @param subtye method specific subtype
- * @param attribute parsed SIM/AKA attribute type
- * @param data attribute data
- * @return TRUE to filter out attribute from further processing
+ * @param message SIM/AKA message
+ * @param inbound TRUE for incoming messages, FALSE for outgoing
+ * @param decrypted TRUE if AT_ENCR_DATA has been decrypted
*/
- bool (*attribute)(sim_hooks_t *this, eap_code_t code, eap_type_t type,
- u_int8_t subtype, u_int8_t attribute, chunk_t data);
+ void (*message)(sim_hooks_t *this, simaka_message_t *message,
+ bool inbound, bool decrypted);
/**
* SIM/AKA encryption/authentication key hooks.
@@ -478,18 +481,14 @@ struct sim_manager_t {
void (*remove_hooks)(sim_manager_t *this, sim_hooks_t *hooks);
/**
- * Invoke SIM/AKA attribute hook.
+ * Invoke SIM/AKA message hook.
*
- * @param code EAP message code (Request/response/success/failed)
- * @param type EAP method type, EAP-SIM or AKA
- * @param subtype method specific message subtype
- * @param attribute SIM/AKA attribute type
- * @param data attribute data
- * @return TRUE to filter out attribute from further processing
+ * @param message SIM message
+ * @param inbound TRUE for incoming messages, FALSE for outgoing
+ * @param decrypted TRUE if AT_ENCR_DATA has been decrypted
*/
- bool (*attribute_hook)(sim_manager_t *this, eap_code_t code,
- eap_type_t type, u_int8_t subtype,
- u_int8_t attribute, chunk_t data);
+ void (*message_hook)(sim_manager_t *this, simaka_message_t *message,
+ bool inbound, bool decrypted);
/**
* Invoke SIM/AKA key hook.
diff --git a/src/charon/sa/authenticators/eap_authenticator.c b/src/libcharon/sa/authenticators/eap_authenticator.c
index 16911050a..4617c4d8d 100644
--- a/src/charon/sa/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/authenticators/eap_authenticator.c
@@ -251,7 +251,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
case NEED_MORE:
return out;
case SUCCESS:
- if (type == EAP_IDENTITY)
+ if (!vendor && type == EAP_IDENTITY)
{
chunk_t data;
diff --git a/src/charon/sa/authenticators/eap_authenticator.h b/src/libcharon/sa/authenticators/eap_authenticator.h
index 41eb6a8c9..41eb6a8c9 100644
--- a/src/charon/sa/authenticators/eap_authenticator.h
+++ b/src/libcharon/sa/authenticators/eap_authenticator.h
diff --git a/src/charon/sa/authenticators/psk_authenticator.c b/src/libcharon/sa/authenticators/psk_authenticator.c
index 67197d690..67197d690 100644
--- a/src/charon/sa/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/authenticators/psk_authenticator.c
diff --git a/src/charon/sa/authenticators/psk_authenticator.h b/src/libcharon/sa/authenticators/psk_authenticator.h
index 0fab11095..0fab11095 100644
--- a/src/charon/sa/authenticators/psk_authenticator.h
+++ b/src/libcharon/sa/authenticators/psk_authenticator.h
diff --git a/src/charon/sa/authenticators/pubkey_authenticator.c b/src/libcharon/sa/authenticators/pubkey_authenticator.c
index f1dca2702..f1dca2702 100644
--- a/src/charon/sa/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/authenticators/pubkey_authenticator.c
diff --git a/src/charon/sa/authenticators/pubkey_authenticator.h b/src/libcharon/sa/authenticators/pubkey_authenticator.h
index be369cb89..be369cb89 100644
--- a/src/charon/sa/authenticators/pubkey_authenticator.h
+++ b/src/libcharon/sa/authenticators/pubkey_authenticator.h
diff --git a/src/charon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 3fdfb51ad..3fdfb51ad 100644
--- a/src/charon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
diff --git a/src/charon/sa/child_sa.h b/src/libcharon/sa/child_sa.h
index d70bed664..e6c603504 100644
--- a/src/charon/sa/child_sa.h
+++ b/src/libcharon/sa/child_sa.h
@@ -322,7 +322,7 @@ struct child_sa_t {
};
/**
- * Constructor to create a new child_sa_t.
+ * Constructor to create a child SA negotiated with IKE.
*
* @param me own address
* @param other remote address
diff --git a/src/charon/sa/connect_manager.c b/src/libcharon/sa/connect_manager.c
index b78ba070d..b78ba070d 100644
--- a/src/charon/sa/connect_manager.c
+++ b/src/libcharon/sa/connect_manager.c
diff --git a/src/charon/sa/connect_manager.h b/src/libcharon/sa/connect_manager.h
index 8fa8ff697..8fa8ff697 100644
--- a/src/charon/sa/connect_manager.h
+++ b/src/libcharon/sa/connect_manager.h
diff --git a/src/charon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 975a0904a..023f0749f 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -25,6 +25,7 @@
#include <library.h>
#include <daemon.h>
+#include <hydra.h>
#include <utils/linked_list.h>
#include <utils/lexparser.h>
#include <sa/task_manager.h>
@@ -423,7 +424,7 @@ static void flush_auth_cfgs(private_ike_sa_t *this)
{
auth_cfg_t *cfg;
- if (lib->settings->get_bool(lib->settings, "charon.flush_auth_cfg", TRUE))
+ if (lib->settings->get_bool(lib->settings, "charon.flush_auth_cfg", FALSE))
{
while (this->my_auths->remove_last(this->my_auths,
(void**)&cfg) == SUCCESS)
@@ -1117,7 +1118,7 @@ static void resolve_hosts(private_ike_sa_t *this)
else
{
host = host_create_from_dns(this->ike_cfg->get_other_addr(this->ike_cfg),
- 0, IKEV2_UDP_PORT);
+ 0, this->ike_cfg->get_other_port(this->ike_cfg));
}
if (host)
{
@@ -1139,7 +1140,7 @@ static void resolve_hosts(private_ike_sa_t *this)
family = this->other_host->get_family(this->other_host);
}
host = host_create_from_dns(this->ike_cfg->get_my_addr(this->ike_cfg),
- family, IKEV2_UDP_PORT);
+ family, this->ike_cfg->get_my_port(this->ike_cfg));
if (host && host->is_anyaddr(host) &&
!this->other_host->is_anyaddr(this->other_host))
@@ -1149,13 +1150,13 @@ static void resolve_hosts(private_ike_sa_t *this)
charon->kernel_interface, this->other_host, NULL);
if (host)
{
- host->set_port(host, IKEV2_UDP_PORT);
+ host->set_port(host, this->ike_cfg->get_my_port(this->ike_cfg));
}
else
{ /* fallback to address family specific %any(6), if configured */
host = host_create_from_dns(
- this->ike_cfg->get_my_addr(this->ike_cfg),
- 0, IKEV2_UDP_PORT);
+ this->ike_cfg->get_my_addr(this->ike_cfg),
+ 0, this->ike_cfg->get_my_port(this->ike_cfg));
}
}
}
@@ -1191,10 +1192,10 @@ static status_t initiate(private_ike_sa_t *this,
set_condition(this, COND_ORIGINAL_INITIATOR, TRUE);
- task = (task_t*)ike_init_create(&this->public, TRUE, NULL);
- this->task_manager->queue_task(this->task_manager, task);
task = (task_t*)ike_vendor_create(&this->public, TRUE);
this->task_manager->queue_task(this->task_manager, task);
+ task = (task_t*)ike_init_create(&this->public, TRUE, NULL);
+ this->task_manager->queue_task(this->task_manager, task);
task = (task_t*)ike_natd_create(&this->public, TRUE);
this->task_manager->queue_task(this->task_manager, task);
task = (task_t*)ike_cert_pre_create(&this->public, TRUE);
@@ -1408,6 +1409,38 @@ static identification_t* get_other_id(private_ike_sa_t *this)
}
/**
+ * Implementation of ike_sa_t.get_other_eap_id.
+ */
+static identification_t* get_other_eap_id(private_ike_sa_t *this)
+{
+ identification_t *id = NULL, *current;
+ enumerator_t *enumerator;
+ auth_cfg_t *cfg;
+
+ enumerator = this->other_auths->create_enumerator(this->other_auths);
+ while (enumerator->enumerate(enumerator, &cfg))
+ {
+ /* prefer EAP-Identity of last round */
+ current = cfg->get(cfg, AUTH_RULE_EAP_IDENTITY);
+ if (!current || current->get_type(current) == ID_ANY)
+ {
+ current = cfg->get(cfg, AUTH_RULE_IDENTITY);
+ }
+ if (current && current->get_type(current) != ID_ANY)
+ {
+ id = current;
+ continue;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (id)
+ {
+ return id;
+ }
+ return this->other_id;
+}
+
+/**
* Implementation of ike_sa_t.set_other_id.
*/
static void set_other_id(private_ike_sa_t *this, identification_t *other)
@@ -1528,6 +1561,7 @@ static status_t delete_(private_ike_sa_t *this)
default:
DBG1(DBG_IKE, "destroying IKE_SA in state %N "
"without notification", ike_sa_state_names, this->state);
+ charon->bus->ike_updown(charon->bus, &this->public, FALSE);
break;
}
return DESTROY_ME;
@@ -2002,8 +2036,8 @@ static void destroy(private_ike_sa_t *this)
while (this->attributes->remove_last(this->attributes,
(void**)&entry) == SUCCESS)
{
- lib->attributes->release(lib->attributes, entry->handler,
- this->other_id, entry->type, entry->data);
+ hydra->attributes->release(hydra->attributes, entry->handler,
+ this->other_id, entry->type, entry->data);
free(entry->data.ptr);
free(entry);
}
@@ -2027,9 +2061,9 @@ static void destroy(private_ike_sa_t *this)
{
if (this->peer_cfg && this->peer_cfg->get_pool(this->peer_cfg))
{
- lib->attributes->release_address(lib->attributes,
- this->peer_cfg->get_pool(this->peer_cfg),
- this->other_virtual_ip, this->other_id);
+ hydra->attributes->release_address(hydra->attributes,
+ this->peer_cfg->get_pool(this->peer_cfg),
+ this->other_virtual_ip, get_other_eap_id(this));
}
this->other_virtual_ip->destroy(this->other_virtual_ip);
}
@@ -2102,6 +2136,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
this->public.set_my_id = (void (*)(ike_sa_t*,identification_t*)) set_my_id;
this->public.get_other_id = (identification_t* (*)(ike_sa_t*)) get_other_id;
this->public.set_other_id = (void (*)(ike_sa_t*,identification_t*)) set_other_id;
+ this->public.get_other_eap_id = (identification_t* (*)(ike_sa_t*)) get_other_eap_id;
this->public.enable_extension = (void(*)(ike_sa_t*, ike_extension_t extension))enable_extension;
this->public.supports_extension = (bool(*)(ike_sa_t*, ike_extension_t extension))supports_extension;
this->public.set_condition = (void (*)(ike_sa_t*, ike_condition_t,bool)) set_condition;
diff --git a/src/charon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index 4dce1937c..c61502edf 100644
--- a/src/charon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -31,6 +31,7 @@ typedef enum statistic_t statistic_t;
typedef struct ike_sa_t ike_sa_t;
#include <library.h>
+#include <attributes/attribute_handler.h>
#include <encoding/message.h>
#include <encoding/payloads/proposal_substructure.h>
#include <encoding/payloads/configuration_attribute.h>
@@ -359,6 +360,13 @@ struct ike_sa_t {
identification_t* (*get_other_id) (ike_sa_t *this);
/**
+ * Get the others peer identity, but prefer an EAP-Identity.
+ *
+ * @return EAP or IKEv2 identity
+ */
+ identification_t* (*get_other_eap_id)(ike_sa_t *this);
+
+ /**
* Set the other peer's identification.
*
* @param other identification
diff --git a/src/charon/sa/ike_sa_id.c b/src/libcharon/sa/ike_sa_id.c
index 94c5405f2..94c5405f2 100644
--- a/src/charon/sa/ike_sa_id.c
+++ b/src/libcharon/sa/ike_sa_id.c
diff --git a/src/charon/sa/ike_sa_id.h b/src/libcharon/sa/ike_sa_id.h
index a833aa9d6..a833aa9d6 100644
--- a/src/charon/sa/ike_sa_id.h
+++ b/src/libcharon/sa/ike_sa_id.h
diff --git a/src/charon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 3ef0f3bb0..3ef0f3bb0 100644
--- a/src/charon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
diff --git a/src/charon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h
index 38f5454e1..38f5454e1 100644
--- a/src/charon/sa/ike_sa_manager.h
+++ b/src/libcharon/sa/ike_sa_manager.h
diff --git a/src/charon/sa/keymat.c b/src/libcharon/sa/keymat.c
index e49626354..837cbe428 100644
--- a/src/charon/sa/keymat.c
+++ b/src/libcharon/sa/keymat.c
@@ -99,8 +99,8 @@ struct keylen_entry_t {
* Keylen for encryption algos
*/
keylen_entry_t keylen_enc[] = {
- {ENCR_DES, 64},
- {ENCR_3DES, 192},
+ {ENCR_DES, 64},
+ {ENCR_3DES, 192},
{END_OF_LIST, 0}
};
@@ -108,7 +108,7 @@ keylen_entry_t keylen_enc[] = {
* Keylen for integrity algos
*/
keylen_entry_t keylen_int[] = {
- {AUTH_HMAC_MD5_96, 128},
+ {AUTH_HMAC_MD5_96, 128},
{AUTH_HMAC_SHA1_96, 160},
{AUTH_HMAC_SHA2_256_96, 256},
{AUTH_HMAC_SHA2_256_128, 256},
@@ -414,7 +414,7 @@ static bool derive_child_keys(private_keymat_t *this,
/* to bytes */
enc_size /= 8;
- /* CCM/GCM/CTR needs additional bytes */
+ /* CCM/GCM/CTR/GMAC needs additional bytes */
switch (enc_alg)
{
case ENCR_AES_CCM_ICV8:
@@ -429,6 +429,7 @@ static bool derive_child_keys(private_keymat_t *this,
case ENCR_AES_GCM_ICV12:
case ENCR_AES_GCM_ICV16:
case ENCR_AES_CTR:
+ case ENCR_NULL_AUTH_AES_GMAC:
enc_size += 4;
break;
default:
diff --git a/src/charon/sa/keymat.h b/src/libcharon/sa/keymat.h
index e51709e8d..e51709e8d 100644
--- a/src/charon/sa/keymat.h
+++ b/src/libcharon/sa/keymat.h
diff --git a/src/charon/sa/mediation_manager.c b/src/libcharon/sa/mediation_manager.c
index 035f49053..035f49053 100644
--- a/src/charon/sa/mediation_manager.c
+++ b/src/libcharon/sa/mediation_manager.c
diff --git a/src/charon/sa/mediation_manager.h b/src/libcharon/sa/mediation_manager.h
index 31a16f69c..31a16f69c 100644
--- a/src/charon/sa/mediation_manager.h
+++ b/src/libcharon/sa/mediation_manager.h
diff --git a/src/charon/sa/task_manager.c b/src/libcharon/sa/task_manager.c
index 1de0c06f0..eeda6c860 100644
--- a/src/charon/sa/task_manager.c
+++ b/src/libcharon/sa/task_manager.c
@@ -307,11 +307,11 @@ static status_t build_request(private_task_manager_t *this)
switch (this->ike_sa->get_state(this->ike_sa))
{
case IKE_CREATED:
+ activate_task(this, IKE_VENDOR);
if (activate_task(this, IKE_INIT))
{
this->initiating.mid = 0;
exchange = IKE_SA_INIT;
- activate_task(this, IKE_VENDOR);
activate_task(this, IKE_NATD);
activate_task(this, IKE_CERT_PRE);
#ifdef ME
@@ -696,10 +696,10 @@ static status_t process_request(private_task_manager_t *this,
{
case IKE_SA_INIT:
{
- task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL);
- this->passive_tasks->insert_last(this->passive_tasks, task);
task = (task_t*)ike_vendor_create(this->ike_sa, FALSE);
this->passive_tasks->insert_last(this->passive_tasks, task);
+ task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL);
+ this->passive_tasks->insert_last(this->passive_tasks, task);
task = (task_t*)ike_natd_create(this->ike_sa, FALSE);
this->passive_tasks->insert_last(this->passive_tasks, task);
task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE);
@@ -926,6 +926,7 @@ static status_t process_message(private_task_manager_t *this, message_t *msg)
{
if (mid == this->initiating.mid)
{
+ charon->bus->message(charon->bus, msg, TRUE);
if (process_response(this, msg) != SUCCESS)
{
flush(this);
diff --git a/src/charon/sa/task_manager.h b/src/libcharon/sa/task_manager.h
index 731ed4898..731ed4898 100644
--- a/src/charon/sa/task_manager.h
+++ b/src/libcharon/sa/task_manager.h
diff --git a/src/charon/sa/tasks/child_create.c b/src/libcharon/sa/tasks/child_create.c
index 3f002f263..bea4f73d5 100644
--- a/src/charon/sa/tasks/child_create.c
+++ b/src/libcharon/sa/tasks/child_create.c
@@ -329,11 +329,11 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh)
this->dh_group = group;
return INVALID_ARG;
}
- else
- {
- DBG1(DBG_IKE, "no acceptable proposal found");
- return FAILED;
- }
+ /* the selected proposal does not use a DH group */
+ DBG1(DBG_IKE, "ignoring KE exchange, agreed on a non-PFS proposal");
+ DESTROY_IF(this->dh);
+ this->dh = NULL;
+ this->dh_group = MODP_NONE;
}
if (my_vip == NULL)
diff --git a/src/charon/sa/tasks/child_create.h b/src/libcharon/sa/tasks/child_create.h
index 5dedeb8b1..5dedeb8b1 100644
--- a/src/charon/sa/tasks/child_create.h
+++ b/src/libcharon/sa/tasks/child_create.h
diff --git a/src/charon/sa/tasks/child_delete.c b/src/libcharon/sa/tasks/child_delete.c
index d7c6b0541..d7c6b0541 100644
--- a/src/charon/sa/tasks/child_delete.c
+++ b/src/libcharon/sa/tasks/child_delete.c
diff --git a/src/charon/sa/tasks/child_delete.h b/src/libcharon/sa/tasks/child_delete.h
index 365807c68..365807c68 100644
--- a/src/charon/sa/tasks/child_delete.h
+++ b/src/libcharon/sa/tasks/child_delete.h
diff --git a/src/charon/sa/tasks/child_rekey.c b/src/libcharon/sa/tasks/child_rekey.c
index b5e4e84b4..b5e4e84b4 100644
--- a/src/charon/sa/tasks/child_rekey.c
+++ b/src/libcharon/sa/tasks/child_rekey.c
diff --git a/src/charon/sa/tasks/child_rekey.h b/src/libcharon/sa/tasks/child_rekey.h
index 9b1aea5fa..9b1aea5fa 100644
--- a/src/charon/sa/tasks/child_rekey.h
+++ b/src/libcharon/sa/tasks/child_rekey.h
diff --git a/src/charon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c
index a07f96767..a07f96767 100644
--- a/src/charon/sa/tasks/ike_auth.c
+++ b/src/libcharon/sa/tasks/ike_auth.c
diff --git a/src/charon/sa/tasks/ike_auth.h b/src/libcharon/sa/tasks/ike_auth.h
index bba46d961..bba46d961 100644
--- a/src/charon/sa/tasks/ike_auth.h
+++ b/src/libcharon/sa/tasks/ike_auth.h
diff --git a/src/charon/sa/tasks/ike_auth_lifetime.c b/src/libcharon/sa/tasks/ike_auth_lifetime.c
index 75ff35168..75ff35168 100644
--- a/src/charon/sa/tasks/ike_auth_lifetime.c
+++ b/src/libcharon/sa/tasks/ike_auth_lifetime.c
diff --git a/src/charon/sa/tasks/ike_auth_lifetime.h b/src/libcharon/sa/tasks/ike_auth_lifetime.h
index 3b129b9e3..3b129b9e3 100644
--- a/src/charon/sa/tasks/ike_auth_lifetime.h
+++ b/src/libcharon/sa/tasks/ike_auth_lifetime.h
diff --git a/src/charon/sa/tasks/ike_cert_post.c b/src/libcharon/sa/tasks/ike_cert_post.c
index c831df975..c831df975 100644
--- a/src/charon/sa/tasks/ike_cert_post.c
+++ b/src/libcharon/sa/tasks/ike_cert_post.c
diff --git a/src/charon/sa/tasks/ike_cert_post.h b/src/libcharon/sa/tasks/ike_cert_post.h
index a21f45927..a21f45927 100644
--- a/src/charon/sa/tasks/ike_cert_post.h
+++ b/src/libcharon/sa/tasks/ike_cert_post.h
diff --git a/src/charon/sa/tasks/ike_cert_pre.c b/src/libcharon/sa/tasks/ike_cert_pre.c
index 0805d0290..0805d0290 100644
--- a/src/charon/sa/tasks/ike_cert_pre.c
+++ b/src/libcharon/sa/tasks/ike_cert_pre.c
diff --git a/src/charon/sa/tasks/ike_cert_pre.h b/src/libcharon/sa/tasks/ike_cert_pre.h
index 1541b80e5..1541b80e5 100644
--- a/src/charon/sa/tasks/ike_cert_pre.h
+++ b/src/libcharon/sa/tasks/ike_cert_pre.h
diff --git a/src/charon/sa/tasks/ike_config.c b/src/libcharon/sa/tasks/ike_config.c
index f010439fe..58bcf0762 100644
--- a/src/charon/sa/tasks/ike_config.c
+++ b/src/libcharon/sa/tasks/ike_config.c
@@ -17,6 +17,7 @@
#include "ike_config.h"
#include <daemon.h>
+#include <hydra.h>
#include <encoding/payloads/cp_payload.h>
typedef struct private_ike_config_t private_ike_config_t;
@@ -125,7 +126,7 @@ static void handle_attribute(private_ike_config_t *this,
enumerator->destroy(enumerator);
/* and pass it to the handle function */
- handler = lib->attributes->handle(lib->attributes,
+ handler = hydra->attributes->handle(hydra->attributes,
this->ike_sa->get_other_id(this->ike_sa), handler,
ca->get_type(ca), ca->get_value(ca));
if (handler)
@@ -252,7 +253,7 @@ static status_t build_i(private_ike_config_t *this, message_t *message)
cp->add_attribute(cp, build_vip(vip));
}
- enumerator = lib->attributes->create_initiator_enumerator(lib->attributes,
+ enumerator = hydra->attributes->create_initiator_enumerator(hydra->attributes,
this->ike_sa->get_other_id(this->ike_sa), vip);
while (enumerator->enumerate(enumerator, &handler, &type, &data))
{
@@ -299,38 +300,6 @@ static status_t process_r(private_ike_config_t *this, message_t *message)
}
/**
- * Find a peer (EAP) identity to query provider for attributes
- */
-static identification_t *get_peer_identity(private_ike_config_t *this)
-{
- identification_t *id = NULL, *current;
- enumerator_t *enumerator;
- auth_cfg_t *cfg;
-
- enumerator = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, FALSE);
- while (enumerator->enumerate(enumerator, &cfg))
- {
- /* prefer EAP-Identity of last round */
- current = cfg->get(cfg, AUTH_RULE_EAP_IDENTITY);
- if (!current || current->get_type(current) == ID_ANY)
- {
- current = cfg->get(cfg, AUTH_RULE_IDENTITY);
- }
- if (current && current->get_type(current) != ID_ANY)
- {
- id = current;
- continue;
- }
- }
- enumerator->destroy(enumerator);
- if (!id)
- { /* fallback, should not happen */
- id = this->ike_sa->get_other_id(this->ike_sa);
- }
- return id;
-}
-
-/**
* Implementation of task_t.build for responder
*/
static status_t build_r(private_ike_config_t *this, message_t *message)
@@ -345,7 +314,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
peer_cfg_t *config;
identification_t *id;
- id = get_peer_identity(this);
+ id = this->ike_sa->get_other_eap_id(this->ike_sa);
config = this->ike_sa->get_peer_cfg(this->ike_sa);
if (config && this->virtual_ip)
@@ -353,7 +322,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip);
if (config->get_pool(config))
{
- vip = lib->attributes->acquire_address(lib->attributes,
+ vip = hydra->attributes->acquire_address(hydra->attributes,
config->get_pool(config), id, this->virtual_ip);
}
if (vip == NULL)
@@ -372,8 +341,8 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
}
/* query registered providers for additional attributes to include */
- enumerator = lib->attributes->create_responder_enumerator(
- lib->attributes, id, vip);
+ enumerator = hydra->attributes->create_responder_enumerator(
+ hydra->attributes, id, vip);
while (enumerator->enumerate(enumerator, &type, &value))
{
if (!cp)
diff --git a/src/charon/sa/tasks/ike_config.h b/src/libcharon/sa/tasks/ike_config.h
index 8cef08697..8cef08697 100644
--- a/src/charon/sa/tasks/ike_config.h
+++ b/src/libcharon/sa/tasks/ike_config.h
diff --git a/src/charon/sa/tasks/ike_delete.c b/src/libcharon/sa/tasks/ike_delete.c
index 130948836..130948836 100644
--- a/src/charon/sa/tasks/ike_delete.c
+++ b/src/libcharon/sa/tasks/ike_delete.c
diff --git a/src/charon/sa/tasks/ike_delete.h b/src/libcharon/sa/tasks/ike_delete.h
index 82782f393..82782f393 100644
--- a/src/charon/sa/tasks/ike_delete.h
+++ b/src/libcharon/sa/tasks/ike_delete.h
diff --git a/src/charon/sa/tasks/ike_dpd.c b/src/libcharon/sa/tasks/ike_dpd.c
index 4c6ba7662..4c6ba7662 100644
--- a/src/charon/sa/tasks/ike_dpd.c
+++ b/src/libcharon/sa/tasks/ike_dpd.c
diff --git a/src/charon/sa/tasks/ike_dpd.h b/src/libcharon/sa/tasks/ike_dpd.h
index 36388d15b..36388d15b 100644
--- a/src/charon/sa/tasks/ike_dpd.h
+++ b/src/libcharon/sa/tasks/ike_dpd.h
diff --git a/src/charon/sa/tasks/ike_init.c b/src/libcharon/sa/tasks/ike_init.c
index 5eb33b540..5eb33b540 100644
--- a/src/charon/sa/tasks/ike_init.c
+++ b/src/libcharon/sa/tasks/ike_init.c
diff --git a/src/charon/sa/tasks/ike_init.h b/src/libcharon/sa/tasks/ike_init.h
index 7bd784cff..7bd784cff 100644
--- a/src/charon/sa/tasks/ike_init.h
+++ b/src/libcharon/sa/tasks/ike_init.h
diff --git a/src/charon/sa/tasks/ike_me.c b/src/libcharon/sa/tasks/ike_me.c
index 2d2847ae0..2d2847ae0 100644
--- a/src/charon/sa/tasks/ike_me.c
+++ b/src/libcharon/sa/tasks/ike_me.c
diff --git a/src/charon/sa/tasks/ike_me.h b/src/libcharon/sa/tasks/ike_me.h
index 31285a426..31285a426 100644
--- a/src/charon/sa/tasks/ike_me.h
+++ b/src/libcharon/sa/tasks/ike_me.h
diff --git a/src/charon/sa/tasks/ike_mobike.c b/src/libcharon/sa/tasks/ike_mobike.c
index d76ba8d2b..a62886f02 100644
--- a/src/charon/sa/tasks/ike_mobike.c
+++ b/src/libcharon/sa/tasks/ike_mobike.c
@@ -269,12 +269,36 @@ static void update_children(private_ike_mobike_t *this)
}
/**
+ * Apply port of old address if it equals new, port otherwise
+ */
+static void apply_port(private_ike_mobike_t *this, host_t *host, host_t *old,
+ u_int16_t port)
+{
+ if (host->ip_equals(host, old))
+ {
+ host->set_port(host, old->get_port(old));
+ }
+ else
+ {
+ if (port == IKEV2_UDP_PORT)
+ {
+ host->set_port(host, IKEV2_NATT_PORT);
+ }
+ else
+ {
+ host->set_port(host, port);
+ }
+ }
+}
+
+/**
* Implementation of ike_mobike_t.transmit
*/
static void transmit(private_ike_mobike_t *this, packet_t *packet)
{
host_t *me, *other, *me_old, *other_old;
iterator_t *iterator;
+ ike_cfg_t *ike_cfg;
packet_t *copy;
if (!this->check)
@@ -284,13 +308,13 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet)
me_old = this->ike_sa->get_my_host(this->ike_sa);
other_old = this->ike_sa->get_other_host(this->ike_sa);
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
me = charon->kernel_interface->get_source_addr(
charon->kernel_interface, other_old, NULL);
if (me)
{
- me->set_port(me, me->ip_equals(me, me_old) ?
- me_old->get_port(me_old) : IKEV2_NATT_PORT);
+ apply_port(this, me, me_old, ike_cfg->get_my_port(ike_cfg));
DBG1(DBG_IKE, "checking original path %#H - %#H", me, other_old);
copy = packet->clone(packet);
copy->set_source(copy, me);
@@ -310,11 +334,9 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet)
continue;
}
/* reuse port for an active address, 4500 otherwise */
- me->set_port(me, me->ip_equals(me, me_old) ?
- me_old->get_port(me_old) : IKEV2_NATT_PORT);
+ apply_port(this, me, me_old, ike_cfg->get_my_port(ike_cfg));
other = other->clone(other);
- other->set_port(other, other->ip_equals(other, other_old) ?
- other_old->get_port(other_old) : IKEV2_NATT_PORT);
+ apply_port(this, other, other_old, ike_cfg->get_other_port(ike_cfg));
DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
copy = packet->clone(packet);
copy->set_source(copy, me);
diff --git a/src/charon/sa/tasks/ike_mobike.h b/src/libcharon/sa/tasks/ike_mobike.h
index 05b2224d1..05b2224d1 100644
--- a/src/charon/sa/tasks/ike_mobike.h
+++ b/src/libcharon/sa/tasks/ike_mobike.h
diff --git a/src/charon/sa/tasks/ike_natd.c b/src/libcharon/sa/tasks/ike_natd.c
index 9121fe2ea..9ea20ba36 100644
--- a/src/charon/sa/tasks/ike_natd.c
+++ b/src/libcharon/sa/tasks/ike_natd.c
@@ -313,6 +313,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
{
notify_payload_t *notify;
enumerator_t *enumerator;
+ ike_cfg_t *ike_cfg;
host_t *host;
if (this->hasher == NULL)
@@ -321,6 +322,8 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
return NEED_MORE;
}
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
+
/* destination is always set */
host = message->get_destination(message);
notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, host);
@@ -343,7 +346,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
this->ike_sa->get_other_host(this->ike_sa), NULL);
if (host)
{ /* 2. */
- host->set_port(host, IKEV2_UDP_PORT);
+ host->set_port(host, ike_cfg->get_my_port(ike_cfg));
notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
message->add_payload(message, (payload_t*)notify);
host->destroy(host);
@@ -356,7 +359,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
{
/* apply port 500 to host, but work on a copy */
host = host->clone(host);
- host->set_port(host, IKEV2_UDP_PORT);
+ host->set_port(host, ike_cfg->get_my_port(ike_cfg));
notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
host->destroy(host);
message->add_payload(message, (payload_t*)notify);
diff --git a/src/charon/sa/tasks/ike_natd.h b/src/libcharon/sa/tasks/ike_natd.h
index 97b652ead..97b652ead 100644
--- a/src/charon/sa/tasks/ike_natd.h
+++ b/src/libcharon/sa/tasks/ike_natd.h
diff --git a/src/charon/sa/tasks/ike_reauth.c b/src/libcharon/sa/tasks/ike_reauth.c
index ac89c358b..ac89c358b 100644
--- a/src/charon/sa/tasks/ike_reauth.c
+++ b/src/libcharon/sa/tasks/ike_reauth.c
diff --git a/src/charon/sa/tasks/ike_reauth.h b/src/libcharon/sa/tasks/ike_reauth.h
index 5e97b719c..5e97b719c 100644
--- a/src/charon/sa/tasks/ike_reauth.h
+++ b/src/libcharon/sa/tasks/ike_reauth.h
diff --git a/src/charon/sa/tasks/ike_rekey.c b/src/libcharon/sa/tasks/ike_rekey.c
index a2275e796..a2275e796 100644
--- a/src/charon/sa/tasks/ike_rekey.c
+++ b/src/libcharon/sa/tasks/ike_rekey.c
diff --git a/src/charon/sa/tasks/ike_rekey.h b/src/libcharon/sa/tasks/ike_rekey.h
index 1c9550768..1c9550768 100644
--- a/src/charon/sa/tasks/ike_rekey.h
+++ b/src/libcharon/sa/tasks/ike_rekey.h
diff --git a/src/charon/sa/tasks/ike_vendor.c b/src/libcharon/sa/tasks/ike_vendor.c
index 7c435b6d1..7c435b6d1 100644
--- a/src/charon/sa/tasks/ike_vendor.c
+++ b/src/libcharon/sa/tasks/ike_vendor.c
diff --git a/src/charon/sa/tasks/ike_vendor.h b/src/libcharon/sa/tasks/ike_vendor.h
index dcdd37424..dcdd37424 100644
--- a/src/charon/sa/tasks/ike_vendor.h
+++ b/src/libcharon/sa/tasks/ike_vendor.h
diff --git a/src/charon/sa/tasks/task.c b/src/libcharon/sa/tasks/task.c
index 0d7383141..0d7383141 100644
--- a/src/charon/sa/tasks/task.c
+++ b/src/libcharon/sa/tasks/task.c
diff --git a/src/charon/sa/tasks/task.h b/src/libcharon/sa/tasks/task.h
index 4468f2ebe..4468f2ebe 100644
--- a/src/charon/sa/tasks/task.h
+++ b/src/libcharon/sa/tasks/task.h
diff --git a/src/charon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
index ed758995a..878170c83 100644
--- a/src/charon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
@@ -127,14 +127,14 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer,
/* try to resolve addresses */
ike_cfg = peer->get_ike_cfg(peer);
other = host_create_from_dns(ike_cfg->get_other_addr(ike_cfg),
- 0, IKEV2_UDP_PORT);
+ 0, ike_cfg->get_other_port(ike_cfg));
if (!other)
{
DBG1(DBG_CFG, "installing trap failed, remote address unknown");
return 0;
}
me = host_create_from_dns(ike_cfg->get_my_addr(ike_cfg),
- other->get_family(other), IKEV2_UDP_PORT);
+ other->get_family(other), ike_cfg->get_my_port(ike_cfg));
if (!me || me->is_anyaddr(me))
{
DESTROY_IF(me);
@@ -146,7 +146,7 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer,
other->destroy(other);
return 0;
}
- me->set_port(me, IKEV2_UDP_PORT);
+ me->set_port(me, ike_cfg->get_my_port(ike_cfg));
}
/* create and route CHILD_SA */
diff --git a/src/charon/sa/trap_manager.h b/src/libcharon/sa/trap_manager.h
index 37b42e2b0..37b42e2b0 100644
--- a/src/charon/sa/trap_manager.h
+++ b/src/libcharon/sa/trap_manager.h
diff --git a/src/libfast/Makefile.am b/src/libfast/Makefile.am
index 870dcd6f1..5a1193658 100644
--- a/src/libfast/Makefile.am
+++ b/src/libfast/Makefile.am
@@ -1,7 +1,7 @@
lib_LTLIBRARIES = libfast.la
libfast_la_SOURCES = context.h dispatcher.c request.h session.h \
- controller.h dispatcher.h request.c session.c filter.h
+ controller.h dispatcher.h request.c session.c filter.h smtp.c smtp.h
libfast_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
-lfcgi -lneo_cgi -lneo_cs -lneo_utl -lz $(PTHREADLIB)
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I/usr/include/ClearSilver
diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in
index e5ed4a289..f6d1f20a5 100644
--- a/src/libfast/Makefile.in
+++ b/src/libfast/Makefile.in
@@ -77,7 +77,7 @@ am__DEPENDENCIES_1 =
libfast_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(am__DEPENDENCIES_1)
-am_libfast_la_OBJECTS = dispatcher.lo request.lo session.lo
+am_libfast_la_OBJECTS = dispatcher.lo request.lo session.lo smtp.lo
libfast_la_OBJECTS = $(am_libfast_la_OBJECTS)
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
@@ -217,6 +217,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,7 +254,7 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
lib_LTLIBRARIES = libfast.la
libfast_la_SOURCES = context.h dispatcher.c request.h session.h \
- controller.h dispatcher.h request.c session.c filter.h
+ controller.h dispatcher.h request.c session.c filter.h smtp.c smtp.h
libfast_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
-lfcgi -lneo_cgi -lneo_cs -lneo_utl -lz $(PTHREADLIB)
@@ -337,6 +338,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dispatcher.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/request.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/session.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smtp.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
diff --git a/src/libfast/request.c b/src/libfast/request.c
index 3f4894c45..6bf596fd8 100644
--- a/src/libfast/request.c
+++ b/src/libfast/request.c
@@ -204,14 +204,20 @@ static char* get_query_data(private_request_t *this, char *name)
}
/**
+ * Implementation of request_t.get_base.
+ */
+static char* get_base(private_request_t *this)
+{
+ return FCGX_GetParam("SCRIPT_NAME", this->req.envp);
+}
+
+/**
* Implementation of request_t.add_cookie.
*/
static void add_cookie(private_request_t *this, char *name, char *value)
{
thread_this->set(thread_this, this);
- cgi_cookie_set (this->cgi, name, value,
- FCGX_GetParam("SCRIPT_NAME", this->req.envp),
- NULL, NULL, 0, 0);
+ cgi_cookie_set (this->cgi, name, value, get_base(this), NULL, NULL, 0, 0);
}
/**
@@ -222,8 +228,7 @@ static void redirect(private_request_t *this, char *fmt, ...)
va_list args;
FCGX_FPrintF(this->req.out, "Status: 303 See Other\n");
- FCGX_FPrintF(this->req.out, "Location: %s%s",
- FCGX_GetParam("SCRIPT_NAME", this->req.envp),
+ FCGX_FPrintF(this->req.out, "Location: %s%s", get_base(this),
*fmt == '/' ? "" : "/");
va_start(args, fmt);
FCGX_VFPrintF(this->req.out, fmt, args);
@@ -232,21 +237,30 @@ static void redirect(private_request_t *this, char *fmt, ...)
}
/**
- * Implementation of request_t.to_referer.
+ * Implementation of request_t.get_referer.
*/
-static void to_referer(private_request_t *this)
+static char* get_referer(private_request_t *this)
{
- FCGX_FPrintF(this->req.out, "Status: 303 See Other\n");
- FCGX_FPrintF(this->req.out, "Location: %s\n\n",
- FCGX_GetParam("HTTP_REFERER", this->req.envp));
+ return FCGX_GetParam("HTTP_REFERER", this->req.envp);
}
/**
- * Implementation of request_t.get_base.
+ * Implementation of request_t.to_referer.
*/
-static char* get_base(private_request_t *this)
+static void to_referer(private_request_t *this)
{
- return FCGX_GetParam("SCRIPT_NAME", this->req.envp);
+ char *referer;
+
+ referer = get_referer(this);
+ if (referer)
+ {
+ FCGX_FPrintF(this->req.out, "Status: 303 See Other\n");
+ FCGX_FPrintF(this->req.out, "Location: %s\n\n", referer);
+ }
+ else
+ {
+ redirect(this, "/");
+ }
}
/**
@@ -396,6 +410,7 @@ request_t *request_create(int fd, bool debug)
this->public.session_closed = (bool(*)(request_t*))session_closed;
this->public.close_session = (void(*)(request_t*))close_session;
this->public.redirect = (void(*)(request_t*, char *fmt,...))redirect;
+ this->public.get_referer = (char*(*)(request_t*))get_referer;
this->public.to_referer = (void(*)(request_t*))to_referer;
this->public.render = (void(*)(request_t*,char*))render;
this->public.streamf = (int(*)(request_t*, char *format, ...))streamf;
diff --git a/src/libfast/request.h b/src/libfast/request.h
index 61e2d59f0..af0f8e4f5 100644
--- a/src/libfast/request.h
+++ b/src/libfast/request.h
@@ -106,7 +106,14 @@ struct request_t {
void (*redirect)(request_t *this, char *fmt, ...);
/**
- * Redirect the client to the referer.
+ * Get the HTTP referer.
+ *
+ * @return HTTP referer
+ */
+ char* (*get_referer)(request_t *this);
+
+ /**
+ * Redirect back to the referer.
*/
void (*to_referer)(request_t *this);
diff --git a/src/libfast/session.c b/src/libfast/session.c
index f03b75542..7c4548ee5 100644
--- a/src/libfast/session.c
+++ b/src/libfast/session.c
@@ -177,7 +177,9 @@ static void process(private_session_t *this, request_t *request)
if (this->controllers->get_first(this->controllers,
(void**)&current) == SUCCESS)
{
- request->redirect(request, current->get_name(current));
+ request->streamf(request,
+ "Status: 301 Moved permanently\nLocation: %s/%s\n\n",
+ request->get_base(request), current->get_name(current));
}
}
}
diff --git a/src/libfast/smtp.c b/src/libfast/smtp.c
new file mode 100644
index 000000000..4118c74a6
--- /dev/null
+++ b/src/libfast/smtp.c
@@ -0,0 +1,185 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "smtp.h"
+
+#include <unistd.h>
+#include <errno.h>
+
+#include <debug.h>
+
+typedef struct private_smtp_t private_smtp_t;
+
+/**
+ * Private data of an smtp_t object.
+ */
+struct private_smtp_t {
+
+ /**
+ * Public smtp_t interface.
+ */
+ smtp_t public;
+
+ /**
+ * file stream to SMTP server
+ */
+ FILE *f;
+};
+
+/**
+ * Read the response code from an SMTP server
+ */
+static int read_response(private_smtp_t *this)
+{
+ char buf[256], *end;
+ int res = 0;
+
+ while (TRUE)
+ {
+ if (!fgets(buf, sizeof(buf), this->f))
+ {
+ return 0;
+ }
+ res = strtol(buf, &end, 10);
+ switch (*end)
+ {
+ case '-':
+ continue;
+ case ' ':
+ case '\0':
+ case '\n':
+ break;
+ default:
+ return 0;
+ }
+ break;
+ }
+ return res;
+}
+
+/**
+ * write a SMTP command to the server, read response code
+ */
+static int write_cmd(private_smtp_t *this, char *fmt, ...)
+{
+ char buf[256];
+ va_list args;
+
+ va_start(args, fmt);
+ vsnprintf(buf, sizeof(buf), fmt, args);
+ va_end(args);
+
+ if (fprintf(this->f, "%s\n", buf) < 1)
+ {
+ DBG1(DBG_LIB, "sending SMTP command failed");
+ return 0;
+ }
+ return read_response(this);
+}
+
+METHOD(smtp_t, send_mail, bool,
+ private_smtp_t *this, char *from, char *to, char *subject, char *fmt, ...)
+{
+ va_list args;
+
+ if (write_cmd(this, "MAIL FROM:<%s>", from) != 250)
+ {
+ DBG1(DBG_LIB, "SMTP MAIL FROM failed");
+ return FALSE;
+ }
+ if (write_cmd(this, "RCPT TO:<%s>", to) != 250)
+ {
+ DBG1(DBG_LIB, "SMTP RCPT TO failed");
+ return FALSE;
+ }
+ if (write_cmd(this, "DATA") != 354)
+ {
+ DBG1(DBG_LIB, "SMTP DATA failed");
+ return FALSE;
+ }
+
+ fprintf(this->f, "From: %s\n", from);
+ fprintf(this->f, "To: %s\n", to);
+ fprintf(this->f, "Subject: %s\n", subject);
+ fprintf(this->f, "\n");
+ va_start(args, fmt);
+ vfprintf(this->f, fmt, args);
+ va_end(args);
+ fprintf(this->f, "\n.\n");
+ return read_response(this) == 250;
+}
+
+
+METHOD(smtp_t, destroy, void,
+ private_smtp_t *this)
+{
+ write_cmd(this, "QUIT");
+ fclose(this->f);
+ free(this);
+}
+
+/**
+ * See header
+ */
+smtp_t *smtp_create()
+{
+ private_smtp_t *this;
+ struct sockaddr_in addr;
+ int s;
+
+ INIT(this,
+ .public = {
+ .send_mail = _send_mail,
+ .destroy = _destroy,
+ },
+ );
+
+ s = socket(AF_INET, SOCK_STREAM, 0);
+ if (s < 0)
+ {
+ DBG1(DBG_LIB, "opening SMTP socket failed: %s", strerror(errno));
+ free(this);
+ return NULL;
+ }
+ addr.sin_family = AF_INET;
+ addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ addr.sin_port = htons(25);
+ if (connect(s, (struct sockaddr*)&addr, sizeof(addr)) < 0)
+ {
+ DBG1(DBG_LIB, "connecting to SMTP server failed: %s", strerror(errno));
+ close(s);
+ free(this);
+ return NULL;
+ }
+ this->f = fdopen(s, "a+");
+ if (!this->f)
+ {
+ DBG1(DBG_LIB, "opening stream to SMTP server failed: %s",
+ strerror(errno));
+ close(s);
+ free(this);
+ return NULL;
+ }
+ if (read_response(this) != 220 ||
+ write_cmd(this, "EHLO localhost") != 250)
+ {
+ DBG1(DBG_LIB, "SMTP EHLO failed");
+ fclose(this->f);
+ free(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
diff --git a/src/libfast/smtp.h b/src/libfast/smtp.h
new file mode 100644
index 000000000..910f18127
--- /dev/null
+++ b/src/libfast/smtp.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup smtp smtp
+ * @{ @ingroup libfast
+ */
+
+#ifndef SMTP_H_
+#define SMTP_H_
+
+typedef struct smtp_t smtp_t;
+
+#include <library.h>
+
+/**
+ * Ultra-minimalistic SMTP client. Works at most with Exim on localhost.
+ */
+struct smtp_t {
+
+ /**
+ * Send an e-mail message.
+ *
+ * @param from sender address
+ * @param to receipient address
+ * @param subject mail subject
+ * @param fmt mail body format string
+ * @param ... arguments for body format string
+ */
+ bool (*send_mail)(smtp_t *this, char *from, char *to,
+ char *subject, char *fmt, ...);
+
+ /**
+ * Destroy a smtp_t.
+ */
+ void (*destroy)(smtp_t *this);
+};
+
+/**
+ * Create a smtp instance.
+ */
+smtp_t *smtp_create();
+
+#endif /** SMTP_H_ @}*/
diff --git a/src/libfreeswan/Makefile.in b/src/libfreeswan/Makefile.in
index e72759bca..e752df82d 100644
--- a/src/libfreeswan/Makefile.in
+++ b/src/libfreeswan/Makefile.in
@@ -234,6 +234,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
diff --git a/src/libfreeswan/pfkeyv2.h b/src/libfreeswan/pfkeyv2.h
index 685db1273..725997ebc 100644
--- a/src/libfreeswan/pfkeyv2.h
+++ b/src/libfreeswan/pfkeyv2.h
@@ -337,6 +337,7 @@ struct sadb_protocol {
#define SADB_X_EALG_AES_GCM_ICV12 19
#define SADB_X_EALG_AES_GCM_ICV16 20
#define SADB_X_EALG_CAMELLIACBC 22
+#define SADB_X_EALG_NULL_AES_GMAC 23
#define SADB_EALG_MAX 253 /* last EALG */
/* private allocations should use 249-255 (RFC2407) */
#define SADB_X_EALG_SERPENTCBC 252 /* draft-ietf-ipsec-ciph-aes-cbc-00 */
diff --git a/src/libhydra/Android.mk b/src/libhydra/Android.mk
new file mode 100644
index 000000000..caad7447a
--- /dev/null
+++ b/src/libhydra/Android.mk
@@ -0,0 +1,34 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# copy-n-paste from Makefile.am
+LOCAL_SRC_FILES := \
+hydra.c hydra.h \
+attributes/attributes.c attributes/attributes.h \
+attributes/attribute_provider.h attributes/attribute_handler.h \
+attributes/attribute_manager.c attributes/attribute_manager.h \
+attributes/mem_pool.c attributes/mem_pool.h
+
+# adding the plugin source files
+
+LOCAL_SRC_FILES += $(call add_plugin, attr)
+
+# build libcharon --------------------------------------------------------------
+
+LOCAL_C_INCLUDES += \
+ $(libvstr_PATH) \
+ $(strongswan_PATH)/src/include \
+ $(strongswan_PATH)/src/libstrongswan
+
+LOCAL_CFLAGS := $(strongswan_CFLAGS)
+
+LOCAL_MODULE := libhydra
+
+LOCAL_ARM_MODE := arm
+
+LOCAL_PRELINK_MODULE := false
+
+LOCAL_SHARED_LIBRARIES += libstrongswan
+
+include $(BUILD_SHARED_LIBRARY)
+
diff --git a/src/libhydra/Makefile.am b/src/libhydra/Makefile.am
new file mode 100644
index 000000000..601a56e38
--- /dev/null
+++ b/src/libhydra/Makefile.am
@@ -0,0 +1,42 @@
+lib_LTLIBRARIES = libhydra.la
+
+libhydra_la_SOURCES = \
+hydra.c hydra.h \
+attributes/attributes.c attributes/attributes.h \
+attributes/attribute_provider.h attributes/attribute_handler.h \
+attributes/attribute_manager.c attributes/attribute_manager.h \
+attributes/mem_pool.c attributes/mem_pool.h
+
+libhydra_la_LIBADD =
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = \
+-DIPSEC_DIR=\"${ipsecdir}\" \
+-DPLUGINDIR=\"${plugindir}\" \
+-DSTRONGSWAN_CONF=\"${strongswan_conf}\"
+
+EXTRA_DIST = Android.mk
+
+# build optional plugins
+########################
+
+if MONOLITHIC
+SUBDIRS =
+else
+SUBDIRS = .
+endif
+
+if USE_ATTR
+ SUBDIRS += plugins/attr
+if MONOLITHIC
+ libhydra_la_LIBADD += plugins/attr/libstrongswan-attr.la
+endif
+endif
+
+if USE_ATTR_SQL
+ SUBDIRS += plugins/attr_sql
+if MONOLITHIC
+ libhydra_la_LIBADD += plugins/attr_sql/libstrongswan-attr-sql.la
+endif
+endif
+
diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in
new file mode 100644
index 000000000..32027d1ea
--- /dev/null
+++ b/src/libhydra/Makefile.in
@@ -0,0 +1,762 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@USE_ATTR_TRUE@am__append_1 = plugins/attr
+@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_2 = plugins/attr/libstrongswan-attr.la
+@USE_ATTR_SQL_TRUE@am__append_3 = plugins/attr_sql
+@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_4 = plugins/attr_sql/libstrongswan-attr-sql.la
+subdir = src/libhydra
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(libdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+libhydra_la_DEPENDENCIES = $(am__append_2) $(am__append_4)
+am_libhydra_la_OBJECTS = hydra.lo attributes.lo attribute_manager.lo \
+ mem_pool.lo
+libhydra_la_OBJECTS = $(am_libhydra_la_OBJECTS)
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libhydra_la_SOURCES)
+DIST_SOURCES = $(libhydra_la_SOURCES)
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = . plugins/attr plugins/attr_sql
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+lib_LTLIBRARIES = libhydra.la
+libhydra_la_SOURCES = \
+hydra.c hydra.h \
+attributes/attributes.c attributes/attributes.h \
+attributes/attribute_provider.h attributes/attribute_handler.h \
+attributes/attribute_manager.c attributes/attribute_manager.h \
+attributes/mem_pool.c attributes/mem_pool.h
+
+libhydra_la_LIBADD = $(am__append_2) $(am__append_4)
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = \
+-DIPSEC_DIR=\"${ipsecdir}\" \
+-DPLUGINDIR=\"${plugindir}\" \
+-DSTRONGSWAN_CONF=\"${strongswan_conf}\"
+
+EXTRA_DIST = Android.mk
+@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_1) $(am__append_3)
+
+# build optional plugins
+########################
+@MONOLITHIC_TRUE@SUBDIRS = $(am__append_1) $(am__append_3)
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libhydra/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libhydra.la: $(libhydra_la_OBJECTS) $(libhydra_la_DEPENDENCIES)
+ $(LINK) -rpath $(libdir) $(libhydra_la_OBJECTS) $(libhydra_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attribute_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attributes.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hydra.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mem_pool.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+attributes.lo: attributes/attributes.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attributes.lo -MD -MP -MF $(DEPDIR)/attributes.Tpo -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/attributes.Tpo $(DEPDIR)/attributes.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='attributes/attributes.c' object='attributes.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c
+
+attribute_manager.lo: attributes/attribute_manager.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attribute_manager.lo -MD -MP -MF $(DEPDIR)/attribute_manager.Tpo -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/attribute_manager.Tpo $(DEPDIR)/attribute_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='attributes/attribute_manager.c' object='attribute_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c
+
+mem_pool.lo: attributes/mem_pool.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mem_pool.lo -MD -MP -MF $(DEPDIR)/mem_pool.Tpo -c -o mem_pool.lo `test -f 'attributes/mem_pool.c' || echo '$(srcdir)/'`attributes/mem_pool.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mem_pool.Tpo $(DEPDIR)/mem_pool.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='attributes/mem_pool.c' object='mem_pool.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mem_pool.lo `test -f 'attributes/mem_pool.c' || echo '$(srcdir)/'`attributes/mem_pool.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(LTLIBRARIES)
+installdirs: installdirs-recursive
+installdirs-am:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
+ install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags ctags-recursive \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-libLTLIBRARIES install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs installdirs-am \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \
+ uninstall-libLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/attributes/attribute_handler.h b/src/libhydra/attributes/attribute_handler.h
index d042f47ef..d042f47ef 100644
--- a/src/libstrongswan/attributes/attribute_handler.h
+++ b/src/libhydra/attributes/attribute_handler.h
diff --git a/src/libstrongswan/attributes/attribute_manager.c b/src/libhydra/attributes/attribute_manager.c
index 91fa1ebb5..3080b56eb 100644
--- a/src/libstrongswan/attributes/attribute_manager.c
+++ b/src/libhydra/attributes/attribute_manager.c
@@ -83,7 +83,7 @@ static host_t* acquire_address(private_attribute_manager_t *this,
if (!host)
{
- DBG1("acquiring address from pool '%s' failed", pool);
+ DBG1(DBG_CFG, "acquiring address from pool '%s' failed", pool);
}
return host;
}
@@ -113,7 +113,7 @@ static void release_address(private_attribute_manager_t *this,
if (!found)
{
- DBG1("releasing address to pool '%s' failed", pool);
+ DBG1(DBG_CFG, "releasing address to pool '%s' failed", pool);
}
}
@@ -206,7 +206,7 @@ static attribute_handler_t* handle(private_attribute_manager_t *this,
if (!handled)
{
- DBG1("handling %N attribute failed",
+ DBG1(DBG_CFG, "handling %N attribute failed",
configuration_attribute_type_names, type);
}
return handled;
diff --git a/src/libstrongswan/attributes/attribute_manager.h b/src/libhydra/attributes/attribute_manager.h
index 642662366..642662366 100644
--- a/src/libstrongswan/attributes/attribute_manager.h
+++ b/src/libhydra/attributes/attribute_manager.h
diff --git a/src/libstrongswan/attributes/attribute_provider.h b/src/libhydra/attributes/attribute_provider.h
index f8485cc6c..f8485cc6c 100644
--- a/src/libstrongswan/attributes/attribute_provider.h
+++ b/src/libhydra/attributes/attribute_provider.h
diff --git a/src/libstrongswan/attributes/attributes.c b/src/libhydra/attributes/attributes.c
index 83feed17e..83feed17e 100644
--- a/src/libstrongswan/attributes/attributes.c
+++ b/src/libhydra/attributes/attributes.c
diff --git a/src/libstrongswan/attributes/attributes.h b/src/libhydra/attributes/attributes.h
index f4a396f21..f4a396f21 100644
--- a/src/libstrongswan/attributes/attributes.h
+++ b/src/libhydra/attributes/attributes.h
diff --git a/src/libhydra/attributes/mem_pool.c b/src/libhydra/attributes/mem_pool.c
new file mode 100644
index 000000000..65018e3a9
--- /dev/null
+++ b/src/libhydra/attributes/mem_pool.c
@@ -0,0 +1,451 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "mem_pool.h"
+
+#include <debug.h>
+#include <utils/hashtable.h>
+#include <threading/rwlock.h>
+
+#define POOL_LIMIT (sizeof(uintptr_t)*8)
+
+typedef struct private_mem_pool_t private_mem_pool_t;
+
+/**
+ * private data of mem_pool_t
+ */
+struct private_mem_pool_t {
+ /**
+ * public interface
+ */
+ mem_pool_t public;
+
+ /**
+ * name of the pool
+ */
+ char *name;
+
+ /**
+ * base address of the pool
+ */
+ host_t *base;
+
+ /**
+ * size of the pool
+ */
+ u_int size;
+
+ /**
+ * next unused address
+ */
+ u_int unused;
+
+ /**
+ * hashtable [identity => offset], for online leases
+ */
+ hashtable_t *online;
+
+ /**
+ * hashtable [identity => offset], for offline leases
+ */
+ hashtable_t *offline;
+
+ /**
+ * hashtable [identity => identity], handles identity references
+ */
+ hashtable_t *ids;
+
+ /**
+ * lock to safely access the pool
+ */
+ rwlock_t *lock;
+};
+
+/**
+ * hashtable hash function for identities
+ */
+static u_int id_hash(identification_t *id)
+{
+ return chunk_hash(id->get_encoding(id));
+}
+
+/**
+ * hashtable equals function for identities
+ */
+static bool id_equals(identification_t *a, identification_t *b)
+{
+ return a->equals(a, b);
+}
+
+/**
+ * convert a pool offset to an address
+ */
+static host_t* offset2host(private_mem_pool_t *pool, int offset)
+{
+ chunk_t addr;
+ host_t *host;
+ u_int32_t *pos;
+
+ offset--;
+ if (offset > pool->size)
+ {
+ return NULL;
+ }
+
+ addr = chunk_clone(pool->base->get_address(pool->base));
+ if (pool->base->get_family(pool->base) == AF_INET6)
+ {
+ pos = (u_int32_t*)(addr.ptr + 12);
+ }
+ else
+ {
+ pos = (u_int32_t*)addr.ptr;
+ }
+ *pos = htonl(offset + ntohl(*pos));
+ host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0);
+ free(addr.ptr);
+ return host;
+}
+
+/**
+ * convert a host to a pool offset
+ */
+static int host2offset(private_mem_pool_t *pool, host_t *addr)
+{
+ chunk_t host, base;
+ u_int32_t hosti, basei;
+
+ if (addr->get_family(addr) != pool->base->get_family(pool->base))
+ {
+ return -1;
+ }
+ host = addr->get_address(addr);
+ base = pool->base->get_address(pool->base);
+ if (addr->get_family(addr) == AF_INET6)
+ {
+ /* only look at last /32 block */
+ if (!memeq(host.ptr, base.ptr, 12))
+ {
+ return -1;
+ }
+ host = chunk_skip(host, 12);
+ base = chunk_skip(base, 12);
+ }
+ hosti = ntohl(*(u_int32_t*)(host.ptr));
+ basei = ntohl(*(u_int32_t*)(base.ptr));
+ if (hosti > basei + pool->size)
+ {
+ return -1;
+ }
+ return hosti - basei + 1;
+}
+
+METHOD(mem_pool_t, get_name, const char*,
+ private_mem_pool_t *this)
+{
+ return this->name;
+}
+
+METHOD(mem_pool_t, get_size, u_int,
+ private_mem_pool_t *this)
+{
+ return this->size;
+}
+
+METHOD(mem_pool_t, get_online, u_int,
+ private_mem_pool_t *this)
+{
+ u_int count;
+ this->lock->read_lock(this->lock);
+ count = this->online->get_count(this->online);
+ this->lock->unlock(this->lock);
+ return count;
+}
+
+METHOD(mem_pool_t, get_offline, u_int,
+ private_mem_pool_t *this)
+{
+ u_int count;
+ this->lock->read_lock(this->lock);
+ count = this->offline->get_count(this->offline);
+ this->lock->unlock(this->lock);
+ return count;
+}
+
+METHOD(mem_pool_t, acquire_address, host_t*,
+ private_mem_pool_t *this, identification_t *id, host_t *requested)
+{
+ uintptr_t offset = 0;
+ enumerator_t *enumerator;
+ identification_t *old_id;
+
+ /* if the pool is empty (e.g. in the %config case) we simply return the
+ * requested address */
+ if (this->size == 0)
+ {
+ return requested->clone(requested);
+ }
+
+ if (!requested->is_anyaddr(requested) &&
+ requested->get_family(requested) !=
+ this->base->get_family(this->base))
+ {
+ DBG1(DBG_CFG, "IP pool address family mismatch");
+ return NULL;
+ }
+
+ this->lock->write_lock(this->lock);
+ while (TRUE)
+ {
+ /* check for a valid offline lease, refresh */
+ offset = (uintptr_t)this->offline->remove(this->offline, id);
+ if (offset)
+ {
+ id = this->ids->get(this->ids, id);
+ if (id)
+ {
+ DBG1(DBG_CFG, "reassigning offline lease to '%Y'", id);
+ this->online->put(this->online, id, (void*)offset);
+ break;
+ }
+ }
+
+ /* check for a valid online lease, reassign */
+ offset = (uintptr_t)this->online->get(this->online, id);
+ if (offset && offset == host2offset(this, requested))
+ {
+ DBG1(DBG_CFG, "reassigning online lease to '%Y'", id);
+ break;
+ }
+
+ if (this->unused < this->size)
+ {
+ /* assigning offset, starting by 1. Handling 0 in hashtable
+ * is difficult. */
+ offset = ++this->unused;
+ id = id->clone(id);
+ this->ids->put(this->ids, id, id);
+ this->online->put(this->online, id, (void*)offset);
+ DBG1(DBG_CFG, "assigning new lease to '%Y'", id);
+ break;
+ }
+
+ /* no more addresses, replace the first found offline lease */
+ enumerator = this->offline->create_enumerator(this->offline);
+ if (enumerator->enumerate(enumerator, &old_id, &offset))
+ {
+ offset = (uintptr_t)this->offline->remove(this->offline, old_id);
+ if (offset)
+ {
+ /* destroy reference to old ID */
+ old_id = this->ids->remove(this->ids, old_id);
+ DBG1(DBG_CFG, "reassigning existing offline lease by '%Y'"
+ " to '%Y'", old_id, id);
+ if (old_id)
+ {
+ old_id->destroy(old_id);
+ }
+ id = id->clone(id);
+ this->ids->put(this->ids, id, id);
+ this->online->put(this->online, id, (void*)offset);
+ enumerator->destroy(enumerator);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ DBG1(DBG_CFG, "pool '%s' is full, unable to assign address",
+ this->name);
+ break;
+ }
+ this->lock->unlock(this->lock);
+
+ if (offset)
+ {
+ return offset2host(this, offset);
+ }
+ return NULL;
+}
+
+METHOD(mem_pool_t, release_address, bool,
+ private_mem_pool_t *this, host_t *address, identification_t *id)
+{
+ bool found = FALSE;
+ if (this->size != 0)
+ {
+ uintptr_t offset;
+ this->lock->write_lock(this->lock);
+ offset = (uintptr_t)this->online->remove(this->online, id);
+ if (offset)
+ {
+ id = this->ids->get(this->ids, id);
+ if (id)
+ {
+ DBG1(DBG_CFG, "lease %H by '%Y' went offline", address, id);
+ this->offline->put(this->offline, id, (void*)offset);
+ found = TRUE;
+ }
+ }
+ this->lock->unlock(this->lock);
+ }
+ return found;
+}
+
+/**
+ * lease enumerator
+ */
+typedef struct {
+ /** implemented enumerator interface */
+ enumerator_t public;
+ /** inner hash-table enumerator */
+ enumerator_t *inner;
+ /** enumerated pool */
+ private_mem_pool_t *pool;
+ /** currently enumerated lease address */
+ host_t *current;
+} lease_enumerator_t;
+
+METHOD(enumerator_t, lease_enumerate, bool,
+ lease_enumerator_t *this, identification_t **id_out, host_t **addr_out,
+ bool *online)
+{
+ identification_t *id;
+ uintptr_t offset;
+
+ DESTROY_IF(this->current);
+ this->current = NULL;
+
+ if (this->inner->enumerate(this->inner, &id, NULL))
+ {
+ offset = (uintptr_t)this->pool->online->get(this->pool->online, id);
+ if (offset)
+ {
+ *id_out = id;
+ *addr_out = this->current = offset2host(this->pool, offset);
+ *online = TRUE;
+ return TRUE;
+ }
+ offset = (uintptr_t)this->pool->offline->get(this->pool->offline, id);
+ if (offset)
+ {
+ *id_out = id;
+ *addr_out = this->current = offset2host(this->pool, offset);
+ *online = FALSE;
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+METHOD(enumerator_t, lease_enumerator_destroy, void,
+ lease_enumerator_t *this)
+{
+ DESTROY_IF(this->current);
+ this->inner->destroy(this->inner);
+ this->pool->lock->unlock(this->pool->lock);
+ free(this);
+}
+
+METHOD(mem_pool_t, create_lease_enumerator, enumerator_t*,
+ private_mem_pool_t *this)
+{
+ lease_enumerator_t *enumerator;
+ this->lock->read_lock(this->lock);
+ INIT(enumerator,
+ .public = {
+ .enumerate = (void*)_lease_enumerate,
+ .destroy = (void*)_lease_enumerator_destroy,
+ },
+ .pool = this,
+ .inner = this->ids->create_enumerator(this->ids),
+ );
+ return &enumerator->public;
+}
+
+METHOD(mem_pool_t, destroy, void,
+ private_mem_pool_t *this)
+{
+ enumerator_t *enumerator;
+ identification_t *id;
+
+ enumerator = this->ids->create_enumerator(this->ids);
+ while (enumerator->enumerate(enumerator, &id, NULL))
+ {
+ id->destroy(id);
+ }
+ enumerator->destroy(enumerator);
+
+ this->ids->destroy(this->ids);
+ this->online->destroy(this->online);
+ this->offline->destroy(this->offline);
+ this->lock->destroy(this->lock);
+ DESTROY_IF(this->base);
+ free(this->name);
+ free(this);
+}
+
+/**
+ * Described in header
+ */
+mem_pool_t *mem_pool_create(char *name, host_t *base, int bits)
+{
+ private_mem_pool_t *this;
+
+ INIT(this,
+ .public = {
+ .get_name = _get_name,
+ .get_size = _get_size,
+ .get_online = _get_online,
+ .get_offline = _get_offline,
+ .acquire_address = _acquire_address,
+ .release_address = _release_address,
+ .create_lease_enumerator = _create_lease_enumerator,
+ .destroy = _destroy,
+ },
+ .name = strdup(name),
+ .online = hashtable_create((hashtable_hash_t)id_hash,
+ (hashtable_equals_t)id_equals, 16),
+ .offline = hashtable_create((hashtable_hash_t)id_hash,
+ (hashtable_equals_t)id_equals, 16),
+ .ids = hashtable_create((hashtable_hash_t)id_hash,
+ (hashtable_equals_t)id_equals, 16),
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
+
+ if (base)
+ {
+ int addr_bits = base->get_family(base) == AF_INET ? 32 : 128;
+ /* net bits -> host bits */
+ bits = addr_bits - bits;
+ if (bits > POOL_LIMIT)
+ {
+ bits = POOL_LIMIT;
+ DBG1(DBG_CFG, "virtual IP pool too large, limiting to %H/%d",
+ base, addr_bits - bits);
+ }
+ this->size = 1 << (bits);
+
+ if (this->size > 2)
+ { /* do not use first and last addresses of a block */
+ this->unused++;
+ this->size--;
+ }
+ this->base = base->clone(base);
+ }
+
+ return &this->public;
+}
+
diff --git a/src/libhydra/attributes/mem_pool.h b/src/libhydra/attributes/mem_pool.h
new file mode 100644
index 000000000..bb963de93
--- /dev/null
+++ b/src/libhydra/attributes/mem_pool.h
@@ -0,0 +1,110 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mem_pool mem_pool
+ * @{ @ingroup attributes
+ */
+
+#ifndef MEM_POOL_H
+#define MEM_POOL_H
+
+typedef struct mem_pool_t mem_pool_t;
+
+#include <utils/host.h>
+#include <utils/identification.h>
+
+/**
+ * An in-memory IP address pool.
+ */
+struct mem_pool_t {
+
+ /**
+ * Get the name of this pool.
+ *
+ * @return the name of this pool
+ */
+ const char* (*get_name)(mem_pool_t *this);
+
+ /**
+ * Get the size (i.e. number of addresses) of this pool.
+ *
+ * @return the size of this pool
+ */
+ u_int (*get_size)(mem_pool_t *this);
+
+ /**
+ * Get the number of online leases.
+ *
+ * @return the number of offline leases
+ */
+ u_int (*get_online)(mem_pool_t *this);
+
+ /**
+ * Get the number of offline leases.
+ *
+ * @return the number of online leases
+ */
+ u_int (*get_offline)(mem_pool_t *this);
+
+ /**
+ * Acquire an address for the given id from this pool.
+ *
+ * @param id the id to acquire an address for
+ * @param requested acquire this address, if possible
+ * @return the acquired address
+ */
+ host_t* (*acquire_address)(mem_pool_t *this, identification_t *id,
+ host_t *requested);
+
+ /**
+ * Release a previously acquired address.
+ *
+ * @param address the address to release
+ * @param id the id the address was assigned to
+ * @return TRUE, if the lease was found
+ */
+ bool (*release_address)(mem_pool_t *this, host_t *address,
+ identification_t *id);
+
+ /**
+ * Create an enumerator over the leases of this pool.
+ *
+ * Enumerator enumerates over
+ * identification_t *id, host_t *address, bool online
+ *
+ * @return enumerator
+ */
+ enumerator_t* (*create_lease_enumerator)(mem_pool_t *this);
+
+ /**
+ * Destroy a mem_pool_t instance.
+ */
+ void (*destroy)(mem_pool_t *this);
+};
+
+/**
+ * Create an in-memory IP address pool.
+ *
+ * An empty pool just returns the requested address.
+ *
+ * @param name name of this pool
+ * @param base base address of this pool, NULL to create an empty pool
+ * @param bits net mask
+ */
+mem_pool_t *mem_pool_create(char *name, host_t *base, int bits);
+
+#endif /** MEM_POOL_H_ @} */
+
diff --git a/src/libhydra/hydra.c b/src/libhydra/hydra.c
new file mode 100644
index 000000000..16a8193ea
--- /dev/null
+++ b/src/libhydra/hydra.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "hydra.h"
+
+#include <debug.h>
+
+typedef struct private_hydra_t private_hydra_t;
+
+/**
+ * Private additions to hydra_t.
+ */
+struct private_hydra_t {
+
+ /**
+ * Public members of hydra_t.
+ */
+ hydra_t public;
+};
+
+/**
+ * Single instance of hydra_t.
+ */
+hydra_t *hydra;
+
+/**
+ * Described in header.
+ */
+void libhydra_deinit()
+{
+ private_hydra_t *this = (private_hydra_t*)hydra;
+ this->public.attributes->destroy(this->public.attributes);
+ free((void*)this->public.daemon);
+ free(this);
+ hydra = NULL;
+}
+
+/**
+ * Described in header.
+ */
+bool libhydra_init(const char *daemon)
+{
+ private_hydra_t *this;
+
+ INIT(this,
+ .public = {
+ .attributes = attribute_manager_create(),
+ .daemon = strdup(daemon ?: "libhydra"),
+ },
+ );
+ hydra = &this->public;
+
+ if (lib->integrity &&
+ !lib->integrity->check(lib->integrity, "libhydra", libhydra_init))
+ {
+ DBG1(DBG_LIB, "integrity check of libhydra failed");
+ return FALSE;
+ }
+ return TRUE;
+}
+
diff --git a/src/libhydra/hydra.h b/src/libhydra/hydra.h
new file mode 100644
index 000000000..8670f3969
--- /dev/null
+++ b/src/libhydra/hydra.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup libhydra libhydra
+ *
+ * @defgroup attributes attributes
+ * @ingroup libhydra
+ *
+ * @defgroup hplugins plugins
+ * @ingroup libhydra
+ *
+ * @addtogroup libhydra
+ * @{
+ */
+
+#ifndef HYDRA_H_
+#define HYDRA_H_
+
+typedef struct hydra_t hydra_t;
+
+#include <attributes/attribute_manager.h>
+
+#include <library.h>
+
+/**
+ * IKE Daemon support object.
+ */
+struct hydra_t {
+
+ /**
+ * manager for payload attributes
+ */
+ attribute_manager_t *attributes;
+
+ /**
+ * name of the daemon that initialized the library
+ */
+ const char *daemon;
+};
+
+/**
+ * The single instance of hydra_t.
+ *
+ * Set between calls to libhydra_init() and libhydra_deinit() calls.
+ */
+extern hydra_t *hydra;
+
+/**
+ * Initialize libhydra.
+ *
+ * The daemon's name is used to load daemon-specific settings.
+ *
+ * @param daemon name of the daemon that initializes the library
+ * @return FALSE if integrity check failed
+ */
+bool libhydra_init(const char *daemon);
+
+/**
+ * Deinitialize libhydra.
+ */
+void libhydra_deinit();
+
+#endif /** HYDRA_H_ @}*/
diff --git a/src/libhydra/plugins/attr/Makefile.am b/src/libhydra/plugins/attr/Makefile.am
new file mode 100644
index 000000000..71401648e
--- /dev/null
+++ b/src/libhydra/plugins/attr/Makefile.am
@@ -0,0 +1,17 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-attr.la
+else
+plugin_LTLIBRARIES = libstrongswan-attr.la
+endif
+
+libstrongswan_attr_la_SOURCES = \
+ attr_plugin.h attr_plugin.c \
+ attr_provider.h attr_provider.c
+
+libstrongswan_attr_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in
index 689bb3244..54aa64beb 100644
--- a/src/charon/plugins/attr/Makefile.in
+++ b/src/libhydra/plugins/attr/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/charon/plugins/attr
+subdir = src/libhydra/plugins/attr
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,13 +72,15 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_attr_la_LIBADD =
am_libstrongswan_attr_la_OBJECTS = attr_plugin.lo attr_provider.lo
libstrongswan_attr_la_OBJECTS = $(am_libstrongswan_attr_la_OBJECTS)
libstrongswan_attr_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_attr_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_attr_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_attr_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -251,11 +254,15 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-attr.la
-libstrongswan_attr_la_SOURCES = attr_plugin.h attr_plugin.c \
- attr_provider.h attr_provider.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-attr.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-attr.la
+libstrongswan_attr_la_SOURCES = \
+ attr_plugin.h attr_plugin.c \
+ attr_provider.h attr_provider.c
libstrongswan_attr_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -271,9 +278,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/attr/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/plugins/attr/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/attr/Makefile
+ $(AUTOMAKE) --gnu src/libhydra/plugins/attr/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -292,6 +299,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -324,7 +340,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-attr.la: $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_DEPENDENCIES)
- $(libstrongswan_attr_la_LINK) -rpath $(plugindir) $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_LIBADD) $(LIBS)
+ $(libstrongswan_attr_la_LINK) $(am_libstrongswan_attr_la_rpath) $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -478,8 +494,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -550,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/attr/attr_plugin.c b/src/libhydra/plugins/attr/attr_plugin.c
index 6dfb10271..24c00bb44 100644
--- a/src/charon/plugins/attr/attr_plugin.c
+++ b/src/libhydra/plugins/attr/attr_plugin.c
@@ -16,7 +16,7 @@
#include "attr_plugin.h"
#include "attr_provider.h"
-#include <daemon.h>
+#include <hydra.h>
typedef struct private_attr_plugin_t private_attr_plugin_t;
@@ -41,7 +41,7 @@ struct private_attr_plugin_t {
*/
static void destroy(private_attr_plugin_t *this)
{
- lib->attributes->remove_provider(lib->attributes, &this->provider->provider);
+ hydra->attributes->remove_provider(hydra->attributes, &this->provider->provider);
this->provider->destroy(this->provider);
free(this);
}
@@ -49,14 +49,14 @@ static void destroy(private_attr_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *attr_plugin_create()
{
private_attr_plugin_t *this = malloc_thing(private_attr_plugin_t);
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
this->provider = attr_provider_create();
- lib->attributes->add_provider(lib->attributes, &this->provider->provider);
+ hydra->attributes->add_provider(hydra->attributes, &this->provider->provider);
return &this->public.plugin;
}
diff --git a/src/charon/plugins/attr/attr_plugin.h b/src/libhydra/plugins/attr/attr_plugin.h
index 9f31b60e1..29fb33839 100644
--- a/src/charon/plugins/attr/attr_plugin.h
+++ b/src/libhydra/plugins/attr/attr_plugin.h
@@ -15,7 +15,7 @@
/**
* @defgroup attr attr
- * @ingroup cplugins
+ * @ingroup hplugins
*
* @defgroup attr_plugin attr_plugin
* @{ @ingroup attr
@@ -39,9 +39,4 @@ struct attr_plugin_t {
plugin_t plugin;
};
-/**
- * Create a attr_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** ATTR_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/attr/attr_provider.c b/src/libhydra/plugins/attr/attr_provider.c
index 548896f56..9d6daa892 100644
--- a/src/charon/plugins/attr/attr_provider.c
+++ b/src/libhydra/plugins/attr/attr_provider.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2010 Tobias Brunner
* Copyright (C) 2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -17,7 +18,9 @@
#include <time.h>
-#include <daemon.h>
+#include <hydra.h>
+#include <debug.h>
+#include <utils/linked_list.h>
#define SERVER_MAX 2
@@ -100,7 +103,8 @@ static void add_legacy_entry(private_attr_provider_t *this, char *key, int nr,
host_t *host;
char *str;
- str = lib->settings->get_str(lib->settings, "charon.%s%d", NULL, key, nr);
+ str = lib->settings->get_str(lib->settings, "%s.%s%d", NULL, hydra->daemon,
+ key, nr);
if (str)
{
host = host_create_from_string(str, 0);
@@ -155,7 +159,7 @@ static void load_entries(private_attr_provider_t *this)
char *key, *value, *token;
enumerator = lib->settings->create_key_value_enumerator(lib->settings,
- "charon.plugins.attr");
+ "%s.plugins.attr", hydra->daemon);
while (enumerator->enumerate(enumerator, &key, &value))
{
configuration_attribute_type_t type;
diff --git a/src/charon/plugins/attr/attr_provider.h b/src/libhydra/plugins/attr/attr_provider.h
index a41466718..a41466718 100644
--- a/src/charon/plugins/attr/attr_provider.h
+++ b/src/libhydra/plugins/attr/attr_provider.h
diff --git a/src/libhydra/plugins/attr_sql/Makefile.am b/src/libhydra/plugins/attr_sql/Makefile.am
new file mode 100644
index 000000000..376a8259c
--- /dev/null
+++ b/src/libhydra/plugins/attr_sql/Makefile.am
@@ -0,0 +1,23 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra
+
+AM_CFLAGS = \
+ -rdynamic \
+ -DPLUGINS=\""${libstrongswan_plugins}\""
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-attr-sql.la
+else
+plugin_LTLIBRARIES = libstrongswan-attr-sql.la
+endif
+
+libstrongswan_attr_sql_la_SOURCES = \
+ attr_sql_plugin.h attr_sql_plugin.c \
+ sql_attribute.h sql_attribute.c
+
+libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version
+
+ipsec_PROGRAMS = pool
+pool_SOURCES = pool.c
+pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+pool.o : $(top_builddir)/config.status
diff --git a/src/libstrongswan/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in
index e157a9b78..99e97cefc 100644
--- a/src/libstrongswan/plugins/attr_sql/Makefile.in
+++ b/src/libhydra/plugins/attr_sql/Makefile.in
@@ -36,7 +36,7 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = pool$(EXEEXT)
-subdir = src/libstrongswan/plugins/attr_sql
+subdir = src/libhydra/plugins/attr_sql
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -74,7 +74,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_attr_sql_la_LIBADD =
am_libstrongswan_attr_sql_la_OBJECTS = attr_sql_plugin.lo \
sql_attribute.lo
@@ -84,6 +84,9 @@ libstrongswan_attr_sql_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_attr_sql_la_LDFLAGS) \
$(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_attr_sql_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_attr_sql_la_rpath =
PROGRAMS = $(ipsec_PROGRAMS)
am_pool_OBJECTS = pool.$(OBJEXT)
pool_OBJECTS = $(am_pool_OBJECTS)
@@ -227,6 +230,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -261,14 +265,16 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan
-AM_CFLAGS = -rdynamic \
- -DPLUGINS=\""${libstrongswan_plugins}\""
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra
+AM_CFLAGS = \
+ -rdynamic \
+ -DPLUGINS=\""${libstrongswan_plugins}\""
-plugin_LTLIBRARIES = libstrongswan-attr-sql.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-attr-sql.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-attr-sql.la
libstrongswan_attr_sql_la_SOURCES = \
- attr_sql_plugin.h attr_sql_plugin.c \
- sql_attribute.h sql_attribute.c
+ attr_sql_plugin.h attr_sql_plugin.c \
+ sql_attribute.h sql_attribute.c
libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version
pool_SOURCES = pool.c
@@ -286,9 +292,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/attr_sql/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/plugins/attr_sql/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libstrongswan/plugins/attr_sql/Makefile
+ $(AUTOMAKE) --gnu src/libhydra/plugins/attr_sql/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -307,6 +313,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -339,7 +354,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-attr-sql.la: $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_DEPENDENCIES)
- $(libstrongswan_attr_sql_la_LINK) -rpath $(plugindir) $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_LIBADD) $(LIBS)
+ $(libstrongswan_attr_sql_la_LINK) $(am_libstrongswan_attr_sql_la_rpath) $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_LIBADD) $(LIBS)
install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
@$(NORMAL_INSTALL)
test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)"
@@ -541,7 +556,7 @@ maintainer-clean-generic:
clean: clean-am
clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \
- clean-pluginLTLIBRARIES mostlyclean-am
+ clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -612,21 +627,22 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-ipsecPROGRAMS clean-libtool clean-pluginLTLIBRARIES \
- ctags distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-ipsecPROGRAMS install-man install-pdf \
- install-pdf-am install-pluginLTLIBRARIES install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
- uninstall-am uninstall-ipsecPROGRAMS \
+ clean-ipsecPROGRAMS clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES ctags distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-ipsecPROGRAMS install-man \
+ install-pdf install-pdf-am install-pluginLTLIBRARIES \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-ipsecPROGRAMS \
uninstall-pluginLTLIBRARIES
+pool.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
index 66b309c67..70e7a2247 100644
--- a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c
+++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
@@ -13,7 +13,7 @@
* for more details.
*/
-#include <library.h>
+#include <hydra.h>
#include <debug.h>
#include "attr_sql_plugin.h"
@@ -48,7 +48,7 @@ struct private_attr_sql_plugin_t {
*/
static void destroy(private_attr_sql_plugin_t *this)
{
- lib->attributes->remove_provider(lib->attributes, &this->attribute->provider);
+ hydra->attributes->remove_provider(hydra->attributes, &this->attribute->provider);
this->attribute->destroy(this->attribute);
this->db->destroy(this->db);
free(this);
@@ -57,15 +57,15 @@ static void destroy(private_attr_sql_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *attr_sql_plugin_create()
{
char *uri;
private_attr_sql_plugin_t *this;
- uri = lib->settings->get_str(lib->settings, "libstrongswan.plugins.attr-sql.database", NULL);
+ uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL);
if (!uri)
{
- DBG1("attr-sql plugin: database URI not set");
+ DBG1(DBG_CFG, "attr-sql plugin: database URI not set");
return NULL;
}
@@ -76,12 +76,12 @@ plugin_t *plugin_create()
this->db = lib->db->create(lib->db, uri);
if (!this->db)
{
- DBG1("attr-sql plugin failed to connect to database");
+ DBG1(DBG_CFG, "attr-sql plugin failed to connect to database");
free(this);
return NULL;
}
this->attribute = sql_attribute_create(this->db);
- lib->attributes->add_provider(lib->attributes, &this->attribute->provider);
+ hydra->attributes->add_provider(hydra->attributes, &this->attribute->provider);
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h b/src/libhydra/plugins/attr_sql/attr_sql_plugin.h
index 3a60ea0d2..ba85a6b28 100644
--- a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h
+++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.h
@@ -15,7 +15,7 @@
/**
* @defgroup attr_sql attr_sql
- * @ingroup plugins
+ * @ingroup hplugins
*
* @defgroup sql_plugin sql_plugin
* @{ @ingroup attr_sql
@@ -39,9 +39,4 @@ struct attr_sql_plugin_t {
plugin_t plugin;
};
-/**
- * Create a sql_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** ATTR_SQL_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/attr_sql/pool.c b/src/libhydra/plugins/attr_sql/pool.c
index 85b30a70f..fed89fc51 100644
--- a/src/libstrongswan/plugins/attr_sql/pool.c
+++ b/src/libhydra/plugins/attr_sql/pool.c
@@ -18,6 +18,8 @@
#include <unistd.h>
#include <stdio.h>
#include <time.h>
+#include <string.h>
+#include <errno.h>
#include <debug.h>
#include <library.h>
@@ -36,6 +38,85 @@ database_t *db;
host_t *start = NULL, *end = NULL, *server = NULL;
/**
+ * whether --add should --replace an existing pool
+ */
+bool replace_pool = FALSE;
+
+/**
+ * forward declarations
+ */
+static void del(char *name);
+static void do_args(int argc, char *argv[]);
+
+/**
+ * nesting counter for database transaction functions
+ */
+int nested_transaction = 0;
+
+/**
+ * start a database transaction
+ */
+static void begin_transaction()
+{
+ if (db->get_driver(db) == DB_SQLITE)
+ {
+ if (!nested_transaction)
+ {
+ db->execute(db, NULL, "BEGIN EXCLUSIVE TRANSACTION");
+ }
+ ++nested_transaction;
+ }
+}
+
+/**
+ * commit a database transaction
+ */
+static void commit_transaction()
+{
+ if (db->get_driver(db) == DB_SQLITE)
+ {
+ --nested_transaction;
+ if (!nested_transaction)
+ {
+ db->execute(db, NULL, "END TRANSACTION");
+ }
+ }
+}
+
+/**
+ * Create or replace a pool by name
+ */
+static u_int create_pool(char *name, chunk_t start, chunk_t end, int timeout)
+{
+ enumerator_t *e;
+ int pool;
+
+ e = db->query(db, "SELECT id FROM pools WHERE name = ?",
+ DB_TEXT, name, DB_UINT);
+ if (e && e->enumerate(e, &pool))
+ {
+ if (replace_pool == FALSE)
+ {
+ fprintf(stderr, "pool '%s' exists.\n", name);
+ e->destroy(e);
+ exit(EXIT_FAILURE);
+ }
+ del(name);
+ }
+ DESTROY_IF(e);
+ if (db->execute(db, &pool,
+ "INSERT INTO pools (name, start, end, timeout) VALUES (?, ?, ?, ?)",
+ DB_TEXT, name, DB_BLOB, start, DB_BLOB, end,
+ DB_INT, timeout*3600) != 1)
+ {
+ fprintf(stderr, "creating pool failed.\n");
+ exit(EXIT_FAILURE);
+ }
+
+ return pool;
+}
+
+/**
* instead of a pool handle a DNS or NBNS attribute
*/
static bool is_attribute(char *name)
@@ -84,18 +165,32 @@ static void usage(void)
{
printf("\
Usage:\n\
- ipsec pool --status|--add|--del|--resize|--purge [options]\n\
+ ipsec pool --status|--add|--replace|--del|--resize|--purge [options]\n\
\n\
ipsec pool --status\n\
Show a list of installed pools with statistics.\n\
\n\
ipsec pool --add <name> --start <start> --end <end> [--timeout <timeout>]\n\
- Add a new pool to the database.\n\
+ ipsec pool --replace <name> --start <start> --end <end> [--timeout <timeout>]\n\
+ Add a new pool to or replace an existing pool in the database.\n\
name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
start: Start address of the pool\n\
end: End address of the pool\n\
timeout: Lease time in hours, 0 for static leases\n\
\n\
+ ipsec pool --add <name> --addresses <file> [--timeout <timeout>]\n\
+ ipsec pool --replace <name> --addresses <file> [--timeout <timeout>]\n\
+ Add a new pool to or replace an existing pool in the database.\n\
+ name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
+ file: File newline separated addresses for the pool are read from.\n\
+ Optionally each address can be pre-assigned to a roadwarrior\n\
+ identity, e.g. 10.231.14.2=alice@strongswan.org.\n\
+ If a - (hyphen) is given instead of a file name, the addresses\n\
+ are read from STDIN. Reading addresses stops at the end of file\n\
+ or an empty line. Pools created with this command can not be\n\
+ resized.\n\
+ timeout: Lease time in hours, 0 for static leases\n\
+ \n\
ipsec pool --add dns|nbns|wins --server <server>\n\
Add a new DNS or NBNS server to the database.\n\
server: IP address of the name server\n\
@@ -127,8 +222,19 @@ Usage:\n\
ipsec pool --purge <name>\n\
Delete lease history of a pool:\n\
name: Name of the pool to purge\n\
+ \n\
+ ipsec pool --batch <file>\n\
+ Read commands from a file and execute them atomically.\n\
+ file: File to read the newline separated commands from. Commands\n\
+ appear as they are written on the command line, e.g.\n\
+ --replace mypool --start 10.0.0.1 --end 10.0.0.254\n\
+ --del dns\n\
+ --add dns --server 10.1.0.1\n\
+ --add dns --server 10.1.1.1\n\
+ If a - (hyphen) is given as a file name, the commands are read\n\
+ from STDIN. Readin commands stops at the end of file. Empty\n\
+ lines are ignored. The file may not contain a --batch command.\n\
\n");
- exit(0);
}
/**
@@ -268,8 +374,14 @@ static void status(void)
start = host_create_from_chunk(AF_UNSPEC, start_chunk, 0);
end = host_create_from_chunk(AF_UNSPEC, end_chunk, 0);
- size = get_pool_size(start_chunk, end_chunk);
- printf("%8s %15H %15H ", name, start, end);
+ if (start->is_anyaddr(start) && end->is_anyaddr(end))
+ {
+ printf("%8s %15s %15s ", name, "n/a", "n/a");
+ }
+ else
+ {
+ printf("%8s %15H %15H ", name, start, end);
+ }
if (timeout)
{
printf("%7dh ", timeout/3600);
@@ -278,6 +390,14 @@ static void status(void)
{
printf("%8s ", "static");
}
+ /* get total number of hosts in the pool */
+ lease = db->query(db, "SELECT COUNT(*) FROM addresses "
+ "WHERE pool = ?", DB_UINT, id, DB_INT);
+ if (lease)
+ {
+ lease->enumerate(lease, &size);
+ lease->destroy(lease);
+ }
printf("%6d ", size);
/* get number of online hosts */
lease = db->query(db, "SELECT COUNT(*) FROM addresses "
@@ -313,7 +433,6 @@ static void status(void)
{
printf("no pools found.\n");
}
- exit(0);
}
/**
@@ -333,23 +452,13 @@ static void add(char *name, host_t *start, host_t *end, int timeout)
memcmp(start_addr.ptr, end_addr.ptr, start_addr.len) > 0)
{
fprintf(stderr, "invalid start/end pair specified.\n");
- exit(-1);
- }
- if (db->execute(db, &id,
- "INSERT INTO pools (name, start, end, timeout) "
- "VALUES (?, ?, ?, ?)",
- DB_TEXT, name, DB_BLOB, start_addr,
- DB_BLOB, end_addr, DB_INT, timeout*3600) != 1)
- {
- fprintf(stderr, "creating pool failed.\n");
- exit(-1);
+ exit(EXIT_FAILURE);
}
+ id = create_pool(name, start_addr, end_addr, timeout);
printf("allocating %d addresses... ", count);
fflush(stdout);
- if (db->get_driver(db) == DB_SQLITE)
- { /* run population in a transaction for sqlite */
- db->execute(db, NULL, "BEGIN TRANSACTION");
- }
+ /* run population in a transaction for sqlite */
+ begin_transaction();
while (TRUE)
{
db->execute(db, NULL,
@@ -362,13 +471,125 @@ static void add(char *name, host_t *start, host_t *end, int timeout)
}
chunk_increment(cur_addr);
}
- if (db->get_driver(db) == DB_SQLITE)
+ commit_transaction();
+ printf("done.\n", count);
+}
+
+static bool add_address(u_int pool_id, char *address_str, int *family)
+{
+ host_t *address;
+ int user_id = 0;
+
+ char *pos_eq = strchr(address_str, '=');
+ if (pos_eq != NULL)
{
- db->execute(db, NULL, "END TRANSACTION");
+ enumerator_t *e;
+ identification_t *id = identification_create_from_string(pos_eq + 1);
+
+ /* look for peer identity in the identities table */
+ e = db->query(db,
+ "SELECT id FROM identities WHERE type = ? AND data = ?",
+ DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
+ DB_UINT);
+
+ if (!e || !e->enumerate(e, &user_id))
+ {
+ /* not found, insert new one */
+ if (db->execute(db, &user_id,
+ "INSERT INTO identities (type, data) VALUES (?, ?)",
+ DB_INT, id->get_type(id),
+ DB_BLOB, id->get_encoding(id)) != 1)
+ {
+ fprintf(stderr, "creating id '%s' failed.\n", pos_eq + 1);
+ return FALSE;
+ }
+ }
+ DESTROY_IF(e);
+ id->destroy(id);
+ *pos_eq = '\0';
}
- printf("done.\n", count);
- exit(0);
+ address = host_create_from_string(address_str, 0);
+ if (address == NULL)
+ {
+ fprintf(stderr, "invalid address '%s'.\n", address_str);
+ return FALSE;
+ }
+ if (family && *family && *family != address->get_family(address))
+ {
+ fprintf(stderr, "invalid address family '%s'.\n", address_str);
+ return FALSE;
+ }
+
+ if (db->execute(db, NULL,
+ "INSERT INTO addresses "
+ "(pool, address, identity, acquired, released) "
+ "VALUES (?, ?, ?, ?, ?)",
+ DB_UINT, pool_id, DB_BLOB, address->get_address(address),
+ DB_UINT, user_id, DB_UINT, 0, DB_UINT, 1) != 1)
+ {
+ fprintf(stderr, "inserting address '%s' failed.\n", address_str);
+ return FALSE;
+ }
+ *family = address->get_family(address);
+ address->destroy(address);
+
+ return TRUE;
+}
+
+static void add_addresses(char *pool, char *path, int timeout)
+{
+ u_int pool_id, count = 0;
+ int family = AF_UNSPEC;
+ char address_str[512];
+ host_t *addr;
+ FILE *file;
+
+ /* run population in a transaction for sqlite */
+ begin_transaction();
+
+ addr = host_create_from_string("%any", 0);
+ pool_id = create_pool(pool, addr->get_address(addr),
+ addr->get_address(addr), timeout);
+ addr->destroy(addr);
+
+ file = (strcmp(path, "-") == 0 ? stdin : fopen(path, "r"));
+ if (file == NULL)
+ {
+ fprintf(stderr, "opening '%s' failed: %s\n", path, strerror(errno));
+ exit(-1);
+ }
+
+ printf("starting allocation... ");
+ fflush(stdout);
+
+ while (fgets(address_str, sizeof(address_str), file))
+ {
+ size_t addr_len = strlen(address_str);
+ char *last_chr = address_str + addr_len - 1;
+ if (*last_chr == '\n')
+ {
+ if (addr_len == 1)
+ { /* end of input */
+ break;
+ }
+ *last_chr = '\0';
+ }
+ if (add_address(pool_id, address_str, &family) == FALSE)
+ {
+ exit(EXIT_FAILURE);
+ }
+ ++count;
+ }
+
+ if (file != stdin)
+ {
+ fclose(file);
+ }
+
+ commit_transaction();
+
+ printf("%d addresses done.\n", count);
}
/**
@@ -386,10 +607,9 @@ static void add_attr(char *name, host_t *server)
DB_INT, type, DB_BLOB, value) != 1)
{
fprintf(stderr, "adding %s server %H failed.\n", name, server);
- exit(-1);
+ exit(EXIT_FAILURE);
}
printf("added %s server %H\n", name, server);
- exit(0);
}
/**
@@ -406,7 +626,7 @@ static void del(char *name)
if (!query)
{
fprintf(stderr, "deleting pool failed.\n");
- exit(-1);
+ exit(EXIT_FAILURE);
}
while (query->enumerate(query, &id))
{
@@ -421,16 +641,15 @@ static void del(char *name)
{
fprintf(stderr, "deleting pool failed.\n");
query->destroy(query);
- exit(-1);
+ exit(EXIT_FAILURE);
}
}
query->destroy(query);
if (!found)
{
fprintf(stderr, "pool '%s' not found.\n", name);
- exit(-1);
+ exit(EXIT_FAILURE);
}
- exit(0);
}
/**
@@ -448,7 +667,7 @@ static void del_attr(char *name, host_t *server)
{
type = get_attribute_type(name, server);
value = server->get_address(server);
- query = db->query(db,
+ query = db->query(db,
"SELECT id, type, value FROM attributes "
"WHERE type = ? AND value = ?",
DB_INT, type, DB_BLOB, value,
@@ -468,17 +687,17 @@ static void del_attr(char *name, host_t *server)
type_ip4 = INTERNAL_IP4_NBNS;
type_ip6 = INTERNAL_IP6_NBNS;
}
-
+
query = db->query(db,
"SELECT id, type, value FROM attributes "
"WHERE type = ? OR type = ?",
DB_INT, type_ip4, DB_INT, type_ip6,
DB_UINT, DB_INT, DB_BLOB);
- }
+ }
if (!query)
{
fprintf(stderr, "deleting %s servers failed.\n", name);
- exit(-1);
+ exit(EXIT_FAILURE);
}
while (query->enumerate(query, &id, &type, &value))
@@ -497,45 +716,33 @@ static void del_attr(char *name, host_t *server)
fprintf(stderr, "deleting %s server %H failed\n", name, host);
query->destroy(query);
DESTROY_IF(host);
- exit(-1);
+ exit(EXIT_FAILURE);
}
printf("deleted %s server %H\n", name, host);
DESTROY_IF(host);
}
query->destroy(query);
- if (!found)
+ if (!found && server)
{
- printf("no matching %s servers found\n", name);
- exit(-1);
+ printf("%s server %H not found\n", name, server);
+ exit(EXIT_FAILURE);
+ }
+ else if (!found)
+ {
+ printf("no %s servers found\n", name);
}
- exit(0);
}
/**
- * ipsec pool --resize - resize a pool if (db->execute(db, NULL,
- "DELETE FROM attributes WHERE type = ? AND value = ?",
- DB_INT, type, DB_BLOB, value) != 1)
- {
- fprintf(stderr, "deleting %s server %H failed\n", name, server);
- exit(-1);
- }
- printf("deleted %s server %H\n", name, server);
- if (db->execute(db, NULL,
- "DELETE FROM attributes WHERE type = ? AND value = ?",
- DB_INT, type, DB_BLOB, value) != 1)
- {
- fprintf(stderr, "deleting %s server %H failed\n", name, server);
- exit(-1);
- }
- printf("deleted %s server %H\n", name, server);
-
+ * ipsec pool --resize - resize a pool
*/
static void resize(char *name, host_t *end)
{
enumerator_t *query;
chunk_t old_addr, new_addr, cur_addr;
u_int id, count;
+ host_t *old_end;
new_addr = end->get_address(end);
@@ -545,33 +752,41 @@ static void resize(char *name, host_t *end)
{
DESTROY_IF(query);
fprintf(stderr, "resizing pool failed.\n");
- exit(-1);
+ exit(EXIT_FAILURE);
}
if (old_addr.len != new_addr.len ||
memcmp(new_addr.ptr, old_addr.ptr, old_addr.len) < 0)
{
fprintf(stderr, "shrinking of pools not supported.\n");
query->destroy(query);
- exit(-1);
+ exit(EXIT_FAILURE);
}
cur_addr = chunk_clonea(old_addr);
count = get_pool_size(old_addr, new_addr) - 1;
query->destroy(query);
+ /* Check whether pool is resizable */
+ old_end = host_create_from_chunk(AF_UNSPEC, old_addr, 0);
+ if (old_end && old_end->is_anyaddr(old_end))
+ {
+ fprintf(stderr, "pool is not resizable.\n");
+ old_end->destroy(old_end);
+ exit(EXIT_FAILURE);
+ }
+ DESTROY_IF(old_end);
+
if (db->execute(db, NULL,
"UPDATE pools SET end = ? WHERE name = ?",
DB_BLOB, new_addr, DB_TEXT, name) <= 0)
{
fprintf(stderr, "pool '%s' not found.\n", name);
- exit(-1);
+ exit(EXIT_FAILURE);
}
printf("allocating %d new addresses... ", count);
fflush(stdout);
- if (db->get_driver(db) == DB_SQLITE)
- { /* run population in a transaction for sqlite */
- db->execute(db, NULL, "BEGIN TRANSACTION");
- }
+ /* run population in a transaction for sqlite */
+ begin_transaction();
while (count-- > 0)
{
chunk_increment(cur_addr);
@@ -580,13 +795,9 @@ static void resize(char *name, host_t *end)
"VALUES (?, ?, ?, ?, ?)",
DB_UINT, id, DB_BLOB, cur_addr, DB_UINT, 0, DB_UINT, 0, DB_UINT, 1);
}
- if (db->get_driver(db) == DB_SQLITE)
- {
- db->execute(db, NULL, "END TRANSACTION");
- }
+ commit_transaction();
printf("done.\n", count);
- exit(0);
}
/**
@@ -652,7 +863,7 @@ static enumerator_t *create_lease_query(char *filter)
if (!addr)
{
fprintf(stderr, "invalid 'addr' in filter string.\n");
- exit(-1);
+ exit(EXIT_FAILURE);
}
break;
case FIL_TSTAMP:
@@ -683,13 +894,13 @@ static enumerator_t *create_lease_query(char *filter)
else
{
fprintf(stderr, "invalid 'state' in filter string.\n");
- exit(-1);
+ exit(EXIT_FAILURE);
}
}
break;
default:
fprintf(stderr, "invalid filter string.\n");
- exit(-1);
+ exit(EXIT_FAILURE);
break;
}
}
@@ -748,7 +959,8 @@ static void leases(char *filter, bool utc)
chunk_t address_chunk, identity_chunk;
int identity_type;
char *name;
- u_int acquired, released, timeout;
+ u_int db_acquired, db_released, db_timeout;
+ time_t acquired, released, timeout;
host_t *address;
identification_t *identity;
bool found = FALSE;
@@ -757,10 +969,10 @@ static void leases(char *filter, bool utc)
if (!query)
{
fprintf(stderr, "querying leases failed.\n");
- exit(-1);
+ exit(EXIT_FAILURE);
}
while (query->enumerate(query, &name, &address_chunk, &identity_type,
- &identity_chunk, &acquired, &released, &timeout))
+ &identity_chunk, &db_acquired, &db_released, &db_timeout))
{
if (!found)
{
@@ -773,6 +985,11 @@ static void leases(char *filter, bool utc)
address = host_create_from_chunk(AF_UNSPEC, address_chunk, 0);
identity = identification_create_from_encoding(identity_type, identity_chunk);
+ /* u_int is not always equal to time_t */
+ acquired = (time_t)db_acquired;
+ released = (time_t)db_released;
+ timeout = (time_t)db_timeout;
+
printf("%-8s %-15H ", name, address);
if (released == 0)
{
@@ -812,9 +1029,8 @@ static void leases(char *filter, bool utc)
if (!found)
{
fprintf(stderr, "no matching leases found.\n");
- exit(-1);
+ exit(EXIT_FAILURE);
}
- exit(0);
}
/**
@@ -832,10 +1048,82 @@ static void purge(char *name)
if (purged < 0)
{
fprintf(stderr, "purging pool '%s' failed.\n", name);
- exit(-1);
+ exit(EXIT_FAILURE);
}
fprintf(stderr, "purged %d leases in pool '%s'.\n", purged, name);
- exit(0);
+}
+
+#define ARGV_SIZE 32
+
+static void argv_add(char **argv, int argc, char *value)
+{
+ if (argc >= ARGV_SIZE)
+ {
+ fprintf(stderr, "too many arguments: %s\n", value);
+ exit(EXIT_FAILURE);
+ }
+ argv[argc] = value;
+}
+
+/**
+ * ipsec pool --batch - read commands from a file
+ */
+static void batch(char *argv0, char *name)
+{
+ char command[512];
+
+ FILE *file = strncmp(name, "-", 1) == 0 ? stdin : fopen(name, "r");
+ if (file == NULL)
+ {
+ fprintf(stderr, "opening '%s' failed: %s\n", name, strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+
+ begin_transaction();
+ while (fgets(command, sizeof(command), file))
+ {
+ char *argv[ARGV_SIZE], *start;
+ int i, argc = 0;
+ size_t cmd_len = strlen(command);
+
+ /* ignore empty lines */
+ if (cmd_len == 1 && *(command + cmd_len - 1) == '\n')
+ {
+ continue;
+ }
+
+ /* parse command into argv */
+ start = command;
+ argv_add(argv, argc++, argv0);
+ for (i = 0; i < cmd_len; ++i)
+ {
+ if (command[i] == ' ' || command[i] == '\n')
+ {
+ if (command + i == start)
+ {
+ /* ignore leading whitespace */
+ ++start;
+ continue;
+ }
+ command[i] = '\0';
+ argv_add(argv, argc++, start);
+ start = command + i + 1;
+ }
+ }
+ if (strlen(start) > 0)
+ {
+ argv_add(argv, argc++, start);
+ }
+ argv_add(argv, argc, NULL);
+
+ do_args(argc, argv);
+ }
+ commit_transaction();
+
+ if (file != stdin)
+ {
+ fclose(file);
+ }
}
/**
@@ -849,12 +1137,13 @@ static void cleanup(void)
DESTROY_IF(server);
}
-int main(int argc, char *argv[])
+static void do_args(int argc, char *argv[])
{
- char *uri, *name = "", *filter = "";
+ char *name = "", *filter = "", *addresses = NULL;
int timeout = 0;
bool utc = FALSE;
enum {
+ OP_UNDEF,
OP_USAGE,
OP_STATUS,
OP_ADD,
@@ -863,41 +1152,12 @@ int main(int argc, char *argv[])
OP_DEL_ATTR,
OP_RESIZE,
OP_LEASES,
- OP_PURGE
- } operation = OP_USAGE;
+ OP_PURGE,
+ OP_BATCH
+ } operation = OP_UNDEF;
- atexit(library_deinit);
-
- /* initialize library */
- if (!library_init(NULL))
- {
- exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
- }
- if (lib->integrity &&
- !lib->integrity->check_file(lib->integrity, "pool", argv[0]))
- {
- fprintf(stderr, "integrity check of pool failed\n");
- exit(SS_RC_DAEMON_INTEGRITY);
- }
- if (!lib->plugins->load(lib->plugins, NULL,
- lib->settings->get_str(lib->settings, "pool.load", PLUGINS)))
- {
- exit(SS_RC_INITIALIZATION_FAILED);
- }
-
- uri = lib->settings->get_str(lib->settings, "libstrongswan.plugins.attr-sql.database", NULL);
- if (!uri)
- {
- fprintf(stderr, "database URI libstrongswan.plugins.attr-sql.database not set.\n");
- exit(SS_RC_INITIALIZATION_FAILED);
- }
- db = lib->db->create(lib->db, uri);
- if (!db)
- {
- fprintf(stderr, "opening database failed.\n");
- exit(SS_RC_INITIALIZATION_FAILED);
- }
- atexit(cleanup);
+ /* reinit getopt state */
+ optind = 0;
while (TRUE)
{
@@ -909,13 +1169,16 @@ int main(int argc, char *argv[])
{ "utc", no_argument, NULL, 'u' },
{ "status", no_argument, NULL, 'w' },
{ "add", required_argument, NULL, 'a' },
+ { "replace", required_argument, NULL, 'c' },
{ "del", required_argument, NULL, 'd' },
{ "resize", required_argument, NULL, 'r' },
{ "leases", no_argument, NULL, 'l' },
{ "purge", required_argument, NULL, 'p' },
+ { "batch", required_argument, NULL, 'b' },
{ "start", required_argument, NULL, 's' },
{ "end", required_argument, NULL, 'e' },
+ { "addresses", required_argument, NULL, 'x' },
{ "timeout", required_argument, NULL, 't' },
{ "filter", required_argument, NULL, 'f' },
{ "server", required_argument, NULL, 'v' },
@@ -928,6 +1191,7 @@ int main(int argc, char *argv[])
case EOF:
break;
case 'h':
+ operation = OP_USAGE;
break;
case 'w':
operation = OP_STATUS;
@@ -935,9 +1199,18 @@ int main(int argc, char *argv[])
case 'u':
utc = TRUE;
continue;
+ case 'c':
+ replace_pool = TRUE;
+ /* fallthrough */
case 'a':
name = optarg;
operation = is_attribute(name) ? OP_ADD_ATTR : OP_ADD;
+ if (replace_pool && operation == OP_ADD_ATTR)
+ {
+ fprintf(stderr, "invalid pool name: '%s'.\n", optarg);
+ usage();
+ exit(EXIT_FAILURE);
+ }
continue;
case 'd':
name = optarg;
@@ -954,22 +1227,33 @@ int main(int argc, char *argv[])
name = optarg;
operation = OP_PURGE;
continue;
+ case 'b':
+ name = optarg;
+ if (operation == OP_BATCH)
+ {
+ fprintf(stderr, "--batch commands can not be nested\n");
+ exit(EXIT_FAILURE);
+ }
+ operation = OP_BATCH;
+ continue;
case 's':
+ DESTROY_IF(start);
start = host_create_from_string(optarg, 0);
if (start == NULL)
{
fprintf(stderr, "invalid start address: '%s'.\n", optarg);
- operation = OP_USAGE;
- break;
+ usage();
+ exit(EXIT_FAILURE);
}
continue;
case 'e':
+ DESTROY_IF(end);
end = host_create_from_string(optarg, 0);
if (end == NULL)
{
fprintf(stderr, "invalid end address: '%s'.\n", optarg);
- operation = OP_USAGE;
- break;
+ usage();
+ exit(EXIT_FAILURE);
}
continue;
case 't':
@@ -977,24 +1261,29 @@ int main(int argc, char *argv[])
if (timeout == 0 && strcmp(optarg, "0") != 0)
{
fprintf(stderr, "invalid timeout '%s'.\n", optarg);
- operation = OP_USAGE;
- break;
+ usage();
+ exit(EXIT_FAILURE);
}
continue;
case 'f':
filter = optarg;
continue;
+ case 'x':
+ addresses = optarg;
+ continue;
case 'v':
+ DESTROY_IF(server);
server = host_create_from_string(optarg, 0);
if (server == NULL)
{
fprintf(stderr, "invalid server address: '%s'.\n", optarg);
- operation = OP_USAGE;
- break;
+ usage();
+ exit(EXIT_FAILURE);
}
continue;
default:
- operation = OP_USAGE;
+ usage();
+ exit(EXIT_FAILURE);
break;
}
break;
@@ -1009,18 +1298,27 @@ int main(int argc, char *argv[])
status();
break;
case OP_ADD:
- if (start == NULL || end == NULL)
+ if (addresses != NULL)
+ {
+ add_addresses(name, addresses, timeout);
+ }
+ else if (start != NULL && end != NULL)
+ {
+ add(name, start, end, timeout);
+ }
+ else
{
fprintf(stderr, "missing arguments.\n");
usage();
+ exit(EXIT_FAILURE);
}
- add(name, start, end, timeout);
break;
case OP_ADD_ATTR:
if (server == NULL)
{
fprintf(stderr, "missing arguments.\n");
usage();
+ exit(EXIT_FAILURE);
}
add_attr(name, server);
break;
@@ -1035,6 +1333,7 @@ int main(int argc, char *argv[])
{
fprintf(stderr, "missing arguments.\n");
usage();
+ exit(EXIT_FAILURE);
}
resize(name, end);
break;
@@ -1044,7 +1343,60 @@ int main(int argc, char *argv[])
case OP_PURGE:
purge(name);
break;
+ case OP_BATCH:
+ if (name == NULL)
+ {
+ fprintf(stderr, "missing arguments.\n");
+ usage();
+ exit(EXIT_FAILURE);
+ }
+ batch(argv[0], name);
+ break;
+ default:
+ usage();
+ exit(EXIT_FAILURE);
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ char *uri;
+
+ atexit(library_deinit);
+
+ /* initialize library */
+ if (!library_init(NULL))
+ {
+ exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
- exit(0);
+ if (lib->integrity &&
+ !lib->integrity->check_file(lib->integrity, "pool", argv[0]))
+ {
+ fprintf(stderr, "integrity check of pool failed\n");
+ exit(SS_RC_DAEMON_INTEGRITY);
+ }
+ if (!lib->plugins->load(lib->plugins, NULL,
+ lib->settings->get_str(lib->settings, "pool.load", PLUGINS)))
+ {
+ exit(SS_RC_INITIALIZATION_FAILED);
+ }
+
+ uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL);
+ if (!uri)
+ {
+ fprintf(stderr, "database URI libhydra.plugins.attr-sql.database not set.\n");
+ exit(SS_RC_INITIALIZATION_FAILED);
+ }
+ db = lib->db->create(lib->db, uri);
+ if (!db)
+ {
+ fprintf(stderr, "opening database failed.\n");
+ exit(SS_RC_INITIALIZATION_FAILED);
+ }
+ atexit(cleanup);
+
+ do_args(argc, argv);
+
+ exit(EXIT_SUCCESS);
}
diff --git a/src/libstrongswan/plugins/attr_sql/sql_attribute.c b/src/libhydra/plugins/attr_sql/sql_attribute.c
index a89195b6d..a7cfde649 100644
--- a/src/libstrongswan/plugins/attr_sql/sql_attribute.c
+++ b/src/libhydra/plugins/attr_sql/sql_attribute.c
@@ -127,8 +127,8 @@ static host_t* check_lease(private_sql_attribute_t *this, char *name,
host = host_create_from_chunk(AF_UNSPEC, address, 0);
if (host)
{
- DBG1("acquired existing lease for address %H in pool '%s'",
- host, name);
+ DBG1(DBG_CFG, "acquired existing lease for address %H in"
+ " pool '%s'", host, name);
return host;
}
}
@@ -202,13 +202,13 @@ static host_t* get_lease(private_sql_attribute_t *this, char *name,
host = host_create_from_chunk(AF_UNSPEC, address, 0);
if (host)
{
- DBG1("acquired new lease for address %H in pool '%s'",
+ DBG1(DBG_CFG, "acquired new lease for address %H in pool '%s'",
host, name);
return host;
}
}
}
- DBG1("no available address found in pool '%s'", name);
+ DBG1(DBG_CFG, "no available address found in pool '%s'", name);
return NULL;
}
@@ -366,7 +366,7 @@ sql_attribute_t *sql_attribute_create(database_t *db)
this->db = db;
this->history = lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.attr-sql.lease_history", TRUE);
+ "libhydra.plugins.attr-sql.lease_history", TRUE);
/* close any "online" leases in the case we crashed */
if (this->history)
diff --git a/src/libstrongswan/plugins/attr_sql/sql_attribute.h b/src/libhydra/plugins/attr_sql/sql_attribute.h
index ca87eb27e..ca87eb27e 100644
--- a/src/libstrongswan/plugins/attr_sql/sql_attribute.h
+++ b/src/libhydra/plugins/attr_sql/sql_attribute.h
diff --git a/src/libsimaka/Makefile.am b/src/libsimaka/Makefile.am
index f64e4dba3..8e7a1f0d3 100644
--- a/src/libsimaka/Makefile.am
+++ b/src/libsimaka/Makefile.am
@@ -1,5 +1,5 @@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
noinst_LTLIBRARIES = libsimaka.la
libsimaka_la_SOURCES = simaka_message.h simaka_message.c \
diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in
index 9a448ef02..ab07cb214 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libsimaka/Makefile.in
@@ -192,6 +192,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -226,7 +227,7 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
noinst_LTLIBRARIES = libsimaka.la
libsimaka_la_SOURCES = simaka_message.h simaka_message.c \
simaka_crypto.h simaka_crypto.c
diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c
index 22d111bfd..e0319e918 100644
--- a/src/libsimaka/simaka_message.c
+++ b/src/libsimaka/simaka_message.c
@@ -256,16 +256,12 @@ static void add_attribute(private_simaka_message_t *this,
{
attr_t *attr;
- if (!charon->sim->attribute_hook(charon->sim, this->hdr->code,
- this->hdr->type, this->hdr->subtype, type, data))
- {
- attr = malloc(sizeof(attr_t) + data.len);
- attr->len = data.len;
- attr->type = type;
- memcpy(attr->data, data.ptr, data.len);
+ attr = malloc(sizeof(attr_t) + data.len);
+ attr->len = data.len;
+ attr->type = type;
+ memcpy(attr->data, data.ptr, data.len);
- this->attributes->insert_last(this->attributes, attr);
- }
+ this->attributes->insert_last(this->attributes, attr);
}
/**
@@ -463,6 +459,9 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in)
break;
}
}
+
+ charon->sim->message_hook(charon->sim, &this->public, TRUE, this->encrypted);
+
return TRUE;
}
@@ -604,6 +603,8 @@ static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata)
u_int16_t len;
signer_t *signer;
+ charon->sim->message_hook(charon->sim, &this->public, FALSE, TRUE);
+
out = chunk_create(out_buf, sizeof(out_buf));
encr = chunk_create(encr_buf, sizeof(encr_buf));
@@ -814,6 +815,9 @@ static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata)
data = chunk_cata("cc", out, sigdata);
signer->get_signature(signer, data, mac.ptr);
}
+
+ charon->sim->message_hook(charon->sim, &this->public, FALSE, FALSE);
+
return eap_payload_create_data(out);
}
diff --git a/src/libsimaka/simaka_message.h b/src/libsimaka/simaka_message.h
index ee9b3ebec..341f72959 100644
--- a/src/libsimaka/simaka_message.h
+++ b/src/libsimaka/simaka_message.h
@@ -31,7 +31,6 @@
#include "simaka_crypto.h"
-typedef struct simaka_message_t simaka_message_t;
typedef enum simaka_attribute_t simaka_attribute_t;
typedef enum simaka_subtype_t simaka_subtype_t;
typedef enum simaka_notification_t simaka_notification_t;
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk
new file mode 100644
index 000000000..d639220e3
--- /dev/null
+++ b/src/libstrongswan/Android.mk
@@ -0,0 +1,121 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# copy-n-paste from Makefile.am
+LOCAL_SRC_FILES := \
+library.c library.h \
+chunk.c chunk.h \
+debug.c debug.h \
+enum.c enum.h \
+settings.h settings.c \
+printf_hook.c printf_hook.h \
+asn1/asn1.c asn1/asn1.h \
+asn1/asn1_parser.c asn1/asn1_parser.h \
+asn1/oid.c asn1/oid.h \
+crypto/crypters/crypter.c crypto/crypters/crypter.h \
+crypto/hashers/hasher.h crypto/hashers/hasher.c \
+crypto/pkcs9.c crypto/pkcs9.h \
+crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords.h \
+crypto/prfs/prf.c crypto/prfs/prf.h \
+crypto/rngs/rng.c crypto/rngs/rng.h \
+crypto/prf_plus.h crypto/prf_plus.c \
+crypto/signers/signer.c crypto/signers/signer.h \
+crypto/crypto_factory.c crypto/crypto_factory.h \
+crypto/crypto_tester.c crypto/crypto_tester.h \
+crypto/diffie_hellman.c crypto/diffie_hellman.h \
+crypto/transform.c crypto/transform.h \
+credentials/credential_factory.c credentials/credential_factory.h \
+credentials/builder.c credentials/builder.h \
+credentials/keys/key_encoding.c credentials/keys/key_encoding.h \
+credentials/keys/private_key.c credentials/keys/private_key.h \
+credentials/keys/public_key.c credentials/keys/public_key.h \
+credentials/keys/shared_key.c credentials/keys/shared_key.h \
+credentials/certificates/certificate.c credentials/certificates/certificate.h \
+credentials/certificates/x509.h credentials/certificates/x509.c \
+credentials/certificates/ac.h \
+credentials/certificates/crl.h credentials/certificates/crl.c \
+credentials/certificates/pkcs10.h \
+credentials/certificates/ocsp_request.h \
+credentials/certificates/ocsp_response.h credentials/certificates/ocsp_response.c \
+credentials/certificates/pgp_certificate.h \
+credentials/ietf_attributes/ietf_attributes.c credentials/ietf_attributes/ietf_attributes.h \
+database/database.h database/database_factory.h database/database_factory.c \
+fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \
+selectors/traffic_selector.c selectors/traffic_selector.h \
+threading/thread.h threading/thread.c \
+threading/thread_value.h threading/thread_value.c \
+threading/mutex.h threading/mutex.c threading/condvar.h \
+threading/rwlock.h threading/rwlock.c \
+threading/lock_profiler.h \
+utils.h utils.c \
+utils/host.c utils/host.h \
+utils/identification.c utils/identification.h \
+utils/iterator.h \
+utils/lexparser.c utils/lexparser.h \
+utils/linked_list.c utils/linked_list.h \
+utils/hashtable.c utils/hashtable.h \
+utils/enumerator.c utils/enumerator.h \
+utils/optionsfrom.c utils/optionsfrom.h \
+utils/backtrace.c utils/backtrace.h \
+plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h
+
+# adding the plugin source files
+
+LOCAL_SRC_FILES += $(call add_plugin, aes)
+
+LOCAL_SRC_FILES += $(call add_plugin, des)
+
+LOCAL_SRC_FILES += $(call add_plugin, fips-prf)
+
+LOCAL_SRC_FILES += $(call add_plugin, gmp)
+ifneq ($(call plugin_enabled, gmp)),)
+LOCAL_C_INCLUDES += $(libgmp_PATH)
+LOCAL_SHARED_LIBRARIES += libgmp
+endif
+
+LOCAL_SRC_FILES += $(call add_plugin, hmac)
+
+LOCAL_SRC_FILES += $(call add_plugin, md4)
+
+LOCAL_SRC_FILES += $(call add_plugin, md5)
+
+LOCAL_SRC_FILES += $(call add_plugin, openssl)
+ifneq ($(call plugin_enabled, openssl)),)
+LOCAL_C_INCLUDES += external/openssl/include
+LOCAL_SHARED_LIBRARIES += libcrypto
+endif
+
+LOCAL_SRC_FILES += $(call add_plugin, pem)
+
+LOCAL_SRC_FILES += $(call add_plugin, pkcs1)
+
+LOCAL_SRC_FILES += $(call add_plugin, pubkey)
+
+LOCAL_SRC_FILES += $(call add_plugin, random)
+
+LOCAL_SRC_FILES += $(call add_plugin, sha1)
+
+LOCAL_SRC_FILES += $(call add_plugin, sha2)
+
+LOCAL_SRC_FILES += $(call add_plugin, x509)
+
+LOCAL_SRC_FILES += $(call add_plugin, xcbc)
+
+# build libstrongswan ----------------------------------------------------------
+
+LOCAL_C_INCLUDES += \
+ $(libvstr_PATH)
+
+LOCAL_CFLAGS := $(strongswan_CFLAGS) \
+ -include $(LOCAL_PATH)/AndroidConfigLocal.h
+
+LOCAL_MODULE := libstrongswan
+
+LOCAL_ARM_MODE := arm
+
+LOCAL_PRELINK_MODULE := false
+
+LOCAL_SHARED_LIBRARIES += libdl libvstr
+
+include $(BUILD_SHARED_LIBRARY)
+
diff --git a/src/libstrongswan/AndroidConfigLocal.h b/src/libstrongswan/AndroidConfigLocal.h
new file mode 100644
index 000000000..a6da3276a
--- /dev/null
+++ b/src/libstrongswan/AndroidConfigLocal.h
@@ -0,0 +1,9 @@
+/* stuff defined in AndroidConfig.h, which is included using the -include
+ * command-line option, thus cannot be undefined using -U CFLAGS options.
+ * the reason we have to undefine these flags in the first place, is that
+ * AndroidConfig.h defines them as 0, which in turn means that they are
+ * actually defined. */
+
+#undef HAVE_BACKTRACE
+#undef HAVE_DLADDR
+
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 7ee15052c..157d37b5e 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -10,9 +10,6 @@ printf_hook.c printf_hook.h \
asn1/asn1.c asn1/asn1.h \
asn1/asn1_parser.c asn1/asn1_parser.h \
asn1/oid.c asn1/oid.h \
-attributes/attributes.c attributes/attributes.h \
-attributes/attribute_provider.h attributes/attribute_handler.h \
-attributes/attribute_manager.c attributes/attribute_manager.h \
crypto/crypters/crypter.c crypto/crypters/crypter.h \
crypto/hashers/hasher.h crypto/hashers/hasher.c \
crypto/pkcs9.c crypto/pkcs9.h \
@@ -90,7 +87,8 @@ endif
EXTRA_DIST = \
asn1/oid.txt asn1/oid.pl \
-crypto/proposal/proposal_keywords.txt
+crypto/proposal/proposal_keywords.txt \
+Android.mk AndroidConfigLocal.h
BUILT_SOURCES = \
$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
@@ -115,116 +113,197 @@ $(srcdir)/crypto/proposal/proposal_keywords.c: $(srcdir)/crypto/proposal/proposa
# build plugins with their own Makefile
#######################################
+if MONOLITHIC
+SUBDIRS =
+else
SUBDIRS = .
+endif
if USE_AES
SUBDIRS += plugins/aes
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/aes/libstrongswan-aes.la
+endif
endif
if USE_DES
SUBDIRS += plugins/des
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/des/libstrongswan-des.la
+endif
endif
if USE_BLOWFISH
SUBDIRS += plugins/blowfish
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/blowfish/libstrongswan-blowfish.la
+endif
endif
if USE_MD4
SUBDIRS += plugins/md4
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/md4/libstrongswan-md4.la
+endif
endif
if USE_MD5
SUBDIRS += plugins/md5
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/md5/libstrongswan-md5.la
+endif
endif
if USE_SHA1
SUBDIRS += plugins/sha1
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/sha1/libstrongswan-sha1.la
+endif
endif
if USE_SHA2
SUBDIRS += plugins/sha2
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/sha2/libstrongswan-sha2.la
endif
-
-if USE_FIPS_PRF
- SUBDIRS += plugins/fips_prf
endif
if USE_GMP
SUBDIRS += plugins/gmp
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/gmp/libstrongswan-gmp.la
+endif
endif
if USE_RANDOM
SUBDIRS += plugins/random
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/random/libstrongswan-random.la
+endif
endif
if USE_HMAC
SUBDIRS += plugins/hmac
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/hmac/libstrongswan-hmac.la
+endif
endif
if USE_XCBC
SUBDIRS += plugins/xcbc
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/xcbc/libstrongswan-xcbc.la
+endif
endif
if USE_X509
SUBDIRS += plugins/x509
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/x509/libstrongswan-x509.la
+endif
endif
if USE_PUBKEY
SUBDIRS += plugins/pubkey
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/pubkey/libstrongswan-pubkey.la
+endif
endif
if USE_PKCS1
SUBDIRS += plugins/pkcs1
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/pkcs1/libstrongswan-pkcs1.la
+endif
endif
if USE_PGP
SUBDIRS += plugins/pgp
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/pgp/libstrongswan-pgp.la
+endif
endif
if USE_DNSKEY
SUBDIRS += plugins/dnskey
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/dnskey/libstrongswan-dnskey.la
+endif
endif
if USE_PEM
SUBDIRS += plugins/pem
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/pem/libstrongswan-pem.la
+endif
endif
if USE_CURL
SUBDIRS += plugins/curl
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/curl/libstrongswan-curl.la
+endif
endif
if USE_LDAP
SUBDIRS += plugins/ldap
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/ldap/libstrongswan-ldap.la
+endif
endif
if USE_MYSQL
SUBDIRS += plugins/mysql
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/mysql/libstrongswan-mysql.la
+endif
endif
if USE_SQLITE
SUBDIRS += plugins/sqlite
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/sqlite/libstrongswan-sqlite.la
endif
-
-if USE_ATTR_SQL
- SUBDIRS += plugins/attr_sql
endif
if USE_PADLOCK
SUBDIRS += plugins/padlock
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/padlock/libstrongswan-padlock.la
+endif
endif
if USE_OPENSSL
SUBDIRS += plugins/openssl
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/openssl/libstrongswan-openssl.la
+endif
endif
if USE_GCRYPT
SUBDIRS += plugins/gcrypt
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/gcrypt/libstrongswan-gcrypt.la
+endif
+endif
+
+if USE_FIPS_PRF
+ SUBDIRS += plugins/fips_prf
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/fips_prf/libstrongswan-fips-prf.la
+endif
endif
if USE_AGENT
SUBDIRS += plugins/agent
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/agent/libstrongswan-agent.la
+endif
endif
if USE_TEST_VECTORS
SUBDIRS += plugins/test_vectors
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/test_vectors/libstrongswan-test-vectors.la
+endif
endif
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index 729d32eb3..b8d967d4a 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -45,33 +45,59 @@ host_triplet = @host@
@USE_VSTR_TRUE@am__append_6 = -lvstr
@USE_AES_TRUE@am__append_7 = plugins/aes
-@USE_DES_TRUE@am__append_8 = plugins/des
-@USE_BLOWFISH_TRUE@am__append_9 = plugins/blowfish
-@USE_MD4_TRUE@am__append_10 = plugins/md4
-@USE_MD5_TRUE@am__append_11 = plugins/md5
-@USE_SHA1_TRUE@am__append_12 = plugins/sha1
-@USE_SHA2_TRUE@am__append_13 = plugins/sha2
-@USE_FIPS_PRF_TRUE@am__append_14 = plugins/fips_prf
-@USE_GMP_TRUE@am__append_15 = plugins/gmp
-@USE_RANDOM_TRUE@am__append_16 = plugins/random
-@USE_HMAC_TRUE@am__append_17 = plugins/hmac
-@USE_XCBC_TRUE@am__append_18 = plugins/xcbc
-@USE_X509_TRUE@am__append_19 = plugins/x509
-@USE_PUBKEY_TRUE@am__append_20 = plugins/pubkey
-@USE_PKCS1_TRUE@am__append_21 = plugins/pkcs1
-@USE_PGP_TRUE@am__append_22 = plugins/pgp
-@USE_DNSKEY_TRUE@am__append_23 = plugins/dnskey
-@USE_PEM_TRUE@am__append_24 = plugins/pem
-@USE_CURL_TRUE@am__append_25 = plugins/curl
-@USE_LDAP_TRUE@am__append_26 = plugins/ldap
-@USE_MYSQL_TRUE@am__append_27 = plugins/mysql
-@USE_SQLITE_TRUE@am__append_28 = plugins/sqlite
-@USE_ATTR_SQL_TRUE@am__append_29 = plugins/attr_sql
-@USE_PADLOCK_TRUE@am__append_30 = plugins/padlock
-@USE_OPENSSL_TRUE@am__append_31 = plugins/openssl
-@USE_GCRYPT_TRUE@am__append_32 = plugins/gcrypt
-@USE_AGENT_TRUE@am__append_33 = plugins/agent
-@USE_TEST_VECTORS_TRUE@am__append_34 = plugins/test_vectors
+@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_8 = plugins/aes/libstrongswan-aes.la
+@USE_DES_TRUE@am__append_9 = plugins/des
+@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_10 = plugins/des/libstrongswan-des.la
+@USE_BLOWFISH_TRUE@am__append_11 = plugins/blowfish
+@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_12 = plugins/blowfish/libstrongswan-blowfish.la
+@USE_MD4_TRUE@am__append_13 = plugins/md4
+@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_14 = plugins/md4/libstrongswan-md4.la
+@USE_MD5_TRUE@am__append_15 = plugins/md5
+@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_16 = plugins/md5/libstrongswan-md5.la
+@USE_SHA1_TRUE@am__append_17 = plugins/sha1
+@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_18 = plugins/sha1/libstrongswan-sha1.la
+@USE_SHA2_TRUE@am__append_19 = plugins/sha2
+@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_20 = plugins/sha2/libstrongswan-sha2.la
+@USE_GMP_TRUE@am__append_21 = plugins/gmp
+@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_22 = plugins/gmp/libstrongswan-gmp.la
+@USE_RANDOM_TRUE@am__append_23 = plugins/random
+@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_24 = plugins/random/libstrongswan-random.la
+@USE_HMAC_TRUE@am__append_25 = plugins/hmac
+@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_26 = plugins/hmac/libstrongswan-hmac.la
+@USE_XCBC_TRUE@am__append_27 = plugins/xcbc
+@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_28 = plugins/xcbc/libstrongswan-xcbc.la
+@USE_X509_TRUE@am__append_29 = plugins/x509
+@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_30 = plugins/x509/libstrongswan-x509.la
+@USE_PUBKEY_TRUE@am__append_31 = plugins/pubkey
+@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_32 = plugins/pubkey/libstrongswan-pubkey.la
+@USE_PKCS1_TRUE@am__append_33 = plugins/pkcs1
+@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_34 = plugins/pkcs1/libstrongswan-pkcs1.la
+@USE_PGP_TRUE@am__append_35 = plugins/pgp
+@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_36 = plugins/pgp/libstrongswan-pgp.la
+@USE_DNSKEY_TRUE@am__append_37 = plugins/dnskey
+@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_38 = plugins/dnskey/libstrongswan-dnskey.la
+@USE_PEM_TRUE@am__append_39 = plugins/pem
+@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_40 = plugins/pem/libstrongswan-pem.la
+@USE_CURL_TRUE@am__append_41 = plugins/curl
+@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_42 = plugins/curl/libstrongswan-curl.la
+@USE_LDAP_TRUE@am__append_43 = plugins/ldap
+@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_44 = plugins/ldap/libstrongswan-ldap.la
+@USE_MYSQL_TRUE@am__append_45 = plugins/mysql
+@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_46 = plugins/mysql/libstrongswan-mysql.la
+@USE_SQLITE_TRUE@am__append_47 = plugins/sqlite
+@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_48 = plugins/sqlite/libstrongswan-sqlite.la
+@USE_PADLOCK_TRUE@am__append_49 = plugins/padlock
+@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_50 = plugins/padlock/libstrongswan-padlock.la
+@USE_OPENSSL_TRUE@am__append_51 = plugins/openssl
+@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_52 = plugins/openssl/libstrongswan-openssl.la
+@USE_GCRYPT_TRUE@am__append_53 = plugins/gcrypt
+@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_54 = plugins/gcrypt/libstrongswan-gcrypt.la
+@USE_FIPS_PRF_TRUE@am__append_55 = plugins/fips_prf
+@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_56 = plugins/fips_prf/libstrongswan-fips-prf.la
+@USE_AGENT_TRUE@am__append_57 = plugins/agent
+@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_58 = plugins/agent/libstrongswan-agent.la
+@USE_TEST_VECTORS_TRUE@am__append_59 = plugins/test_vectors
+@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_60 = plugins/test_vectors/libstrongswan-test-vectors.la
subdir = src/libstrongswan
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -115,14 +141,20 @@ am__DEPENDENCIES_1 =
libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1) $(am__append_8) $(am__append_10) \
+ $(am__append_12) $(am__append_14) $(am__append_16) \
+ $(am__append_18) $(am__append_20) $(am__append_22) \
+ $(am__append_24) $(am__append_26) $(am__append_28) \
+ $(am__append_30) $(am__append_32) $(am__append_34) \
+ $(am__append_36) $(am__append_38) $(am__append_40) \
+ $(am__append_42) $(am__append_44) $(am__append_46) \
+ $(am__append_48) $(am__append_50) $(am__append_52) \
+ $(am__append_54) $(am__append_56) $(am__append_58) \
+ $(am__append_60)
am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \
chunk.h debug.c debug.h enum.c enum.h settings.h settings.c \
printf_hook.c printf_hook.h asn1/asn1.c asn1/asn1.h \
asn1/asn1_parser.c asn1/asn1_parser.h asn1/oid.c asn1/oid.h \
- attributes/attributes.c attributes/attributes.h \
- attributes/attribute_provider.h attributes/attribute_handler.h \
- attributes/attribute_manager.c attributes/attribute_manager.h \
crypto/crypters/crypter.c crypto/crypters/crypter.h \
crypto/hashers/hasher.h crypto/hashers/hasher.c crypto/pkcs9.c \
crypto/pkcs9.h crypto/proposal/proposal_keywords.c \
@@ -173,10 +205,10 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \
@USE_INTEGRITY_TEST_TRUE@am__objects_2 = integrity_checker.lo
am_libstrongswan_la_OBJECTS = library.lo chunk.lo debug.lo enum.lo \
settings.lo printf_hook.lo asn1.lo asn1_parser.lo oid.lo \
- attributes.lo attribute_manager.lo crypter.lo hasher.lo \
- pkcs9.lo proposal_keywords.lo prf.lo rng.lo prf_plus.lo \
- signer.lo crypto_factory.lo crypto_tester.lo diffie_hellman.lo \
- transform.lo credential_factory.lo builder.lo key_encoding.lo \
+ crypter.lo hasher.lo pkcs9.lo proposal_keywords.lo prf.lo \
+ rng.lo prf_plus.lo signer.lo crypto_factory.lo \
+ crypto_tester.lo diffie_hellman.lo transform.lo \
+ credential_factory.lo builder.lo key_encoding.lo \
private_key.lo public_key.lo shared_key.lo certificate.lo \
x509.lo crl.lo ocsp_response.lo ietf_attributes.lo \
database_factory.lo fetcher_manager.lo traffic_selector.lo \
@@ -215,13 +247,12 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = . plugins/aes plugins/des plugins/blowfish plugins/md4 \
- plugins/md5 plugins/sha1 plugins/sha2 plugins/fips_prf \
- plugins/gmp plugins/random plugins/hmac plugins/xcbc \
- plugins/x509 plugins/pubkey plugins/pkcs1 plugins/pgp \
- plugins/dnskey plugins/pem plugins/curl plugins/ldap \
- plugins/mysql plugins/sqlite plugins/attr_sql plugins/padlock \
- plugins/openssl plugins/gcrypt plugins/agent \
- plugins/test_vectors
+ plugins/md5 plugins/sha1 plugins/sha2 plugins/gmp \
+ plugins/random plugins/hmac plugins/xcbc plugins/x509 \
+ plugins/pubkey plugins/pkcs1 plugins/pgp plugins/dnskey \
+ plugins/pem plugins/curl plugins/ldap plugins/mysql \
+ plugins/sqlite plugins/padlock plugins/openssl plugins/gcrypt \
+ plugins/fips_prf plugins/agent plugins/test_vectors
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -368,6 +399,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -407,9 +439,6 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \
debug.h enum.c enum.h settings.h settings.c printf_hook.c \
printf_hook.h asn1/asn1.c asn1/asn1.h asn1/asn1_parser.c \
asn1/asn1_parser.h asn1/oid.c asn1/oid.h \
- attributes/attributes.c attributes/attributes.h \
- attributes/attribute_provider.h attributes/attribute_handler.h \
- attributes/attribute_manager.c attributes/attribute_manager.h \
crypto/crypters/crypter.c crypto/crypters/crypter.h \
crypto/hashers/hasher.h crypto/hashers/hasher.c crypto/pkcs9.c \
crypto/pkcs9.h crypto/proposal/proposal_keywords.c \
@@ -456,14 +485,24 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \
plugins/plugin_loader.h plugins/plugin.h $(am__append_2) \
$(am__append_5)
libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \
- $(RTLIB) $(am__append_6)
+ $(RTLIB) $(am__append_6) $(am__append_8) $(am__append_10) \
+ $(am__append_12) $(am__append_14) $(am__append_16) \
+ $(am__append_18) $(am__append_20) $(am__append_22) \
+ $(am__append_24) $(am__append_26) $(am__append_28) \
+ $(am__append_30) $(am__append_32) $(am__append_34) \
+ $(am__append_36) $(am__append_38) $(am__append_40) \
+ $(am__append_42) $(am__append_44) $(am__append_46) \
+ $(am__append_48) $(am__append_50) $(am__append_52) \
+ $(am__append_54) $(am__append_56) $(am__append_58) \
+ $(am__append_60)
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DPLUGINDIR=\"${plugindir}\" \
-DSTRONGSWAN_CONF=\"${strongswan_conf}\" $(am__append_1) \
$(am__append_3) $(am__append_4)
EXTRA_DIST = \
asn1/oid.txt asn1/oid.pl \
-crypto/proposal/proposal_keywords.txt
+crypto/proposal/proposal_keywords.txt \
+Android.mk AndroidConfigLocal.h
BUILT_SOURCES = \
$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
@@ -473,19 +512,37 @@ MAINTAINERCLEANFILES = \
$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
$(srcdir)/crypto/proposal/proposal_keywords.c
+@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_7) $(am__append_9) \
+@MONOLITHIC_FALSE@ $(am__append_11) $(am__append_13) \
+@MONOLITHIC_FALSE@ $(am__append_15) $(am__append_17) \
+@MONOLITHIC_FALSE@ $(am__append_19) $(am__append_21) \
+@MONOLITHIC_FALSE@ $(am__append_23) $(am__append_25) \
+@MONOLITHIC_FALSE@ $(am__append_27) $(am__append_29) \
+@MONOLITHIC_FALSE@ $(am__append_31) $(am__append_33) \
+@MONOLITHIC_FALSE@ $(am__append_35) $(am__append_37) \
+@MONOLITHIC_FALSE@ $(am__append_39) $(am__append_41) \
+@MONOLITHIC_FALSE@ $(am__append_43) $(am__append_45) \
+@MONOLITHIC_FALSE@ $(am__append_47) $(am__append_49) \
+@MONOLITHIC_FALSE@ $(am__append_51) $(am__append_53) \
+@MONOLITHIC_FALSE@ $(am__append_55) $(am__append_57) \
+@MONOLITHIC_FALSE@ $(am__append_59)
# build plugins with their own Makefile
#######################################
-SUBDIRS = . $(am__append_7) $(am__append_8) $(am__append_9) \
- $(am__append_10) $(am__append_11) $(am__append_12) \
- $(am__append_13) $(am__append_14) $(am__append_15) \
- $(am__append_16) $(am__append_17) $(am__append_18) \
- $(am__append_19) $(am__append_20) $(am__append_21) \
- $(am__append_22) $(am__append_23) $(am__append_24) \
- $(am__append_25) $(am__append_26) $(am__append_27) \
- $(am__append_28) $(am__append_29) $(am__append_30) \
- $(am__append_31) $(am__append_32) $(am__append_33) \
- $(am__append_34)
+@MONOLITHIC_TRUE@SUBDIRS = $(am__append_7) $(am__append_9) \
+@MONOLITHIC_TRUE@ $(am__append_11) $(am__append_13) \
+@MONOLITHIC_TRUE@ $(am__append_15) $(am__append_17) \
+@MONOLITHIC_TRUE@ $(am__append_19) $(am__append_21) \
+@MONOLITHIC_TRUE@ $(am__append_23) $(am__append_25) \
+@MONOLITHIC_TRUE@ $(am__append_27) $(am__append_29) \
+@MONOLITHIC_TRUE@ $(am__append_31) $(am__append_33) \
+@MONOLITHIC_TRUE@ $(am__append_35) $(am__append_37) \
+@MONOLITHIC_TRUE@ $(am__append_39) $(am__append_41) \
+@MONOLITHIC_TRUE@ $(am__append_43) $(am__append_45) \
+@MONOLITHIC_TRUE@ $(am__append_47) $(am__append_49) \
+@MONOLITHIC_TRUE@ $(am__append_51) $(am__append_53) \
+@MONOLITHIC_TRUE@ $(am__append_55) $(am__append_57) \
+@MONOLITHIC_TRUE@ $(am__append_59)
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-recursive
@@ -563,8 +620,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_parser.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attribute_manager.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attributes.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/backtrace.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/builder.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certificate.Plo@am__quote@
@@ -657,20 +712,6 @@ oid.lo: asn1/oid.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o oid.lo `test -f 'asn1/oid.c' || echo '$(srcdir)/'`asn1/oid.c
-attributes.lo: attributes/attributes.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attributes.lo -MD -MP -MF $(DEPDIR)/attributes.Tpo -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/attributes.Tpo $(DEPDIR)/attributes.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='attributes/attributes.c' object='attributes.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c
-
-attribute_manager.lo: attributes/attribute_manager.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attribute_manager.lo -MD -MP -MF $(DEPDIR)/attribute_manager.Tpo -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/attribute_manager.Tpo $(DEPDIR)/attribute_manager.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='attributes/attribute_manager.c' object='attribute_manager.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c
-
crypter.lo: crypto/crypters/crypter.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypter.lo -MD -MP -MF $(DEPDIR)/crypter.Tpo -c -o crypter.lo `test -f 'crypto/crypters/crypter.c' || echo '$(srcdir)/'`crypto/crypters/crypter.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/crypter.Tpo $(DEPDIR)/crypter.Plo
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 763caafc4..6264bdc54 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -19,7 +19,6 @@
#include <string.h>
#include <time.h>
-#include <utils.h>
#include <debug.h>
#include "oid.h"
@@ -134,7 +133,7 @@ size_t asn1_length(chunk_t *blob)
if (blob->len < 2)
{
- DBG2("insufficient number of octets to parse ASN.1 length");
+ DBG2(DBG_LIB, "insufficient number of octets to parse ASN.1 length");
return ASN1_INVALID_LENGTH;
}
@@ -146,7 +145,7 @@ size_t asn1_length(chunk_t *blob)
{ /* single length octet */
if (n > blob->len)
{
- DBG2("length is larger than remaining blob size");
+ DBG2(DBG_LIB, "length is larger than remaining blob size");
return ASN1_INVALID_LENGTH;
}
return n;
@@ -157,14 +156,14 @@ size_t asn1_length(chunk_t *blob)
if (n == 0 || n > blob->len)
{
- DBG2("number of length octets invalid");
+ DBG2(DBG_LIB, "number of length octets invalid");
return ASN1_INVALID_LENGTH;
}
if (n > sizeof(len))
{
- DBG2("number of length octets is larger than limit of %d octets",
- (int)sizeof(len));
+ DBG2(DBG_LIB, "number of length octets is larger than limit of"
+ " %d octets", (int)sizeof(len));
return ASN1_INVALID_LENGTH;
}
@@ -177,7 +176,7 @@ size_t asn1_length(chunk_t *blob)
}
if (len > blob->len)
{
- DBG2("length is larger than remaining blob size");
+ DBG2(DBG_LIB, "length is larger than remaining blob size");
return ASN1_INVALID_LENGTH;
}
return len;
@@ -377,7 +376,7 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private)
oid = asn1_known_oid(object);
if (oid != OID_UNKNOWN)
{
- DBG2(" '%s'", oid_names[oid].name);
+ DBG2(DBG_LIB, " '%s'", oid_names[oid].name);
return;
}
break;
@@ -386,14 +385,14 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private)
case ASN1_PRINTABLESTRING:
case ASN1_T61STRING:
case ASN1_VISIBLESTRING:
- DBG2(" '%.*s'", (int)object.len, object.ptr);
+ DBG2(DBG_LIB, " '%.*s'", (int)object.len, object.ptr);
return;
case ASN1_UTCTIME:
case ASN1_GENERALIZEDTIME:
{
time_t time = asn1_to_time(&object, type);
- DBG2(" '%T'", &time, TRUE);
+ DBG2(DBG_LIB, " '%T'", &time, TRUE);
}
return;
default:
@@ -401,11 +400,11 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private)
}
if (private)
{
- DBG4("%B", &object);
+ DBG4(DBG_LIB, "%B", &object);
}
else
{
- DBG3("%B", &object);
+ DBG3(DBG_LIB, "%B", &object);
}
}
@@ -419,13 +418,14 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c
/* an ASN.1 object must possess at least a tag and length field */
if (object->len < 2)
{
- DBG2("L%d - %s: ASN.1 object smaller than 2 octets", level, name);
+ DBG2(DBG_LIB, "L%d - %s: ASN.1 object smaller than 2 octets", level,
+ name);
return FALSE;
}
if (*object->ptr != type)
{
- DBG2("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
+ DBG2(DBG_LIB, "L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
level, name, type, *object->ptr);
return FALSE;
}
@@ -434,12 +434,12 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c
if (len == ASN1_INVALID_LENGTH || object->len < len)
{
- DBG2("L%d - %s: length of ASN.1 object invalid or too large",
+ DBG2(DBG_LIB, "L%d - %s: length of ASN.1 object invalid or too large",
level, name);
return FALSE;
}
- DBG2("L%d - %s:", level, name);
+ DBG2(DBG_LIB, "L%d - %s:", level, name);
asn1_debug_simple_object(*object, type, FALSE);
return TRUE;
}
@@ -501,7 +501,7 @@ bool is_asn1(chunk_t blob)
if (tag != ASN1_SEQUENCE && tag != ASN1_SET && tag != ASN1_OCTET_STRING)
{
- DBG2(" file content is not binary ASN.1");
+ DBG2(DBG_LIB, " file content is not binary ASN.1");
return FALSE;
}
@@ -519,7 +519,7 @@ bool is_asn1(chunk_t blob)
return TRUE;
}
- DBG2(" file size does not match ASN.1 coded length");
+ DBG2(DBG_LIB, " file size does not match ASN.1 coded length");
return FALSE;
}
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index d29190df7..866c28095 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -25,8 +25,7 @@
#include <stdarg.h>
-#include <utils.h>
-#include <chunk.h>
+#include <library.h>
/**
* Definition of some primitive ASN1 types
diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c
index dc7726ad7..3e5bbbabd 100644
--- a/src/libstrongswan/asn1/asn1_parser.c
+++ b/src/libstrongswan/asn1/asn1_parser.c
@@ -19,7 +19,6 @@
#include <string.h>
#include <time.h>
-#include <utils.h>
#include <debug.h>
#include "asn1.h"
@@ -123,7 +122,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
if ((obj.flags & ASN1_DEF) && (blob->len == 0 || *start_ptr != obj.type) )
{
/* field is missing */
- DBG2("L%d - %s:", level, obj.name);
+ DBG2(DBG_LIB, "L%d - %s:", level, obj.name);
if (obj.type & ASN1_CONSTRUCTED)
{
this->line++ ; /* skip context-specific tag */
@@ -150,7 +149,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
if (blob->len < 2)
{
- DBG1("L%d - %s: ASN.1 object smaller than 2 octets",
+ DBG1(DBG_LIB, "L%d - %s: ASN.1 object smaller than 2 octets",
level, obj.name);
this->success = FALSE;
goto end;
@@ -160,7 +159,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
if (blob1->len == ASN1_INVALID_LENGTH)
{
- DBG1("L%d - %s: length of ASN.1 object invalid or too large",
+ DBG1(DBG_LIB, "L%d - %s: length of ASN.1 object invalid or too large",
level, obj.name);
this->success = FALSE;
}
@@ -173,7 +172,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
if (obj.flags & ASN1_RAW)
{
- DBG2("L%d - %s:", level, obj.name);
+ DBG2(DBG_LIB, "L%d - %s:", level, obj.name);
object->ptr = start_ptr;
object->len = (size_t)(blob->ptr - start_ptr);
goto end;
@@ -181,14 +180,14 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
if (*start_ptr != obj.type && !(this->implicit && this->line == 0))
{
- DBG1("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
+ DBG1(DBG_LIB, "L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
level, obj.name, obj.type, *start_ptr);
- DBG3("%b", start_ptr, (u_int)(blob->ptr - start_ptr));
+ DBG3(DBG_LIB, "%b", start_ptr, (u_int)(blob->ptr - start_ptr));
this->success = FALSE;
goto end;
}
- DBG2("L%d - %s:", level, obj.name);
+ DBG2(DBG_LIB, "L%d - %s:", level, obj.name);
/* In case of "SEQUENCE OF" or "SET OF" start a loop */
if (obj.flags & ASN1_LOOP)
@@ -217,11 +216,11 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
object->len = (size_t)(blob->ptr - start_ptr);
if (this->private)
{
- DBG4("%B", object);
+ DBG4(DBG_LIB, "%B", object);
}
else
{
- DBG3("%B", object);
+ DBG3(DBG_LIB, "%B", object);
}
}
else if (obj.flags & ASN1_BODY)
diff --git a/src/libstrongswan/asn1/asn1_parser.h b/src/libstrongswan/asn1/asn1_parser.h
index 49325232d..0edc22c23 100644
--- a/src/libstrongswan/asn1/asn1_parser.h
+++ b/src/libstrongswan/asn1/asn1_parser.h
@@ -25,9 +25,9 @@
#include <stdarg.h>
-#include <utils.h>
-#include <chunk.h>
-#include <asn1/asn1.h>
+#include <library.h>
+
+#include "asn1.h"
/**
* Definition of ASN.1 flags
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index 32e2eb033..aa1fd31b0 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -41,6 +41,7 @@ extern const oid_t oid_names[];
#define OID_UNIQUE_IDENTIFIER 34
#define OID_ROLE 35
#define OID_SUBJECT_KEY_ID 38
+#define OID_KEY_USAGE 39
#define OID_SUBJECT_ALT_NAME 41
#define OID_BASIC_CONSTRAINTS 43
#define OID_CRL_NUMBER 44
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index 203bc1f28..5d729c2eb 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -37,7 +37,7 @@
0x1D "id-ce"
0x09 "subjectDirectoryAttrs"
0x0E "subjectKeyIdentifier" OID_SUBJECT_KEY_ID
- 0x0F "keyUsage"
+ 0x0F "keyUsage" OID_KEY_USAGE
0x10 "privateKeyUsagePeriod"
0x11 "subjectAltName" OID_SUBJECT_ALT_NAME
0x12 "issuerAltName"
diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c
index 86436e997..ef69eb4e7 100644
--- a/src/libstrongswan/chunk.c
+++ b/src/libstrongswan/chunk.c
@@ -22,8 +22,7 @@
#include <ctype.h>
#include "chunk.h"
-
-#include <debug.h>
+#include "debug.h"
/* required for chunk_hash */
#undef get16bits
@@ -222,7 +221,7 @@ bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force
if (!force && access(path, F_OK) == 0)
{
- DBG1(" %s file '%s' already exists", label, path);
+ DBG1(DBG_LIB, " %s file '%s' already exists", label, path);
return FALSE;
}
oldmask = umask(mask);
@@ -231,20 +230,21 @@ bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force
{
if (fwrite(chunk.ptr, sizeof(u_char), chunk.len, fd) == chunk.len)
{
- DBG1(" written %s file '%s' (%d bytes)",
+ DBG1(DBG_LIB, " written %s file '%s' (%d bytes)",
label, path, chunk.len);
good = TRUE;
}
else
{
- DBG1(" writing %s file '%s' failed: %s",
+ DBG1(DBG_LIB, " writing %s file '%s' failed: %s",
label, path, strerror(errno));
}
fclose(fd);
}
else
{
- DBG1(" could not open %s file '%s': %s", label, path, strerror(errno));
+ DBG1(DBG_LIB, " could not open %s file '%s': %s", label, path,
+ strerror(errno));
}
umask(oldmask);
return good;
@@ -497,7 +497,7 @@ bool chunk_printable(chunk_t chunk, chunk_t *sane, char replace)
* Described in header.
*
* The implementation is based on Paul Hsieh's SuperFastHash:
- * http://www.azillionmonkeys.com/qed/hash.html
+ * http://www.azillionmonkeys.com/qed/hash.html
*/
u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash)
{
diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h
index a526f4a89..f0f9a7366 100644
--- a/src/libstrongswan/chunk.h
+++ b/src/libstrongswan/chunk.h
@@ -42,7 +42,7 @@ struct chunk_t {
size_t len;
};
-#include <utils.h>
+#include "utils.h"
/**
* A { NULL, 0 }-chunk handy for initialization.
diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c
index 5139ad504..7cc7dbe0e 100644
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@@ -151,7 +151,7 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
{
names = certificate_type_names;
}
- DBG1("building %N - %N failed, tried %d builders",
+ DBG1(DBG_LIB, "building %N - %N failed, tried %d builders",
credential_type_names, type, names, subtype, failures);
}
this->recursive->set(this->recursive, (void*)level);
diff --git a/src/libstrongswan/credentials/keys/key_encoding.h b/src/libstrongswan/credentials/keys/key_encoding.h
index 384117166..d8435f4b4 100644
--- a/src/libstrongswan/credentials/keys/key_encoding.h
+++ b/src/libstrongswan/credentials/keys/key_encoding.h
@@ -79,7 +79,7 @@ enum key_encoding_type_t {
KEY_PRIV_ASN1_DER,
/** subjectPublicKeyInfo encoding */
KEY_PUB_SPKI_ASN1_DER,
- /** PEM oncoded PKCS#1 key */
+ /** PEM encoded PKCS#1 key */
KEY_PUB_PEM,
KEY_PRIV_PEM,
/** PGP key encoding */
diff --git a/src/libstrongswan/credentials/keys/shared_key.h b/src/libstrongswan/credentials/keys/shared_key.h
index fe7bc86be..d00b8d12e 100644
--- a/src/libstrongswan/credentials/keys/shared_key.h
+++ b/src/libstrongswan/credentials/keys/shared_key.h
@@ -41,6 +41,8 @@ enum shared_key_type_t {
SHARED_PRIVATE_KEY_PASS,
/** PIN to unlock a smartcard */
SHARED_PIN,
+ /** Calculated NT Hash = MD4(UTF-16LE(password)) */
+ SHARED_NT_HASH,
};
/**
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index 46b50329d..fee71953d 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -686,7 +686,7 @@ static void add_test_vector(private_crypto_factory_t *this,
case RANDOM_NUMBER_GENERATOR:
return this->tester->add_rng_vector(this->tester, vector);
default:
- DBG1("%N test vectors not supported, ignored",
+ DBG1(DBG_LIB, "%N test vectors not supported, ignored",
transform_type_names, type);
}
}
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 86daf65f9..76cc1cf2c 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -136,7 +136,7 @@ static bool test_crypter(private_crypto_tester_t *this,
crypter->destroy(crypter);
if (failed)
{
- DBG1("disabled %N: test vector %u failed",
+ DBG1(DBG_LIB, "disabled %N: test vector %u failed",
encryption_algorithm_names, alg, tested);
break;
}
@@ -144,14 +144,14 @@ static bool test_crypter(private_crypto_tester_t *this,
enumerator->destroy(enumerator);
if (!tested)
{
- DBG1("%s %N: no test vectors found",
+ DBG1(DBG_LIB, "%s %N: no test vectors found",
this->required ? "disabled" : "enabled ",
encryption_algorithm_names, alg);
return !this->required;
}
if (!failed)
{
- DBG1("enabled %N: passed %u test vectors",
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
encryption_algorithm_names, alg, tested);
}
return !failed;
@@ -183,7 +183,7 @@ static bool test_signer(private_crypto_tester_t *this,
signer = create(alg);
if (!signer)
{
- DBG1("disabled %N: creating instance failed",
+ DBG1(DBG_LIB, "disabled %N: creating instance failed",
integrity_algorithm_names, alg);
failed = TRUE;
break;
@@ -240,7 +240,7 @@ static bool test_signer(private_crypto_tester_t *this,
signer->destroy(signer);
if (failed)
{
- DBG1("disabled %N: test vector %u failed",
+ DBG1(DBG_LIB, "disabled %N: test vector %u failed",
integrity_algorithm_names, alg, tested);
break;
}
@@ -248,14 +248,14 @@ static bool test_signer(private_crypto_tester_t *this,
enumerator->destroy(enumerator);
if (!tested)
{
- DBG1("%s %N: no test vectors found",
+ DBG1(DBG_LIB, "%s %N: no test vectors found",
this->required ? "disabled" : "enabled ",
integrity_algorithm_names, alg);
return !this->required;
}
if (!failed)
{
- DBG1("enabled %N: passed %u test vectors",
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
integrity_algorithm_names, alg, tested);
}
return !failed;
@@ -287,7 +287,7 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
hasher = create(alg);
if (!hasher)
{
- DBG1("disabled %N: creating instance failed",
+ DBG1(DBG_LIB, "disabled %N: creating instance failed",
hash_algorithm_names, alg);
failed = TRUE;
break;
@@ -330,7 +330,7 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
hasher->destroy(hasher);
if (failed)
{
- DBG1("disabled %N: test vector %u failed",
+ DBG1(DBG_LIB, "disabled %N: test vector %u failed",
hash_algorithm_names, alg, tested);
break;
}
@@ -338,14 +338,14 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
enumerator->destroy(enumerator);
if (!tested)
{
- DBG1("%s %N: no test vectors found",
+ DBG1(DBG_LIB, "%s %N: no test vectors found",
this->required ? "disabled" : "enabled ",
hash_algorithm_names, alg);
return !this->required;
}
if (!failed)
{
- DBG1("enabled %N: passed %u test vectors",
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
hash_algorithm_names, alg, tested);
}
return !failed;
@@ -377,7 +377,7 @@ static bool test_prf(private_crypto_tester_t *this,
prf = create(alg);
if (!prf)
{
- DBG1("disabled %N: creating instance failed",
+ DBG1(DBG_LIB, "disabled %N: creating instance failed",
pseudo_random_function_names, alg);
failed = TRUE;
break;
@@ -431,7 +431,7 @@ static bool test_prf(private_crypto_tester_t *this,
prf->destroy(prf);
if (failed)
{
- DBG1("disabled %N: test vector %u failed",
+ DBG1(DBG_LIB, "disabled %N: test vector %u failed",
pseudo_random_function_names, alg, tested);
break;
}
@@ -439,14 +439,14 @@ static bool test_prf(private_crypto_tester_t *this,
enumerator->destroy(enumerator);
if (!tested)
{
- DBG1("%s %N: no test vectors found",
+ DBG1(DBG_LIB, "%s %N: no test vectors found",
this->required ? "disabled" : "enabled ",
pseudo_random_function_names, alg);
return !this->required;
}
if (!failed)
{
- DBG1("enabled %N: passed %u test vectors",
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
pseudo_random_function_names, alg, tested);
}
return !failed;
@@ -465,7 +465,7 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
if (!this->rng_true && quality == RNG_TRUE)
{
- DBG1("enabled %N: skipping test (disabled by config)",
+ DBG1(DBG_LIB, "enabled %N: skipping test (disabled by config)",
rng_quality_names, quality);
return TRUE;
}
@@ -485,7 +485,7 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
rng = create(quality);
if (!rng)
{
- DBG1("disabled %N: creating instance failed",
+ DBG1(DBG_LIB, "disabled %N: creating instance failed",
rng_quality_names, quality);
failed = TRUE;
break;
@@ -515,7 +515,7 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
rng->destroy(rng);
if (failed)
{
- DBG1("disabled %N: test vector %u failed",
+ DBG1(DBG_LIB, "disabled %N: test vector %u failed",
rng_quality_names, quality, tested);
break;
}
@@ -523,14 +523,14 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
enumerator->destroy(enumerator);
if (!tested)
{
- DBG1("%s %N: no test vectors found",
+ DBG1(DBG_LIB, "%s %N: no test vectors found",
this->required ? ", disabled" : "enabled ",
rng_quality_names, quality);
return !this->required;
}
if (!failed)
{
- DBG1("enabled %N: passed %u test vectors",
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
rng_quality_names, quality, tested);
}
return !failed;
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 18d532697..9bd8991fc 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2005-2008 Martin Willi
+ * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -31,10 +32,412 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
"ECP_256",
"ECP_384",
"ECP_521");
-ENUM_NEXT(diffie_hellman_group_names, ECP_192_BIT, ECP_224_BIT, ECP_521_BIT,
+ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_224_BIT, ECP_521_BIT,
+ "MODP_1024_160",
+ "MODP_2048_224",
+ "MODP_2048_256",
"ECP_192",
"ECP_224");
ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_224_BIT,
"MODP_NULL");
ENUM_END(diffie_hellman_group_names, MODP_NULL);
+
+/**
+ * List of known diffie hellman group parameters.
+ */
+static struct {
+ /* Public part of the struct */
+ diffie_hellman_params_t public;
+ /* The group identifier as specified in IKEv2 */
+ diffie_hellman_group_t group;
+ /* Optimal length of the exponent (in bytes), as specified in RFC 3526. */
+ size_t opt_exp;
+} dh_params[] = {
+ {
+ .group = MODP_768_BIT, .opt_exp = 32, .public = {
+ .generator = chunk_from_chars(0x02),
+ .prime = chunk_from_chars(
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+ },
+ },{
+ .group = MODP_1024_BIT, .opt_exp = 32, .public = {
+ .generator = chunk_from_chars(0x02),
+ .prime = chunk_from_chars(
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+ },
+ },{
+ .group = MODP_1536_BIT, .opt_exp = 32, .public = {
+ .generator = chunk_from_chars(0x02),
+ .prime = chunk_from_chars(
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+ 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+ 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+ 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+ },
+ },{
+ .group = MODP_2048_BIT, .opt_exp = 48, .public = {
+ .generator = chunk_from_chars(0x02),
+ .prime = chunk_from_chars(
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+ 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+ 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+ 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+ 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+ 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+ },
+ },{
+ .group = MODP_3072_BIT, .opt_exp = 48, .public = {
+ .generator = chunk_from_chars(0x02),
+ .prime = chunk_from_chars(
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+ 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+ 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+ 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+ 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+ 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+ 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+ 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+ 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+ 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+ 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+ 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+ 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+ 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+ },
+ },{
+ .group = MODP_4096_BIT, .opt_exp = 64, .public = {
+ .generator = chunk_from_chars(0x02),
+ .prime = chunk_from_chars(
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+ 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+ 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+ 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+ 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+ 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+ 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+ 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+ 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+ 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+ 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+ 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+ 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+ 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+ 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
+ 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
+ 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+ 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
+ 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
+ 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+ 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
+ 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+ },
+ },{
+ .group = MODP_6144_BIT, .opt_exp = 64, .public = {
+ .generator = chunk_from_chars(0x02),
+ .prime = chunk_from_chars(
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+ 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+ 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+ 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+ 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+ 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+ 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+ 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+ 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+ 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+ 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+ 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+ 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+ 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+ 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
+ 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
+ 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+ 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
+ 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
+ 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+ 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
+ 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
+ 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+ 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
+ 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
+ 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+ 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
+ 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
+ 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+ 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
+ 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
+ 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+ 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
+ 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
+ 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+ 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
+ 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
+ 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+ },
+ },{
+ .group = MODP_8192_BIT, .opt_exp = 64, .public = {
+ .generator = chunk_from_chars(0x02),
+ .prime = chunk_from_chars(
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+ 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+ 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+ 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+ 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+ 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+ 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+ 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+ 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+ 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+ 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+ 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+ 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+ 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+ 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
+ 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
+ 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+ 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
+ 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
+ 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+ 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
+ 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
+ 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+ 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
+ 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
+ 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+ 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
+ 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
+ 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+ 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
+ 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
+ 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+ 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
+ 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
+ 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+ 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
+ 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
+ 0xE6,0x94,0xF9,0x1E,0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
+ 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,0x73,0xB9,0x31,0xBA,
+ 0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,
+ 0x25,0x76,0xF6,0x93,0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
+ 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,0xE3,0x9D,0x65,0x2D,
+ 0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,
+ 0x13,0xEB,0x57,0xA8,0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
+ 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,0xA2,0xC0,0x87,0xE8,
+ 0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,
+ 0x6D,0x2A,0x13,0xF8,0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
+ 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,0x08,0x46,0x85,0x1D,
+ 0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,
+ 0xFA,0xF3,0x6B,0xC3,0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
+ 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B,
+ 0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,
+ 0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
+ 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+ },
+ },{
+ .group = MODP_1024_160, .opt_exp = 20, .public = {
+ .subgroup = chunk_from_chars(
+ 0xF5,0x18,0xAA,0x87,0x81,0xA8,0xDF,0x27,0x8A,0xBA,0x4E,0x7D,0x64,0xB7,0xCB,0x9D,
+ 0x49,0x46,0x23,0x53),
+ .generator = chunk_from_chars(
+ 0xA4,0xD1,0xCB,0xD5,0xC3,0xFD,0x34,0x12,0x67,0x65,0xA4,0x42,0xEF,0xB9,0x99,0x05,
+ 0xF8,0x10,0x4D,0xD2,0x58,0xAC,0x50,0x7F,0xD6,0x40,0x6C,0xFF,0x14,0x26,0x6D,0x31,
+ 0x26,0x6F,0xEA,0x1E,0x5C,0x41,0x56,0x4B,0x77,0x7E,0x69,0x0F,0x55,0x04,0xF2,0x13,
+ 0x16,0x02,0x17,0xB4,0xB0,0x1B,0x88,0x6A,0x5E,0x91,0x54,0x7F,0x9E,0x27,0x49,0xF4,
+ 0xD7,0xFB,0xD7,0xD3,0xB9,0xA9,0x2E,0xE1,0x90,0x9D,0x0D,0x22,0x63,0xF8,0x0A,0x76,
+ 0xA6,0xA2,0x4C,0x08,0x7A,0x09,0x1F,0x53,0x1D,0xBF,0x0A,0x01,0x69,0xB6,0xA2,0x8A,
+ 0xD6,0x62,0xA4,0xD1,0x8E,0x73,0xAF,0xA3,0x2D,0x77,0x9D,0x59,0x18,0xD0,0x8B,0xC8,
+ 0x85,0x8F,0x4D,0xCE,0xF9,0x7C,0x2A,0x24,0x85,0x5E,0x6E,0xEB,0x22,0xB3,0xB2,0xE5),
+ .prime = chunk_from_chars(
+ 0xB1,0x0B,0x8F,0x96,0xA0,0x80,0xE0,0x1D,0xDE,0x92,0xDE,0x5E,0xAE,0x5D,0x54,0xEC,
+ 0x52,0xC9,0x9F,0xBC,0xFB,0x06,0xA3,0xC6,0x9A,0x6A,0x9D,0xCA,0x52,0xD2,0x3B,0x61,
+ 0x60,0x73,0xE2,0x86,0x75,0xA2,0x3D,0x18,0x98,0x38,0xEF,0x1E,0x2E,0xE6,0x52,0xC0,
+ 0x13,0xEC,0xB4,0xAE,0xA9,0x06,0x11,0x23,0x24,0x97,0x5C,0x3C,0xD4,0x9B,0x83,0xBF,
+ 0xAC,0xCB,0xDD,0x7D,0x90,0xC4,0xBD,0x70,0x98,0x48,0x8E,0x9C,0x21,0x9A,0x73,0x72,
+ 0x4E,0xFF,0xD6,0xFA,0xE5,0x64,0x47,0x38,0xFA,0xA3,0x1A,0x4F,0xF5,0x5B,0xCC,0xC0,
+ 0xA1,0x51,0xAF,0x5F,0x0D,0xC8,0xB4,0xBD,0x45,0xBF,0x37,0xDF,0x36,0x5C,0x1A,0x65,
+ 0xE6,0x8C,0xFD,0xA7,0x6D,0x4D,0xA7,0x08,0xDF,0x1F,0xB2,0xBC,0x2E,0x4A,0x43,0x71),
+ },
+ }, {
+ .group = MODP_2048_224, .opt_exp = 28, .public = {
+ .subgroup = chunk_from_chars(
+ 0x80,0x1C,0x0D,0x34,0xC5,0x8D,0x93,0xFE,0x99,0x71,0x77,0x10,0x1F,0x80,0x53,0x5A,
+ 0x47,0x38,0xCE,0xBC,0xBF,0x38,0x9A,0x99,0xB3,0x63,0x71,0xEB),
+ .generator = chunk_from_chars(
+ 0xAC,0x40,0x32,0xEF,0x4F,0x2D,0x9A,0xE3,0x9D,0xF3,0x0B,0x5C,0x8F,0xFD,0xAC,0x50,
+ 0x6C,0xDE,0xBE,0x7B,0x89,0x99,0x8C,0xAF,0x74,0x86,0x6A,0x08,0xCF,0xE4,0xFF,0xE3,
+ 0xA6,0x82,0x4A,0x4E,0x10,0xB9,0xA6,0xF0,0xDD,0x92,0x1F,0x01,0xA7,0x0C,0x4A,0xFA,
+ 0xAB,0x73,0x9D,0x77,0x00,0xC2,0x9F,0x52,0xC5,0x7D,0xB1,0x7C,0x62,0x0A,0x86,0x52,
+ 0xBE,0x5E,0x90,0x01,0xA8,0xD6,0x6A,0xD7,0xC1,0x76,0x69,0x10,0x19,0x99,0x02,0x4A,
+ 0xF4,0xD0,0x27,0x27,0x5A,0xC1,0x34,0x8B,0xB8,0xA7,0x62,0xD0,0x52,0x1B,0xC9,0x8A,
+ 0xE2,0x47,0x15,0x04,0x22,0xEA,0x1E,0xD4,0x09,0x93,0x9D,0x54,0xDA,0x74,0x60,0xCD,
+ 0xB5,0xF6,0xC6,0xB2,0x50,0x71,0x7C,0xBE,0xF1,0x80,0xEB,0x34,0x11,0x8E,0x98,0xD1,
+ 0x19,0x52,0x9A,0x45,0xD6,0xF8,0x34,0x56,0x6E,0x30,0x25,0xE3,0x16,0xA3,0x30,0xEF,
+ 0xBB,0x77,0xA8,0x6F,0x0C,0x1A,0xB1,0x5B,0x05,0x1A,0xE3,0xD4,0x28,0xC8,0xF8,0xAC,
+ 0xB7,0x0A,0x81,0x37,0x15,0x0B,0x8E,0xEB,0x10,0xE1,0x83,0xED,0xD1,0x99,0x63,0xDD,
+ 0xD9,0xE2,0x63,0xE4,0x77,0x05,0x89,0xEF,0x6A,0xA2,0x1E,0x7F,0x5F,0x2F,0xF3,0x81,
+ 0xB5,0x39,0xCC,0xE3,0x40,0x9D,0x13,0xCD,0x56,0x6A,0xFB,0xB4,0x8D,0x6C,0x01,0x91,
+ 0x81,0xE1,0xBC,0xFE,0x94,0xB3,0x02,0x69,0xED,0xFE,0x72,0xFE,0x9B,0x6A,0xA4,0xBD,
+ 0x7B,0x5A,0x0F,0x1C,0x71,0xCF,0xFF,0x4C,0x19,0xC4,0x18,0xE1,0xF6,0xEC,0x01,0x79,
+ 0x81,0xBC,0x08,0x7F,0x2A,0x70,0x65,0xB3,0x84,0xB8,0x90,0xD3,0x19,0x1F,0x2B,0xFA),
+ .prime = chunk_from_chars(
+ 0xAD,0x10,0x7E,0x1E,0x91,0x23,0xA9,0xD0,0xD6,0x60,0xFA,0xA7,0x95,0x59,0xC5,0x1F,
+ 0xA2,0x0D,0x64,0xE5,0x68,0x3B,0x9F,0xD1,0xB5,0x4B,0x15,0x97,0xB6,0x1D,0x0A,0x75,
+ 0xE6,0xFA,0x14,0x1D,0xF9,0x5A,0x56,0xDB,0xAF,0x9A,0x3C,0x40,0x7B,0xA1,0xDF,0x15,
+ 0xEB,0x3D,0x68,0x8A,0x30,0x9C,0x18,0x0E,0x1D,0xE6,0xB8,0x5A,0x12,0x74,0xA0,0xA6,
+ 0x6D,0x3F,0x81,0x52,0xAD,0x6A,0xC2,0x12,0x90,0x37,0xC9,0xED,0xEF,0xDA,0x4D,0xF8,
+ 0xD9,0x1E,0x8F,0xEF,0x55,0xB7,0x39,0x4B,0x7A,0xD5,0xB7,0xD0,0xB6,0xC1,0x22,0x07,
+ 0xC9,0xF9,0x8D,0x11,0xED,0x34,0xDB,0xF6,0xC6,0xBA,0x0B,0x2C,0x8B,0xBC,0x27,0xBE,
+ 0x6A,0x00,0xE0,0xA0,0xB9,0xC4,0x97,0x08,0xB3,0xBF,0x8A,0x31,0x70,0x91,0x88,0x36,
+ 0x81,0x28,0x61,0x30,0xBC,0x89,0x85,0xDB,0x16,0x02,0xE7,0x14,0x41,0x5D,0x93,0x30,
+ 0x27,0x82,0x73,0xC7,0xDE,0x31,0xEF,0xDC,0x73,0x10,0xF7,0x12,0x1F,0xD5,0xA0,0x74,
+ 0x15,0x98,0x7D,0x9A,0xDC,0x0A,0x48,0x6D,0xCD,0xF9,0x3A,0xCC,0x44,0x32,0x83,0x87,
+ 0x31,0x5D,0x75,0xE1,0x98,0xC6,0x41,0xA4,0x80,0xCD,0x86,0xA1,0xB9,0xE5,0x87,0xE8,
+ 0xBE,0x60,0xE6,0x9C,0xC9,0x28,0xB2,0xB9,0xC5,0x21,0x72,0xE4,0x13,0x04,0x2E,0x9B,
+ 0x23,0xF1,0x0B,0x0E,0x16,0xE7,0x97,0x63,0xC9,0xB5,0x3D,0xCF,0x4B,0xA8,0x0A,0x29,
+ 0xE3,0xFB,0x73,0xC1,0x6B,0x8E,0x75,0xB9,0x7E,0xF3,0x63,0xE2,0xFF,0xA3,0x1F,0x71,
+ 0xCF,0x9D,0xE5,0x38,0x4E,0x71,0xB8,0x1C,0x0A,0xC4,0xDF,0xFE,0x0C,0x10,0xE6,0x4F)
+ },
+ },{
+ .group = MODP_2048_256, .opt_exp = 32, .public = {
+ .subgroup = chunk_from_chars(
+ 0x8C,0xF8,0x36,0x42,0xA7,0x09,0xA0,0x97,0xB4,0x47,0x99,0x76,0x40,0x12,0x9D,0xA2,
+ 0x99,0xB1,0xA4,0x7D,0x1E,0xB3,0x75,0x0B,0xA3,0x08,0xB0,0xFE,0x64,0xF5,0xFB,0xD3),
+ .generator = chunk_from_chars(
+ 0x3F,0xB3,0x2C,0x9B,0x73,0x13,0x4D,0x0B,0x2E,0x77,0x50,0x66,0x60,0xED,0xBD,0x48,
+ 0x4C,0xA7,0xB1,0x8F,0x21,0xEF,0x20,0x54,0x07,0xF4,0x79,0x3A,0x1A,0x0B,0xA1,0x25,
+ 0x10,0xDB,0xC1,0x50,0x77,0xBE,0x46,0x3F,0xFF,0x4F,0xED,0x4A,0xAC,0x0B,0xB5,0x55,
+ 0xBE,0x3A,0x6C,0x1B,0x0C,0x6B,0x47,0xB1,0xBC,0x37,0x73,0xBF,0x7E,0x8C,0x6F,0x62,
+ 0x90,0x12,0x28,0xF8,0xC2,0x8C,0xBB,0x18,0xA5,0x5A,0xE3,0x13,0x41,0x00,0x0A,0x65,
+ 0x01,0x96,0xF9,0x31,0xC7,0x7A,0x57,0xF2,0xDD,0xF4,0x63,0xE5,0xE9,0xEC,0x14,0x4B,
+ 0x77,0x7D,0xE6,0x2A,0xAA,0xB8,0xA8,0x62,0x8A,0xC3,0x76,0xD2,0x82,0xD6,0xED,0x38,
+ 0x64,0xE6,0x79,0x82,0x42,0x8E,0xBC,0x83,0x1D,0x14,0x34,0x8F,0x6F,0x2F,0x91,0x93,
+ 0xB5,0x04,0x5A,0xF2,0x76,0x71,0x64,0xE1,0xDF,0xC9,0x67,0xC1,0xFB,0x3F,0x2E,0x55,
+ 0xA4,0xBD,0x1B,0xFF,0xE8,0x3B,0x9C,0x80,0xD0,0x52,0xB9,0x85,0xD1,0x82,0xEA,0x0A,
+ 0xDB,0x2A,0x3B,0x73,0x13,0xD3,0xFE,0x14,0xC8,0x48,0x4B,0x1E,0x05,0x25,0x88,0xB9,
+ 0xB7,0xD2,0xBB,0xD2,0xDF,0x01,0x61,0x99,0xEC,0xD0,0x6E,0x15,0x57,0xCD,0x09,0x15,
+ 0xB3,0x35,0x3B,0xBB,0x64,0xE0,0xEC,0x37,0x7F,0xD0,0x28,0x37,0x0D,0xF9,0x2B,0x52,
+ 0xC7,0x89,0x14,0x28,0xCD,0xC6,0x7E,0xB6,0x18,0x4B,0x52,0x3D,0x1D,0xB2,0x46,0xC3,
+ 0x2F,0x63,0x07,0x84,0x90,0xF0,0x0E,0xF8,0xD6,0x47,0xD1,0x48,0xD4,0x79,0x54,0x51,
+ 0x5E,0x23,0x27,0xCF,0xEF,0x98,0xC5,0x82,0x66,0x4B,0x4C,0x0F,0x6C,0xC4,0x16,0x59),
+ .prime = chunk_from_chars(
+ 0x87,0xA8,0xE6,0x1D,0xB4,0xB6,0x66,0x3C,0xFF,0xBB,0xD1,0x9C,0x65,0x19,0x59,0x99,
+ 0x8C,0xEE,0xF6,0x08,0x66,0x0D,0xD0,0xF2,0x5D,0x2C,0xEE,0xD4,0x43,0x5E,0x3B,0x00,
+ 0xE0,0x0D,0xF8,0xF1,0xD6,0x19,0x57,0xD4,0xFA,0xF7,0xDF,0x45,0x61,0xB2,0xAA,0x30,
+ 0x16,0xC3,0xD9,0x11,0x34,0x09,0x6F,0xAA,0x3B,0xF4,0x29,0x6D,0x83,0x0E,0x9A,0x7C,
+ 0x20,0x9E,0x0C,0x64,0x97,0x51,0x7A,0xBD,0x5A,0x8A,0x9D,0x30,0x6B,0xCF,0x67,0xED,
+ 0x91,0xF9,0xE6,0x72,0x5B,0x47,0x58,0xC0,0x22,0xE0,0xB1,0xEF,0x42,0x75,0xBF,0x7B,
+ 0x6C,0x5B,0xFC,0x11,0xD4,0x5F,0x90,0x88,0xB9,0x41,0xF5,0x4E,0xB1,0xE5,0x9B,0xB8,
+ 0xBC,0x39,0xA0,0xBF,0x12,0x30,0x7F,0x5C,0x4F,0xDB,0x70,0xC5,0x81,0xB2,0x3F,0x76,
+ 0xB6,0x3A,0xCA,0xE1,0xCA,0xA6,0xB7,0x90,0x2D,0x52,0x52,0x67,0x35,0x48,0x8A,0x0E,
+ 0xF1,0x3C,0x6D,0x9A,0x51,0xBF,0xA4,0xAB,0x3A,0xD8,0x34,0x77,0x96,0x52,0x4D,0x8E,
+ 0xF6,0xA1,0x67,0xB5,0xA4,0x18,0x25,0xD9,0x67,0xE1,0x44,0xE5,0x14,0x05,0x64,0x25,
+ 0x1C,0xCA,0xCB,0x83,0xE6,0xB4,0x86,0xF6,0xB3,0xCA,0x3F,0x79,0x71,0x50,0x60,0x26,
+ 0xC0,0xB8,0x57,0xF6,0x89,0x96,0x28,0x56,0xDE,0xD4,0x01,0x0A,0xBD,0x0B,0xE6,0x21,
+ 0xC3,0xA3,0x96,0x0A,0x54,0xE7,0x10,0xC3,0x75,0xF2,0x63,0x75,0xD7,0x01,0x41,0x03,
+ 0xA4,0xB5,0x43,0x30,0xC1,0x98,0xAF,0x12,0x61,0x16,0xD2,0x27,0x6E,0x11,0x71,0x5F,
+ 0x69,0x38,0x77,0xFA,0xD7,0xEF,0x09,0xCA,0xDB,0x09,0x4A,0xE9,0x1E,0x1A,0x15,0x97)
+ },
+ },
+};
+
+/**
+ * Described in header.
+ */
+diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group)
+{
+ int i;
+
+ for (i = 0; i < countof(dh_params); i++)
+ {
+ if (dh_params[i].group == group)
+ {
+ if (!dh_params[i].public.exp_len)
+ {
+ if (!dh_params[i].public.subgroup.len &&
+ lib->settings->get_int(lib->settings,
+ "libstrongswan.dh_exponent_ansi_x9_42", TRUE))
+ {
+ dh_params[i].public.exp_len = dh_params[i].public.prime.len;
+ }
+ else
+ {
+ dh_params[i].public.exp_len = dh_params[i].opt_exp;
+ }
+ }
+ return &dh_params[i].public;
+ }
+ }
+ return NULL;
+}
+
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index 842938c3b..cdc9c785e 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2010 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -24,6 +25,7 @@
typedef enum diffie_hellman_group_t diffie_hellman_group_t;
typedef struct diffie_hellman_t diffie_hellman_t;
+typedef struct diffie_hellman_params_t diffie_hellman_params_t;
#include <library.h>
@@ -48,6 +50,9 @@ enum diffie_hellman_group_t {
ECP_256_BIT = 19,
ECP_384_BIT = 20,
ECP_521_BIT = 21,
+ MODP_1024_160 = 22,
+ MODP_2048_224 = 23,
+ MODP_2048_256 = 24,
ECP_192_BIT = 25,
ECP_224_BIT = 26,
/** insecure NULL diffie hellman group for testing, in PRIVATE USE */
@@ -70,8 +75,8 @@ struct diffie_hellman_t {
* Space for returned secret is allocated and must be
* freed by the caller.
*
- * @param secret shared secret will be written into this chunk
- * @return SUCCESS, FAILED if not both DH values are set
+ * @param secret shared secret will be written into this chunk
+ * @return SUCCESS, FAILED if not both DH values are set
*/
status_t (*get_shared_secret) (diffie_hellman_t *this, chunk_t *secret);
@@ -80,7 +85,7 @@ struct diffie_hellman_t {
*
* Chunk gets cloned and can be destroyed afterwards.
*
- * @param value public value of partner
+ * @param value public value of partner
*/
void (*set_other_public_value) (diffie_hellman_t *this, chunk_t value);
@@ -106,4 +111,38 @@ struct diffie_hellman_t {
void (*destroy) (diffie_hellman_t *this);
};
+/**
+ * Parameters for a specific diffie hellman group.
+ */
+struct diffie_hellman_params_t {
+
+ /**
+ * The prime of the group
+ */
+ const chunk_t prime;
+
+ /**
+ * Generator of the group
+ */
+ const chunk_t generator;
+
+ /**
+ * Exponent length to use
+ */
+ size_t exp_len;
+
+ /**
+ * Prime order subgroup; for MODP Groups 22-24
+ */
+ const chunk_t subgroup;
+};
+
+/**
+ * Get the parameters associated with the specified diffie hellman group.
+ *
+ * @param group DH group
+ * @return The parameters or NULL, if the group is not supported
+ */
+diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group);
+
#endif /** DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
index 75816e8b3..a43dde7ea 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -59,12 +59,12 @@ struct proposal_token {
u_int16_t keysize;
};
-#define TOTAL_KEYWORDS 89
+#define TOTAL_KEYWORDS 95
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 12
-#define MIN_HASH_VALUE 4
-#define MAX_HASH_VALUE 123
-/* maximum key range = 120, duplicates = 0 */
+#define MIN_HASH_VALUE 5
+#define MAX_HASH_VALUE 137
+/* maximum key range = 133, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -80,32 +80,32 @@ hash (str, len)
{
static const unsigned char asso_values[] =
{
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 11,
- 2, 23, 5, 27, 21, 8, 5, 0, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 22, 124, 24, 0, 1,
- 8, 2, 50, 0, 11, 54, 124, 124, 0, 124,
- 42, 0, 124, 124, 5, 9, 34, 6, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
- 124, 124, 124, 124, 124, 124, 124
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 3, 11,
+ 2, 23, 29, 27, 21, 16, 5, 0, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 17, 138, 1, 0, 1,
+ 9, 9, 50, 0, 4, 54, 138, 138, 1, 138,
+ 35, 0, 138, 138, 71, 3, 38, 22, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+ 138, 138, 138, 138, 138, 138, 138
};
register int hval = len;
@@ -135,108 +135,115 @@ hash (str, len)
static const struct proposal_token wordlist[] =
{
- {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0},
- {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
- {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
- {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
- {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
- {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
- {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
- {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
- {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
- {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
- {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
- {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
- {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
- {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
- {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
- {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
- {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
- {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
- {"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
- {"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
- {"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
- {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
- {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
- {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
- {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
- {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
- {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
- {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
- {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
- {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
- {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
- {"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
- {"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
- {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
- {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
- {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
- {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
- {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
- {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
- {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
- {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
- {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
- {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
- {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
- {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
- {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
- {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
- {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
- {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
- {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
- {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
- {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
- {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
- {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
- {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
- {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
- {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
- {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
- {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
- {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
- {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
- {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
- {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
- {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
- {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
- {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
- {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
- {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
- {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
- {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
- {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
- {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
- {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
- {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
- {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
- {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
- {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}
+ {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0},
+ {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
+ {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
+ {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
+ {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
+ {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
+ {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
+ {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
+ {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
+ {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
+ {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
+ {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
+ {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
+ {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
+ {"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
+ {"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
+ {"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
+ {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
+ {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
+ {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
+ {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
+ {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
+ {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
+ {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
+ {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
+ {"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
+ {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
+ {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
+ {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
+ {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
+ {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
+ {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
+ {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
+ {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
+ {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
+ {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
+ {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
+ {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
+ {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
+ {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
+ {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
+ {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
+ {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
+ {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
+ {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
+ {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
+ {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
+ {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
+ {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
+ {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
+ {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
+ {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
+ {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
+ {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
+ {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
+ {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
+ {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
+ {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
+ {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
+ {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0},
+ {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
+ {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
+ {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
+ {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
+ {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
+ {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
+ {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
+ {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
+ {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
+ {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}
};
static const short lookup[] =
{
- -1, -1, -1, -1, 0, -1, -1, -1, 1, -1, 2, -1, 3, 4,
- 5, 6, -1, 7, 8, -1, 9, 10, 11, 12, 13, 14, 15, 16,
- 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, -1,
- 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43,
- 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57,
- 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, -1, 70,
- 71, 72, -1, -1, 73, 74, 75, 76, 77, -1, 78, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, 79, 80, -1, -1, -1, -1, -1, 81,
- 82, 83, -1, 84, -1, -1, -1, 85, -1, 86, 87, 88
+ -1, -1, -1, -1, -1, 0, 1, -1, 2, -1, 3, -1, 4, 5,
+ 6, 7, -1, -1, -1, -1, 8, 9, 10, 11, 12, 13, 14, 15,
+ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, 26, -1, -1,
+ 27, 28, 29, 30, 31, 32, 33, -1, 34, 35, 36, 37, 38, 39,
+ 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53,
+ 54, 55, 56, 57, 58, -1, 59, 60, 61, 62, 63, 64, 65, 66,
+ 67, 68, -1, 69, 70, 71, 72, 73, 74, 75, 76, -1, -1, 77,
+ 78, 79, 80, 81, -1, -1, 82, 83, -1, -1, 84, 85, -1, 86,
+ 87, 88, 89, -1, -1, -1, -1, -1, -1, -1, 90, 91, -1, -1,
+ -1, -1, -1, -1, 92, -1, 93, -1, -1, -1, -1, 94
};
#ifdef __GNUC__
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
index 139d689ca..338993821 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
@@ -29,92 +29,98 @@ struct proposal_token {
u_int16_t keysize;
};
%%
-null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0
-des, ENCRYPTION_ALGORITHM, ENCR_DES, 0
-3des, ENCRYPTION_ALGORITHM, ENCR_3DES, 0
-aes, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128
-aes128, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128
-aes192, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192
-aes256, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256
-aes128ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128
-aes192ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192
-aes256ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256
-aes128ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128
-aes128ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128
-aes128ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128
-aes128ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128
-aes128ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128
-aes128ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128
-aes192ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192
-aes192ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192
-aes192ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192
-aes192ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192
-aes192ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192
-aes192ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192
-aes256ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256
-aes256ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256
-aes256ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256
-aes256ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256
-aes256ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256
-aes256ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256
-aes128gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128
-aes128gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128
-aes128gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128
-aes128gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128
-aes128gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128
-aes128gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128
-aes192gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192
-aes192gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192
-aes192gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192
-aes192gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192
-aes192gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192
-aes192gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192
-aes256gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256
-aes256gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256
-aes256gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256
-aes256gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256
-aes256gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256
-aes256gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256
-blowfish, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128
-blowfish128, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128
-blowfish192, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192
-blowfish256, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256
-camellia, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128
-camellia128, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128
-camellia192, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192
-camellia256, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256
-cast128, ENCRYPTION_ALGORITHM, ENCR_CAST, 128
-serpent, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128
-serpent128, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128
-serpent192, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192
-serpent256, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256
-twofish, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128
-twofish128, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128
-twofish192, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192
-twofish256, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256
-sha, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
-sha1, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
-sha256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
-sha2_256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
-sha256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0
-sha2_256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0
-sha384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
-sha2_384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
-sha512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0
-sha2_512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0
-md5, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0
-aesxcbc, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0
-modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0
-modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0
-modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0
-modp1536, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0
-modp2048, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0
-modp3072, DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0
-modp4096, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0
-modp6144, DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0
-modp8192, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0
-ecp192, DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0
-ecp224, DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0
-ecp256, DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0
-ecp384, DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0
-ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0
+null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0
+des, ENCRYPTION_ALGORITHM, ENCR_DES, 0
+3des, ENCRYPTION_ALGORITHM, ENCR_3DES, 0
+aes, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128
+aes128, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128
+aes192, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192
+aes256, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256
+aes128ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128
+aes192ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192
+aes256ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256
+aes128ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128
+aes128ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128
+aes128ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128
+aes128ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128
+aes128ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128
+aes128ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128
+aes192ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192
+aes192ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192
+aes192ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192
+aes192ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192
+aes192ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192
+aes192ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192
+aes256ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256
+aes256ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256
+aes256ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256
+aes256ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256
+aes256ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256
+aes256ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256
+aes128gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128
+aes128gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128
+aes128gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128
+aes128gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128
+aes128gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128
+aes128gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128
+aes192gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192
+aes192gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192
+aes192gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192
+aes192gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192
+aes192gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192
+aes192gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192
+aes256gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256
+aes256gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256
+aes256gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256
+aes256gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256
+aes256gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256
+aes256gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256
+aes128gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128
+aes192gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192
+aes256gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256
+blowfish, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128
+blowfish128, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128
+blowfish192, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192
+blowfish256, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256
+camellia, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128
+camellia128, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128
+camellia192, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192
+camellia256, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256
+cast128, ENCRYPTION_ALGORITHM, ENCR_CAST, 128
+serpent, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128
+serpent128, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128
+serpent192, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192
+serpent256, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256
+twofish, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128
+twofish128, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128
+twofish192, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192
+twofish256, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256
+sha, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
+sha1, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
+sha256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
+sha2_256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
+sha256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0
+sha2_256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0
+sha384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
+sha2_384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
+sha512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0
+sha2_512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0
+md5, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0
+aesxcbc, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0
+modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0
+modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0
+modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0
+modp1536, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0
+modp2048, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0
+modp3072, DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0
+modp4096, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0
+modp6144, DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0
+modp8192, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0
+ecp192, DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0
+ecp224, DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0
+ecp256, DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0
+ecp384, DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0
+ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0
+modp1024s160, DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0
+modp2048s224, DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0
+modp2048s256, DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0
diff --git a/src/libstrongswan/debug.c b/src/libstrongswan/debug.c
index 51b7875d8..21a7e63dd 100644
--- a/src/libstrongswan/debug.c
+++ b/src/libstrongswan/debug.c
@@ -17,10 +17,36 @@
#include "debug.h"
+ENUM(debug_names, DBG_DMN, DBG_LIB,
+ "DMN",
+ "MGR",
+ "IKE",
+ "CHD",
+ "JOB",
+ "CFG",
+ "KNL",
+ "NET",
+ "ENC",
+ "LIB",
+);
+
+ENUM(debug_lower_names, DBG_DMN, DBG_LIB,
+ "dmn",
+ "mgr",
+ "ike",
+ "chd",
+ "job",
+ "cfg",
+ "knl",
+ "net",
+ "enc",
+ "lib",
+);
+
/**
* level logged by the default logger
*/
-static int default_level = 1;
+static level_t default_level = 1;
/**
* stream logged to by the default logger
@@ -30,7 +56,7 @@ static FILE *default_stream = NULL;
/**
* default dbg function which printf all to stderr
*/
-void dbg_default(int level, char *fmt, ...)
+void dbg_default(debug_t group, level_t level, char *fmt, ...)
{
if (!default_stream)
{
@@ -50,7 +76,7 @@ void dbg_default(int level, char *fmt, ...)
/**
* set the level logged by the default stderr logger
*/
-void dbg_default_set_level(int level)
+void dbg_default_set_level(level_t level)
{
default_level = level;
}
@@ -66,5 +92,5 @@ void dbg_default_set_stream(FILE *stream)
/**
* The registered debug hook.
*/
-void (*dbg) (int level, char *fmt, ...) = dbg_default;
+void (*dbg) (debug_t group, level_t level, char *fmt, ...) = dbg_default;
diff --git a/src/libstrongswan/debug.h b/src/libstrongswan/debug.h
index 085795acb..a21111d93 100644
--- a/src/libstrongswan/debug.h
+++ b/src/libstrongswan/debug.h
@@ -21,26 +21,95 @@
#ifndef DEBUG_H_
#define DEBUG_H_
+typedef enum debug_t debug_t;
+typedef enum level_t level_t;
+
#include <stdio.h>
+#include "enum.h"
+
+/**
+ * Debug message group.
+ */
+enum debug_t {
+ /** daemon specific */
+ DBG_DMN,
+ /** IKE_SA_MANAGER */
+ DBG_MGR,
+ /** IKE_SA */
+ DBG_IKE,
+ /** CHILD_SA */
+ DBG_CHD,
+ /** job processing */
+ DBG_JOB,
+ /** configuration backends */
+ DBG_CFG,
+ /** kernel interface */
+ DBG_KNL,
+ /** networking/sockets */
+ DBG_NET,
+ /** message encoding/decoding */
+ DBG_ENC,
+ /** libstrongswan */
+ DBG_LIB,
+ /** number of groups */
+ DBG_MAX,
+ /** pseudo group with all groups */
+ DBG_ANY = DBG_MAX,
+};
+
+/**
+ * short names of debug message group.
+ */
+extern enum_name_t *debug_names;
+
+/**
+ * short names of debug message group, lower case.
+ */
+extern enum_name_t *debug_lower_names;
+
+/**
+ * Debug levels used to control output verbosity.
+ */
+enum level_t {
+ /** absolutely silent */
+ LEVEL_SILENT = -1,
+ /** most important auditing logs */
+ LEVEL_AUDIT = 0,
+ /** control flow */
+ LEVEL_CTRL = 1,
+ /** diagnose problems */
+ LEVEL_DIAG = 2,
+ /** raw binary blobs */
+ LEVEL_RAW = 3,
+ /** including sensitive data (private keys) */
+ LEVEL_PRIVATE = 4,
+};
+
#ifndef DEBUG_LEVEL
# define DEBUG_LEVEL 4
#endif /* DEBUG_LEVEL */
/** debug macros, they call the dbg function hook */
+#if DEBUG_LEVEL >= 0
+# define DBG0(group, fmt, ...) dbg(group, 0, fmt, ##__VA_ARGS__)
+#endif /* DEBUG_LEVEL */
#if DEBUG_LEVEL >= 1
-# define DBG1(fmt, ...) dbg(1, fmt, ##__VA_ARGS__)
+# define DBG1(group, fmt, ...) dbg(group, 1, fmt, ##__VA_ARGS__)
#endif /* DEBUG_LEVEL */
#if DEBUG_LEVEL >= 2
-# define DBG2(fmt, ...) dbg(2, fmt, ##__VA_ARGS__)
+# define DBG2(group, fmt, ...) dbg(group, 2, fmt, ##__VA_ARGS__)
#endif /* DEBUG_LEVEL */
#if DEBUG_LEVEL >= 3
-# define DBG3(fmt, ...) dbg(3, fmt, ##__VA_ARGS__)
+# define DBG3(group, fmt, ...) dbg(group, 3, fmt, ##__VA_ARGS__)
#endif /* DEBUG_LEVEL */
#if DEBUG_LEVEL >= 4
-# define DBG4(fmt, ...) dbg(4, fmt, ##__VA_ARGS__)
+# define DBG4(group, fmt, ...) dbg(group, 4, fmt, ##__VA_ARGS__)
#endif /* DEBUG_LEVEL */
+#ifndef DBG0
+# define DBG0(...) {}
+#endif
#ifndef DBG1
# define DBG1(...) {}
#endif
@@ -55,13 +124,13 @@
#endif
/** dbg function hook, uses dbg_default() by default */
-extern void (*dbg) (int level, char *fmt, ...);
+extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
/** default logging function */
-void dbg_default(int level, char *fmt, ...);
+void dbg_default(debug_t group, level_t level, char *fmt, ...);
/** set the level logged by dbg_default() */
-void dbg_default_set_level(int level);
+void dbg_default_set_level(level_t level);
/** set the stream logged by dbg_default() to */
void dbg_default_set_stream(FILE *stream);
diff --git a/src/libstrongswan/enum.h b/src/libstrongswan/enum.h
index 6b9fd7eaa..691f9f2bc 100644
--- a/src/libstrongswan/enum.h
+++ b/src/libstrongswan/enum.h
@@ -22,7 +22,7 @@
#ifndef ENUM_H_
#define ENUM_H_
-#include <printf_hook.h>
+#include "printf_hook.h"
typedef struct enum_name_t enum_name_t;
diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c
index b73bfacf6..c81de032c 100644
--- a/src/libstrongswan/fetcher/fetcher_manager.c
+++ b/src/libstrongswan/fetcher/fetcher_manager.c
@@ -134,7 +134,7 @@ static status_t fetch(private_fetcher_manager_t *this,
this->lock->unlock(this->lock);
if (!capable)
{
- DBG1("unable to fetch from %s, no capable fetcher found", url);
+ DBG1(DBG_LIB, "unable to fetch from %s, no capable fetcher found", url);
}
return status;
}
diff --git a/src/libstrongswan/integrity_checker.c b/src/libstrongswan/integrity_checker.c
index 51da4e725..c9cad44ae 100644
--- a/src/libstrongswan/integrity_checker.c
+++ b/src/libstrongswan/integrity_checker.c
@@ -26,8 +26,8 @@
#include <sys/stat.h>
#include <sys/types.h>
-#include <debug.h>
-#include <library.h>
+#include "debug.h"
+#include "library.h"
typedef struct private_integrity_checker_t private_integrity_checker_t;
@@ -72,13 +72,14 @@ static u_int32_t build_file(private_integrity_checker_t *this, char *file,
fd = open(file, O_RDONLY);
if (fd == -1)
{
- DBG1(" opening '%s' failed: %s", file, strerror(errno));
+ DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno));
return 0;
}
if (fstat(fd, &sb) == -1)
{
- DBG1(" getting file size of '%s' failed: %s", file, strerror(errno));
+ DBG1(DBG_LIB, " getting file size of '%s' failed: %s", file,
+ strerror(errno));
close(fd);
return 0;
}
@@ -86,7 +87,7 @@ static u_int32_t build_file(private_integrity_checker_t *this, char *file,
addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
if (addr == MAP_FAILED)
{
- DBG1(" mapping '%s' failed: %s", file, strerror(errno));
+ DBG1(DBG_LIB, " mapping '%s' failed: %s", file, strerror(errno));
close(fd);
return 0;
}
@@ -146,13 +147,13 @@ static u_int32_t build_segment(private_integrity_checker_t *this, void *sym,
if (dladdr(sym, &dli) == 0)
{
- DBG1(" unable to locate symbol: %s", dlerror());
+ DBG1(DBG_LIB, " unable to locate symbol: %s", dlerror());
return 0;
}
/* we reuse the Dl_info struct as in/out parameter */
if (!dl_iterate_phdr((void*)callback, &dli))
{
- DBG1(" executable section not found");
+ DBG1(DBG_LIB, " executable section not found");
return 0;
}
@@ -192,7 +193,7 @@ static bool check_file(private_integrity_checker_t *this,
cs = find_checksum(this, name);
if (!cs)
{
- DBG1(" '%s' file checksum not found", name);
+ DBG1(DBG_LIB, " '%s' file checksum not found", name);
return FALSE;
}
sum = build_file(this, file, &len);
@@ -202,17 +203,17 @@ static bool check_file(private_integrity_checker_t *this,
}
if (cs->file_len != len)
{
- DBG1(" invalid '%s' file size: %u bytes, expected %u bytes",
+ DBG1(DBG_LIB, " invalid '%s' file size: %u bytes, expected %u bytes",
name, len, cs->file_len);
return FALSE;
}
if (cs->file != sum)
{
- DBG1(" invalid '%s' file checksum: %08x, expected %08x",
+ DBG1(DBG_LIB, " invalid '%s' file checksum: %08x, expected %08x",
name, sum, cs->file);
return FALSE;
}
- DBG2(" valid '%s' file checksum: %08x", name, sum);
+ DBG2(DBG_LIB, " valid '%s' file checksum: %08x", name, sum);
return TRUE;
}
@@ -229,7 +230,7 @@ static bool check_segment(private_integrity_checker_t *this,
cs = find_checksum(this, name);
if (!cs)
{
- DBG1(" '%s' segment checksum not found", name);
+ DBG1(DBG_LIB, " '%s' segment checksum not found", name);
return FALSE;
}
sum = build_segment(this, sym, &len);
@@ -239,17 +240,17 @@ static bool check_segment(private_integrity_checker_t *this,
}
if (cs->segment_len != len)
{
- DBG1(" invalid '%s' segment size: %u bytes, expected %u bytes",
- name, len, cs->segment_len);
+ DBG1(DBG_LIB, " invalid '%s' segment size: %u bytes,"
+ " expected %u bytes", name, len, cs->segment_len);
return FALSE;
}
if (cs->segment != sum)
{
- DBG1(" invalid '%s' segment checksum: %08x, expected %08x",
+ DBG1(DBG_LIB, " invalid '%s' segment checksum: %08x, expected %08x",
name, sum, cs->segment);
return FALSE;
}
- DBG2(" valid '%s' segment checksum: %08x", name, sum);
+ DBG2(DBG_LIB, " valid '%s' segment checksum: %08x", name, sum);
return TRUE;
}
@@ -262,7 +263,7 @@ static bool check(private_integrity_checker_t *this, char *name, void *sym)
if (dladdr(sym, &dli) == 0)
{
- DBG1("unable to locate symbol: %s", dlerror());
+ DBG1(DBG_LIB, "unable to locate symbol: %s", dlerror());
return FALSE;
}
if (!check_file(this, name, (char*)dli.dli_fname))
@@ -319,12 +320,14 @@ integrity_checker_t *integrity_checker_create(char *checksum_library)
}
else
{
- DBG1("checksum library '%s' invalid", checksum_library);
+ DBG1(DBG_LIB, "checksum library '%s' invalid",
+ checksum_library);
}
}
else
{
- DBG1("loading checksum library '%s' failed", checksum_library);
+ DBG1(DBG_LIB, "loading checksum library '%s' failed",
+ checksum_library);
}
}
return &this->public;
diff --git a/src/libstrongswan/integrity_checker.h b/src/libstrongswan/integrity_checker.h
index 7349353f3..55a4658f7 100644
--- a/src/libstrongswan/integrity_checker.h
+++ b/src/libstrongswan/integrity_checker.h
@@ -21,8 +21,8 @@
#ifndef INTEGRITY_CHECKER_H_
#define INTEGRITY_CHECKER_H_
-#include <utils.h>
-#include <plugins/plugin.h>
+#include "utils.h"
+#include "plugins/plugin.h"
typedef struct integrity_checker_t integrity_checker_t;
typedef struct integrity_checksum_t integrity_checksum_t;
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index 4e8bb87d0..108ac2ca0 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -18,14 +18,12 @@
#include <stdlib.h>
-#include <utils.h>
-#include <chunk.h>
-#include <debug.h>
-#include <threading/thread.h>
-#include <utils/identification.h>
-#include <utils/host.h>
+#include "debug.h"
+#include "threading/thread.h"
+#include "utils/identification.h"
+#include "utils/host.h"
#ifdef LEAK_DETECTIVE
-#include <utils/leak_detective.h>
+#include "utils/leak_detective.h"
#endif
#define CHECKSUM_LIBRARY IPSEC_DIR"/libchecksum.so"
@@ -68,7 +66,6 @@ void library_deinit()
this->public.encoding->destroy(this->public.encoding);
this->public.crypto->destroy(this->public.crypto);
this->public.fetcher->destroy(this->public.fetcher);
- this->public.attributes->destroy(this->public.attributes);
this->public.db->destroy(this->public.db);
this->public.printf_hook->destroy(this->public.printf_hook);
if (this->public.integrity)
@@ -133,7 +130,6 @@ bool library_init(char *settings)
this->public.creds = credential_factory_create();
this->public.encoding = key_encoding_create();
this->public.fetcher = fetcher_manager_create();
- this->public.attributes = attribute_manager_create();
this->public.db = database_factory_create();
this->public.plugins = plugin_loader_create();
this->public.integrity = NULL;
@@ -145,11 +141,11 @@ bool library_init(char *settings)
this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY);
if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
{
- DBG1("integrity check of libstrongswan failed");
+ DBG1(DBG_LIB, "integrity check of libstrongswan failed");
return FALSE;
}
#else /* !INTEGRITY_TEST */
- DBG1("integrity test enabled, but not supported");
+ DBG1(DBG_LIB, "integrity test enabled, but not supported");
return FALSE;
#endif /* INTEGRITY_TEST */
}
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index 78a6fe0a9..241084155 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -55,18 +55,17 @@
#ifndef LIBRARY_H_
#define LIBRARY_H_
-#include <printf_hook.h>
-#include <utils.h>
-#include <chunk.h>
-#include <settings.h>
-#include <integrity_checker.h>
-#include <plugins/plugin_loader.h>
-#include <crypto/crypto_factory.h>
-#include <fetcher/fetcher_manager.h>
-#include <attributes/attribute_manager.h>
-#include <database/database_factory.h>
-#include <credentials/credential_factory.h>
-#include <credentials/keys/key_encoding.h>
+#include "printf_hook.h"
+#include "utils.h"
+#include "chunk.h"
+#include "settings.h"
+#include "integrity_checker.h"
+#include "plugins/plugin_loader.h"
+#include "crypto/crypto_factory.h"
+#include "fetcher/fetcher_manager.h"
+#include "database/database_factory.h"
+#include "credentials/credential_factory.h"
+#include "credentials/keys/key_encoding.h"
typedef struct library_t library_t;
@@ -101,11 +100,6 @@ struct library_t {
fetcher_manager_t *fetcher;
/**
- * manager for payload attributes
- */
- attribute_manager_t *attributes;
-
- /**
* database construction factory
*/
database_factory_t *db;
diff --git a/src/libstrongswan/plugins/aes/Makefile.am b/src/libstrongswan/plugins/aes/Makefile.am
index a3101172f..e72daeb44 100644
--- a/src/libstrongswan/plugins/aes/Makefile.am
+++ b/src/libstrongswan/plugins/aes/Makefile.am
@@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-aes.la
+else
plugin_LTLIBRARIES = libstrongswan-aes.la
+endif
-libstrongswan_aes_la_SOURCES = aes_plugin.h aes_plugin.c aes_crypter.c aes_crypter.h
-libstrongswan_aes_la_LDFLAGS = -module -avoid-version
+libstrongswan_aes_la_SOURCES = \
+ aes_plugin.h aes_plugin.c aes_crypter.c aes_crypter.h
+libstrongswan_aes_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index 03ef465e0..391d23049 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_aes_la_LIBADD =
am_libstrongswan_aes_la_OBJECTS = aes_plugin.lo aes_crypter.lo
libstrongswan_aes_la_OBJECTS = $(am_libstrongswan_aes_la_OBJECTS)
libstrongswan_aes_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_aes_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_aes_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_aes_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-aes.la
-libstrongswan_aes_la_SOURCES = aes_plugin.h aes_plugin.c aes_crypter.c aes_crypter.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-aes.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-aes.la
+libstrongswan_aes_la_SOURCES = \
+ aes_plugin.h aes_plugin.c aes_crypter.c aes_crypter.h
+
libstrongswan_aes_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -290,6 +296,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-aes.la: $(libstrongswan_aes_la_OBJECTS) $(libstrongswan_aes_la_DEPENDENCIES)
- $(libstrongswan_aes_la_LINK) -rpath $(plugindir) $(libstrongswan_aes_la_OBJECTS) $(libstrongswan_aes_la_LIBADD) $(LIBS)
+ $(libstrongswan_aes_la_LINK) $(am_libstrongswan_aes_la_rpath) $(libstrongswan_aes_la_OBJECTS) $(libstrongswan_aes_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -476,8 +491,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c
index c6215cc7f..1e920f8cc 100644
--- a/src/libstrongswan/plugins/aes/aes_plugin.c
+++ b/src/libstrongswan/plugins/aes/aes_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_aes_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *aes_plugin_create()
{
private_aes_plugin_t *this = malloc_thing(private_aes_plugin_t);
diff --git a/src/libstrongswan/plugins/aes/aes_plugin.h b/src/libstrongswan/plugins/aes/aes_plugin.h
index a6ff620ed..f0f0e8154 100644
--- a/src/libstrongswan/plugins/aes/aes_plugin.h
+++ b/src/libstrongswan/plugins/aes/aes_plugin.h
@@ -39,9 +39,4 @@ struct aes_plugin_t {
plugin_t plugin;
};
-/**
- * Create a aes_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** AES_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/agent/Makefile.am b/src/libstrongswan/plugins/agent/Makefile.am
index e1000e562..ffa6e8b7f 100644
--- a/src/libstrongswan/plugins/agent/Makefile.am
+++ b/src/libstrongswan/plugins/agent/Makefile.am
@@ -3,10 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-agent.la
+else
plugin_LTLIBRARIES = libstrongswan-agent.la
+endif
-libstrongswan_agent_la_SOURCES = agent_plugin.h agent_plugin.c \
- agent_private_key.c agent_private_key.h
+libstrongswan_agent_la_SOURCES = \
+ agent_plugin.h agent_plugin.c \
+ agent_private_key.c agent_private_key.h
libstrongswan_agent_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index 5bf52aa56..bd6465374 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_agent_la_LIBADD =
am_libstrongswan_agent_la_OBJECTS = agent_plugin.lo \
agent_private_key.lo
@@ -80,6 +80,9 @@ libstrongswan_agent_la_OBJECTS = $(am_libstrongswan_agent_la_OBJECTS)
libstrongswan_agent_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_agent_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_agent_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_agent_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,9 +258,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-agent.la
-libstrongswan_agent_la_SOURCES = agent_plugin.h agent_plugin.c \
- agent_private_key.c agent_private_key.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-agent.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-agent.la
+libstrongswan_agent_la_SOURCES = \
+ agent_plugin.h agent_plugin.c \
+ agent_private_key.c agent_private_key.h
libstrongswan_agent_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -293,6 +299,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -325,7 +340,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-agent.la: $(libstrongswan_agent_la_OBJECTS) $(libstrongswan_agent_la_DEPENDENCIES)
- $(libstrongswan_agent_la_LINK) -rpath $(plugindir) $(libstrongswan_agent_la_OBJECTS) $(libstrongswan_agent_la_LIBADD) $(LIBS)
+ $(libstrongswan_agent_la_LINK) $(am_libstrongswan_agent_la_rpath) $(libstrongswan_agent_la_OBJECTS) $(libstrongswan_agent_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -479,8 +494,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -551,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c
index 299b2cc1d..d40b437bb 100644
--- a/src/libstrongswan/plugins/agent/agent_plugin.c
+++ b/src/libstrongswan/plugins/agent/agent_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_agent_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *agent_plugin_create()
{
private_agent_plugin_t *this = malloc_thing(private_agent_plugin_t);
diff --git a/src/libstrongswan/plugins/agent/agent_plugin.h b/src/libstrongswan/plugins/agent/agent_plugin.h
index e49af42d8..d352c305c 100644
--- a/src/libstrongswan/plugins/agent/agent_plugin.h
+++ b/src/libstrongswan/plugins/agent/agent_plugin.h
@@ -39,9 +39,4 @@ struct agent_plugin_t {
plugin_t plugin;
};
-/**
- * Create a agent_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** AGENT_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index d0a2da87f..4247f849e 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -137,7 +137,8 @@ static int open_connection(char *path)
s = socket(AF_UNIX, SOCK_STREAM, 0);
if (s == -1)
{
- DBG1("opening ssh-agent socket %s failed: %s:", path, strerror(errno));
+ DBG1(DBG_LIB, "opening ssh-agent socket %s failed: %s:", path,
+ strerror(errno));
return -1;
}
@@ -147,7 +148,8 @@ static int open_connection(char *path)
if (connect(s, (struct sockaddr*)&addr, SUN_LEN(&addr)) != 0)
{
- DBG1("connecting to ssh-agent socket failed: %s", strerror(errno));
+ DBG1(DBG_LIB, "connecting to ssh-agent socket failed: %s",
+ strerror(errno));
close(s);
return -1;
}
@@ -168,7 +170,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
if (write(this->socket, &len, sizeof(len)) != sizeof(len) ||
write(this->socket, &buf, 1) != 1)
{
- DBG1("writing to ssh-agent failed");
+ DBG1(DBG_LIB, "writing to ssh-agent failed");
return FALSE;
}
@@ -179,7 +181,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
read_uint32(&blob) != blob.len ||
read_byte(&blob) != SSH_AGENT_ID_RESPONSE)
{
- DBG1("received invalid ssh-agent identity response");
+ DBG1(DBG_LIB, "received invalid ssh-agent identity response");
return FALSE;
}
count = read_uint32(&blob);
@@ -231,7 +233,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
if (scheme != SIGN_RSA_EMSA_PKCS1_SHA1)
{
- DBG1("signature scheme %N not supported by ssh-agent",
+ DBG1(DBG_LIB, "signature scheme %N not supported by ssh-agent",
signature_scheme_names, scheme);
return FALSE;
}
@@ -241,7 +243,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
if (write(this->socket, &len, sizeof(len)) != sizeof(len) ||
write(this->socket, &buf, 1) != 1)
{
- DBG1("writing to ssh-agent failed");
+ DBG1(DBG_LIB, "writing to ssh-agent failed");
return FALSE;
}
@@ -249,7 +251,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
if (write(this->socket, &len, sizeof(len)) != sizeof(len) ||
write(this->socket, this->key.ptr, this->key.len) != this->key.len)
{
- DBG1("writing to ssh-agent failed");
+ DBG1(DBG_LIB, "writing to ssh-agent failed");
return FALSE;
}
@@ -257,14 +259,14 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
if (write(this->socket, &len, sizeof(len)) != sizeof(len) ||
write(this->socket, data.ptr, data.len) != data.len)
{
- DBG1("writing to ssh-agent failed");
+ DBG1(DBG_LIB, "writing to ssh-agent failed");
return FALSE;
}
flags = htonl(0);
if (write(this->socket, &flags, sizeof(flags)) != sizeof(flags))
{
- DBG1("writing to ssh-agent failed");
+ DBG1(DBG_LIB, "writing to ssh-agent failed");
return FALSE;
}
@@ -274,7 +276,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
read_uint32(&blob) != blob.len ||
read_byte(&blob) != SSH_AGENT_SIGN_RESPONSE)
{
- DBG1("received invalid ssh-agent signature response");
+ DBG1(DBG_LIB, "received invalid ssh-agent signature response");
return FALSE;
}
/* parse length */
@@ -285,7 +287,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
blob = read_string(&blob);
if (!blob.len)
{
- DBG1("received invalid ssh-agent signature response");
+ DBG1(DBG_LIB, "received invalid ssh-agent signature response");
return FALSE;
}
*signature = chunk_clone(blob);
@@ -306,7 +308,7 @@ static key_type_t get_type(private_agent_private_key_t *this)
static bool decrypt(private_agent_private_key_t *this,
chunk_t crypto, chunk_t *plain)
{
- DBG1("private key decryption not supported by ssh-agent");
+ DBG1(DBG_LIB, "private key decryption not supported by ssh-agent");
return FALSE;
}
diff --git a/src/libstrongswan/plugins/attr_sql/Makefile.am b/src/libstrongswan/plugins/attr_sql/Makefile.am
deleted file mode 100644
index 5be310abf..000000000
--- a/src/libstrongswan/plugins/attr_sql/Makefile.am
+++ /dev/null
@@ -1,15 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan
-
-AM_CFLAGS = -rdynamic \
- -DPLUGINS=\""${libstrongswan_plugins}\""
-
-plugin_LTLIBRARIES = libstrongswan-attr-sql.la
-libstrongswan_attr_sql_la_SOURCES = \
- attr_sql_plugin.h attr_sql_plugin.c \
- sql_attribute.h sql_attribute.c
-libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version
-
-ipsec_PROGRAMS = pool
-pool_SOURCES = pool.c
-pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.am b/src/libstrongswan/plugins/blowfish/Makefile.am
index de8948445..95c414204 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.am
+++ b/src/libstrongswan/plugins/blowfish/Makefile.am
@@ -3,10 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-blowfish.la
+else
plugin_LTLIBRARIES = libstrongswan-blowfish.la
+endif
libstrongswan_blowfish_la_SOURCES = \
-blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \
-bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c
-libstrongswan_blowfish_la_LDFLAGS = -module -avoid-version
+ blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \
+ bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c
+libstrongswan_blowfish_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index 7b55d69c7..f95a4abe5 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_blowfish_la_LIBADD =
am_libstrongswan_blowfish_la_OBJECTS = blowfish_plugin.lo \
blowfish_crypter.lo bf_skey.lo bf_enc.lo
@@ -82,6 +82,9 @@ libstrongswan_blowfish_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_blowfish_la_LDFLAGS) \
$(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_blowfish_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_blowfish_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -256,10 +260,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-blowfish.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-blowfish.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-blowfish.la
libstrongswan_blowfish_la_SOURCES = \
-blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \
-bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c
+ blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \
+ bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c
libstrongswan_blowfish_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -296,6 +301,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +342,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-blowfish.la: $(libstrongswan_blowfish_la_OBJECTS) $(libstrongswan_blowfish_la_DEPENDENCIES)
- $(libstrongswan_blowfish_la_LINK) -rpath $(plugindir) $(libstrongswan_blowfish_la_OBJECTS) $(libstrongswan_blowfish_la_LIBADD) $(LIBS)
+ $(libstrongswan_blowfish_la_LINK) $(am_libstrongswan_blowfish_la_rpath) $(libstrongswan_blowfish_la_OBJECTS) $(libstrongswan_blowfish_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -484,8 +498,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -556,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
index 993dc8b3b..f9fb605b3 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
@@ -45,7 +45,7 @@ static void destroy(private_blowfish_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *blowfish_plugin_create()
{
private_blowfish_plugin_t *this = malloc_thing(private_blowfish_plugin_t);
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.h b/src/libstrongswan/plugins/blowfish/blowfish_plugin.h
index 596a7c791..6a87f42ee 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.h
+++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.h
@@ -40,9 +40,4 @@ struct blowfish_plugin_t {
plugin_t plugin;
};
-/**
- * Create a blowfish_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** BLOWFISH_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/curl/Makefile.am b/src/libstrongswan/plugins/curl/Makefile.am
index f0a41e4ad..43718f678 100644
--- a/src/libstrongswan/plugins/curl/Makefile.am
+++ b/src/libstrongswan/plugins/curl/Makefile.am
@@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-curl.la
+else
plugin_LTLIBRARIES = libstrongswan-curl.la
+endif
+
+libstrongswan_curl_la_SOURCES = \
+ curl_plugin.h curl_plugin.c curl_fetcher.c curl_fetcher.h
-libstrongswan_curl_la_SOURCES = curl_plugin.h curl_plugin.c curl_fetcher.c curl_fetcher.h
libstrongswan_curl_la_LDFLAGS = -module -avoid-version
libstrongswan_curl_la_LIBADD = -lcurl
-
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index 32b2504fe..1952b22e7 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_curl_la_DEPENDENCIES =
am_libstrongswan_curl_la_OBJECTS = curl_plugin.lo curl_fetcher.lo
libstrongswan_curl_la_OBJECTS = $(am_libstrongswan_curl_la_OBJECTS)
libstrongswan_curl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_curl_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_curl_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_curl_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-curl.la
-libstrongswan_curl_la_SOURCES = curl_plugin.h curl_plugin.c curl_fetcher.c curl_fetcher.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-curl.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-curl.la
+libstrongswan_curl_la_SOURCES = \
+ curl_plugin.h curl_plugin.c curl_fetcher.c curl_fetcher.h
+
libstrongswan_curl_la_LDFLAGS = -module -avoid-version
libstrongswan_curl_la_LIBADD = -lcurl
all: all-am
@@ -291,6 +297,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -323,7 +338,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-curl.la: $(libstrongswan_curl_la_OBJECTS) $(libstrongswan_curl_la_DEPENDENCIES)
- $(libstrongswan_curl_la_LINK) -rpath $(plugindir) $(libstrongswan_curl_la_OBJECTS) $(libstrongswan_curl_la_LIBADD) $(LIBS)
+ $(libstrongswan_curl_la_LINK) $(am_libstrongswan_curl_la_rpath) $(libstrongswan_curl_la_OBJECTS) $(libstrongswan_curl_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -477,8 +492,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -549,18 +564,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index 08315e932..2341c9052 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -84,7 +84,7 @@ METHOD(fetcher_t, fetch, status_t,
curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, this->headers);
}
- DBG2(" sending http request to '%s'...", uri);
+ DBG2(DBG_LIB, " sending http request to '%s'...", uri);
switch (curl_easy_perform(this->curl))
{
case CURLE_UNSUPPORTED_PROTOCOL:
@@ -94,7 +94,7 @@ METHOD(fetcher_t, fetch, status_t,
status = SUCCESS;
break;
default:
- DBG1("libcurl http request failed: %s", error);
+ DBG1(DBG_LIB, "libcurl http request failed: %s", error);
status = FAILED;
break;
}
diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c
index 13dfa053f..e00fcfc03 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.c
+++ b/src/libstrongswan/plugins/curl/curl_plugin.c
@@ -48,7 +48,7 @@ static void destroy(private_curl_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *curl_plugin_create()
{
CURLcode res;
private_curl_plugin_t *this = malloc_thing(private_curl_plugin_t);
@@ -69,7 +69,7 @@ plugin_t *plugin_create()
}
else
{
- DBG1("global libcurl initializing failed: %s, curl disabled",
+ DBG1(DBG_LIB, "global libcurl initializing failed: %s, curl disabled",
curl_easy_strerror(res));
}
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/curl/curl_plugin.h b/src/libstrongswan/plugins/curl/curl_plugin.h
index 1b748446b..ae17285c2 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.h
+++ b/src/libstrongswan/plugins/curl/curl_plugin.h
@@ -39,9 +39,4 @@ struct curl_plugin_t {
plugin_t plugin;
};
-/**
- * Create a curl_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** CURL_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/des/Makefile.am b/src/libstrongswan/plugins/des/Makefile.am
index 76cfbc419..c7d9ce915 100644
--- a/src/libstrongswan/plugins/des/Makefile.am
+++ b/src/libstrongswan/plugins/des/Makefile.am
@@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-des.la
+else
plugin_LTLIBRARIES = libstrongswan-des.la
+endif
-libstrongswan_des_la_SOURCES = des_plugin.h des_plugin.c des_crypter.c des_crypter.h
-libstrongswan_des_la_LDFLAGS = -module -avoid-version
+libstrongswan_des_la_SOURCES = \
+ des_plugin.h des_plugin.c des_crypter.c des_crypter.h
+libstrongswan_des_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index f68b4bd03..af351cfe3 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_des_la_LIBADD =
am_libstrongswan_des_la_OBJECTS = des_plugin.lo des_crypter.lo
libstrongswan_des_la_OBJECTS = $(am_libstrongswan_des_la_OBJECTS)
libstrongswan_des_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_des_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_des_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_des_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-des.la
-libstrongswan_des_la_SOURCES = des_plugin.h des_plugin.c des_crypter.c des_crypter.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-des.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-des.la
+libstrongswan_des_la_SOURCES = \
+ des_plugin.h des_plugin.c des_crypter.c des_crypter.h
+
libstrongswan_des_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -290,6 +296,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-des.la: $(libstrongswan_des_la_OBJECTS) $(libstrongswan_des_la_DEPENDENCIES)
- $(libstrongswan_des_la_LINK) -rpath $(plugindir) $(libstrongswan_des_la_OBJECTS) $(libstrongswan_des_la_LIBADD) $(LIBS)
+ $(libstrongswan_des_la_LINK) $(am_libstrongswan_des_la_rpath) $(libstrongswan_des_la_OBJECTS) $(libstrongswan_des_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -476,8 +491,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c
index 649d224ab..afc82e8d4 100644
--- a/src/libstrongswan/plugins/des/des_plugin.c
+++ b/src/libstrongswan/plugins/des/des_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_des_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *des_plugin_create()
{
private_des_plugin_t *this = malloc_thing(private_des_plugin_t);
diff --git a/src/libstrongswan/plugins/des/des_plugin.h b/src/libstrongswan/plugins/des/des_plugin.h
index 17df220bc..cfff420c0 100644
--- a/src/libstrongswan/plugins/des/des_plugin.h
+++ b/src/libstrongswan/plugins/des/des_plugin.h
@@ -39,9 +39,4 @@ struct des_plugin_t {
plugin_t plugin;
};
-/**
- * Create a des_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** DES_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.am b/src/libstrongswan/plugins/dnskey/Makefile.am
index fd020f505..fbba95e0a 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.am
+++ b/src/libstrongswan/plugins/dnskey/Makefile.am
@@ -3,10 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-dnskey.la
+else
plugin_LTLIBRARIES = libstrongswan-dnskey.la
+endif
-libstrongswan_dnskey_la_SOURCES = dnskey_plugin.h dnskey_plugin.c \
- dnskey_builder.h dnskey_builder.c
+libstrongswan_dnskey_la_SOURCES = \
+ dnskey_plugin.h dnskey_plugin.c \
+ dnskey_builder.h dnskey_builder.c
libstrongswan_dnskey_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index d7d5ff29b..1f1f90127 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_dnskey_la_LIBADD =
am_libstrongswan_dnskey_la_OBJECTS = dnskey_plugin.lo \
dnskey_builder.lo
@@ -81,6 +81,9 @@ libstrongswan_dnskey_la_OBJECTS = \
libstrongswan_dnskey_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_dnskey_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_dnskey_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_dnskey_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -255,9 +259,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-dnskey.la
-libstrongswan_dnskey_la_SOURCES = dnskey_plugin.h dnskey_plugin.c \
- dnskey_builder.h dnskey_builder.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-dnskey.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-dnskey.la
+libstrongswan_dnskey_la_SOURCES = \
+ dnskey_plugin.h dnskey_plugin.c \
+ dnskey_builder.h dnskey_builder.c
libstrongswan_dnskey_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -294,6 +300,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -326,7 +341,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-dnskey.la: $(libstrongswan_dnskey_la_OBJECTS) $(libstrongswan_dnskey_la_DEPENDENCIES)
- $(libstrongswan_dnskey_la_LINK) -rpath $(plugindir) $(libstrongswan_dnskey_la_OBJECTS) $(libstrongswan_dnskey_la_LIBADD) $(LIBS)
+ $(libstrongswan_dnskey_la_LINK) $(am_libstrongswan_dnskey_la_rpath) $(libstrongswan_dnskey_la_OBJECTS) $(libstrongswan_dnskey_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -480,8 +495,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -552,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.c b/src/libstrongswan/plugins/dnskey/dnskey_builder.c
index ba20e7158..ea4eb6cda 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_builder.c
+++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.c
@@ -52,7 +52,7 @@ static dnskey_public_key_t *parse_public_key(chunk_t blob)
if (blob.len < sizeof(dnskey_rr_t))
{
- DBG1("DNSKEY too short");
+ DBG1(DBG_LIB, "DNSKEY too short");
return NULL;
}
blob = chunk_skip(blob, sizeof(dnskey_rr_t));
@@ -63,7 +63,8 @@ static dnskey_public_key_t *parse_public_key(chunk_t blob)
return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
BUILD_BLOB_DNSKEY, blob, BUILD_END);
default:
- DBG1("DNSKEY public key algorithm %d not supported", rr->algorithm);
+ DBG1(DBG_LIB, "DNSKEY public key algorithm %d not supported",
+ rr->algorithm);
return NULL;
}
}
@@ -77,7 +78,7 @@ static dnskey_public_key_t *parse_rsa_public_key(chunk_t blob)
if (blob.len < 3)
{
- DBG1("RFC 3110 public key blob too short for exponent length");
+ DBG1(DBG_LIB, "RFC 3110 public key blob too short for exponent length");
return NULL;
}
@@ -94,7 +95,7 @@ static dnskey_public_key_t *parse_rsa_public_key(chunk_t blob)
e.ptr = blob.ptr;
if (e.len >= blob.len)
{
- DBG1("RFC 3110 public key blob too short for exponent");
+ DBG1(DBG_LIB, "RFC 3110 public key blob too short for exponent");
return NULL;
}
n = chunk_skip(blob, e.len);
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
index 83dbe31a1..125047b05 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
+++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_dnskey_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *dnskey_plugin_create()
{
private_dnskey_plugin_t *this = malloc_thing(private_dnskey_plugin_t);
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.h b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h
index 17790e1c6..8b49bd6cb 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.h
+++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h
@@ -39,9 +39,4 @@ struct dnskey_plugin_t {
plugin_t plugin;
};
-/**
- * Create a dnskey_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** DNSKEY_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.am b/src/libstrongswan/plugins/fips_prf/Makefile.am
index d9431947e..c9cf2c977 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.am
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.am
@@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-fips-prf.la
+else
plugin_LTLIBRARIES = libstrongswan-fips-prf.la
+endif
-libstrongswan_fips_prf_la_SOURCES = fips_prf_plugin.h fips_prf_plugin.c fips_prf.c fips_prf.h
-libstrongswan_fips_prf_la_LDFLAGS = -module -avoid-version
+libstrongswan_fips_prf_la_SOURCES = \
+ fips_prf_plugin.h fips_prf_plugin.c fips_prf.c fips_prf.h
+libstrongswan_fips_prf_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index b23af6def..70553fbd8 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_fips_prf_la_LIBADD =
am_libstrongswan_fips_prf_la_OBJECTS = fips_prf_plugin.lo fips_prf.lo
libstrongswan_fips_prf_la_OBJECTS = \
@@ -81,6 +81,9 @@ libstrongswan_fips_prf_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_fips_prf_la_LDFLAGS) \
$(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_fips_prf_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_fips_prf_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -255,8 +259,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-fips-prf.la
-libstrongswan_fips_prf_la_SOURCES = fips_prf_plugin.h fips_prf_plugin.c fips_prf.c fips_prf.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-fips-prf.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-fips-prf.la
+libstrongswan_fips_prf_la_SOURCES = \
+ fips_prf_plugin.h fips_prf_plugin.c fips_prf.c fips_prf.h
+
libstrongswan_fips_prf_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -292,6 +299,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -324,7 +340,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-fips-prf.la: $(libstrongswan_fips_prf_la_OBJECTS) $(libstrongswan_fips_prf_la_DEPENDENCIES)
- $(libstrongswan_fips_prf_la_LINK) -rpath $(plugindir) $(libstrongswan_fips_prf_la_OBJECTS) $(libstrongswan_fips_prf_la_LIBADD) $(LIBS)
+ $(libstrongswan_fips_prf_la_LINK) $(am_libstrongswan_fips_prf_la_rpath) $(libstrongswan_fips_prf_la_OBJECTS) $(libstrongswan_fips_prf_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -478,8 +494,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -550,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c
index 123d2a244..ad03fa585 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c
@@ -126,14 +126,14 @@ static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[])
{
/* a. XVAL = (XKEY + XSEED j) mod 2^b */
add_mod(this->b, xkey, xseed, xval);
- DBG3("XVAL %b", xval, this->b);
+ DBG3(DBG_LIB, "XVAL %b", xval, this->b);
/* b. wi = G(t, XVAL ) */
this->g(this, chunk_create(xval, this->b), &w[i * this->b]);
- DBG3("w[%d] %b", i, &w[i * this->b], this->b);
+ DBG3(DBG_LIB, "w[%d] %b", i, &w[i * this->b], this->b);
/* c. XKEY = (1 + XKEY + wi) mod 2b */
add_mod(this->b, xkey, &w[i * this->b], sum);
add_mod(this->b, sum, one, xkey);
- DBG3("XKEY %b", xkey, this->b);
+ DBG3(DBG_LIB, "XKEY %b", xkey, this->b);
}
/* 3.3 done already, mod q not used */
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
index 6c0842f81..f41265637 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_fips_prf_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *fips_prf_plugin_create()
{
private_fips_prf_plugin_t *this = malloc_thing(private_fips_prf_plugin_t);
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h
index 8d65254ba..3bd26ad45 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h
@@ -39,9 +39,4 @@ struct fips_prf_plugin_t {
plugin_t plugin;
};
-/**
- * Create a fips_prf_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** FIPS_PRF_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.am b/src/libstrongswan/plugins/gcrypt/Makefile.am
index a468a5ed9..48bf916ab 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.am
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.am
@@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-gcrypt.la
+else
plugin_LTLIBRARIES = libstrongswan-gcrypt.la
+endif
-libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \
+libstrongswan_gcrypt_la_SOURCES = \
+ gcrypt_plugin.h gcrypt_plugin.c \
gcrypt_rsa_public_key.h gcrypt_rsa_public_key.c \
gcrypt_rsa_private_key.h gcrypt_rsa_private_key.c \
gcrypt_dh.h gcrypt_dh.c \
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index c3081e2dd..35829c950 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_gcrypt_la_DEPENDENCIES =
am_libstrongswan_gcrypt_la_OBJECTS = gcrypt_plugin.lo \
gcrypt_rsa_public_key.lo gcrypt_rsa_private_key.lo \
@@ -82,6 +82,9 @@ libstrongswan_gcrypt_la_OBJECTS = \
libstrongswan_gcrypt_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_gcrypt_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_gcrypt_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_gcrypt_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -256,8 +260,10 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-gcrypt.la
-libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-gcrypt.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-gcrypt.la
+libstrongswan_gcrypt_la_SOURCES = \
+ gcrypt_plugin.h gcrypt_plugin.c \
gcrypt_rsa_public_key.h gcrypt_rsa_public_key.c \
gcrypt_rsa_private_key.h gcrypt_rsa_private_key.c \
gcrypt_dh.h gcrypt_dh.c \
@@ -301,6 +307,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -333,7 +348,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-gcrypt.la: $(libstrongswan_gcrypt_la_OBJECTS) $(libstrongswan_gcrypt_la_DEPENDENCIES)
- $(libstrongswan_gcrypt_la_LINK) -rpath $(plugindir) $(libstrongswan_gcrypt_la_OBJECTS) $(libstrongswan_gcrypt_la_LIBADD) $(LIBS)
+ $(libstrongswan_gcrypt_la_LINK) $(am_libstrongswan_gcrypt_la_rpath) $(libstrongswan_gcrypt_la_OBJECTS) $(libstrongswan_gcrypt_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -492,8 +507,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -564,18 +579,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
index 1eee6226d..5dbdde32c 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
@@ -234,7 +234,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
err = gcry_cipher_open(&this->h, gcrypt_alg, mode, 0);
if (err)
{
- DBG1("grcy_cipher_open(%N) failed: %s",
+ DBG1(DBG_LIB, "grcy_cipher_open(%N) failed: %s",
encryption_algorithm_names, algo, gpg_strerror(err));
free(this);
return NULL;
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
index 59c82f1e7..08d6239ad 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2010 Tobias Brunner
* Copyright (C) 2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -19,310 +20,6 @@
#include <debug.h>
-/**
- * Modulus of Group 1 (MODP_768_BIT).
- */
-static u_int8_t group1_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 2 (MODP_1024_BIT).
- */
-static u_int8_t group2_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 5 (MODP_1536_BIT).
- */
-static u_int8_t group5_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-/**
- * Modulus of Group 14 (MODP_2048_BIT).
- */
-static u_int8_t group14_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
- 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
- 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 15 (MODP_3072_BIT).
- */
-static u_int8_t group15_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
- 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
- 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
- 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
- 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
- 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
- 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
- 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
- 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 16 (MODP_4096_BIT).
- */
-static u_int8_t group16_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
- 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
- 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
- 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
- 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
- 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
- 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
- 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
- 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
- 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
- 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
- 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
- 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
- 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 17 (MODP_6144_BIT).
- */
-static u_int8_t group17_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
- 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
- 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
- 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
- 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
- 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
- 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
- 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
- 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
- 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
- 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
- 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
- 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
- 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
- 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
- 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
- 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
- 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
- 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
- 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
- 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
- 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
- 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
- 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
- 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 18 (MODP_8192_BIT).
- */
-static u_int8_t group18_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
- 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
- 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
- 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
- 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
- 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
- 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
- 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
- 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
- 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
- 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
- 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
- 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
- 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
- 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
- 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
- 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
- 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
- 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
- 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
- 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
- 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
- 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
- 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
- 0xE6,0x94,0xF9,0x1E,0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
- 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,0x73,0xB9,0x31,0xBA,
- 0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,
- 0x25,0x76,0xF6,0x93,0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
- 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,0xE3,0x9D,0x65,0x2D,
- 0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,
- 0x13,0xEB,0x57,0xA8,0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
- 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,0xA2,0xC0,0x87,0xE8,
- 0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,
- 0x6D,0x2A,0x13,0xF8,0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
- 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,0x08,0x46,0x85,0x1D,
- 0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,
- 0xFA,0xF3,0x6B,0xC3,0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
- 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B,
- 0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,
- 0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
- 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-};
-
-typedef struct modulus_entry_t modulus_entry_t;
-
-/**
- * Entry of the modulus list.
- */
-struct modulus_entry_t {
- /** IKEv2 DH group */
- diffie_hellman_group_t group;
- /** modulus */
- chunk_t modulus;
- /** optimum length of exponent in bytes */
- size_t opt_len;
- /** generator */
- u_int16_t g;
-};
-
-/**
- * All supported modulus values - optimum exponent size according to RFC 3526.
- */
-static modulus_entry_t modulus_entries[] = {
- {MODP_768_BIT, {group1_modulus, sizeof(group1_modulus)}, 32, 2},
- {MODP_1024_BIT, {group2_modulus, sizeof(group2_modulus)}, 32, 2},
- {MODP_1536_BIT, {group5_modulus, sizeof(group5_modulus)}, 32, 2},
- {MODP_2048_BIT, {group14_modulus, sizeof(group14_modulus)}, 48, 2},
- {MODP_3072_BIT, {group15_modulus, sizeof(group15_modulus)}, 48, 2},
- {MODP_4096_BIT, {group16_modulus, sizeof(group16_modulus)}, 64, 2},
- {MODP_6144_BIT, {group17_modulus, sizeof(group17_modulus)}, 64, 2},
- {MODP_8192_BIT, {group18_modulus, sizeof(group18_modulus)}, 64, 2},
-};
-
-/**
- * Lookup the modulus in modulo table
- */
-static modulus_entry_t *find_entry(diffie_hellman_group_t group)
-{
- int i;
-
- for (i = 0; i < countof(modulus_entries); i++)
- {
- if (modulus_entries[i].group == group)
- {
- return &modulus_entries[i];
- }
- }
- return NULL;
-}
-
typedef struct private_gcrypt_dh_t private_gcrypt_dh_t;
/**
@@ -392,7 +89,7 @@ static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value)
err = gcry_mpi_scan(&this->yb, GCRYMPI_FMT_USG, value.ptr, value.len, NULL);
if (err)
{
- DBG1("importing mpi yb failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "importing mpi yb failed: %s", gpg_strerror(err));
return;
}
@@ -413,7 +110,8 @@ static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value)
}
else
{
- DBG1("public DH value verification failed: y < 2 || y > p - 1 ");
+ DBG1(DBG_LIB, "public DH value verification failed:"
+ " y < 2 || y > p - 1 ");
}
gcry_mpi_release(p_min_1);
}
@@ -485,14 +183,13 @@ static void destroy(private_gcrypt_dh_t *this)
gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
{
private_gcrypt_dh_t *this;
- modulus_entry_t *entry;
+ diffie_hellman_params_t *params;
gcry_error_t err;
chunk_t random;
rng_t *rng;
- size_t len;
- entry = find_entry(group);
- if (!entry)
+ params = diffie_hellman_get_params(group);
+ if (!params)
{
return NULL;
}
@@ -506,53 +203,53 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
this->group = group;
- this->p_len = entry->modulus.len;
+ this->p_len = params->prime.len;
err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG,
- entry->modulus.ptr, entry->modulus.len, NULL);
+ params->prime.ptr, params->prime.len, NULL);
if (err)
{
- DBG1("importing mpi modulus failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "importing mpi modulus failed: %s", gpg_strerror(err));
free(this);
return NULL;
}
- if (lib->settings->get_int(lib->settings,
- "libstrongswan.dh_exponent_ansi_x9_42", TRUE))
- {
- len = this->p_len;
- }
- else
+ err = gcry_mpi_scan(&this->g, GCRYMPI_FMT_USG,
+ params->generator.ptr, params->generator.len, NULL);
+ if (err)
{
- len = entry->opt_len;
+ DBG1(DBG_LIB, "importing mpi generator failed: %s", gpg_strerror(err));
+ gcry_mpi_release(this->p);
+ free(this);
+ return NULL;
}
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (rng)
{ /* prefer external randomizer */
- rng->allocate_bytes(rng, len, &random);
+ rng->allocate_bytes(rng, params->exp_len, &random);
rng->destroy(rng);
err = gcry_mpi_scan(&this->xa, GCRYMPI_FMT_USG,
random.ptr, random.len, NULL);
chunk_clear(&random);
if (err)
{
- DBG1("importing mpi xa failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "importing mpi xa failed: %s", gpg_strerror(err));
gcry_mpi_release(this->p);
+ gcry_mpi_release(this->g);
free(this);
return NULL;
}
}
else
{ /* fallback to gcrypt internal randomizer, shouldn't ever happen */
- this->xa = gcry_mpi_new(len * 8);
- gcry_mpi_randomize(this->xa, len * 8, GCRY_STRONG_RANDOM);
+ this->xa = gcry_mpi_new(params->exp_len * 8);
+ gcry_mpi_randomize(this->xa, params->exp_len * 8, GCRY_STRONG_RANDOM);
}
- if (len == this->p_len)
+ if (params->exp_len == this->p_len)
{
/* achieve bitsof(p)-1 by setting MSB to 0 */
- gcry_mpi_clear_bit(this->xa, len * 8 - 1);
+ gcry_mpi_clear_bit(this->xa, params->exp_len * 8 - 1);
}
- this->g = gcry_mpi_set_ui(NULL, entry->g);
this->ya = gcry_mpi_new(this->p_len * 8);
this->yb = NULL;
this->zz = NULL;
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
index d12fe11d5..39609c16c 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
@@ -137,7 +137,7 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo)
err = gcry_md_open(&this->hd, gcrypt_alg, 0);
if (err)
{
- DBG1("grcy_md_open(%N) failed: %s",
+ DBG1(DBG_LIB, "grcy_md_open(%N) failed: %s",
hash_algorithm_names, algo, gpg_strerror(err));
free(this);
return NULL;
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 8c9ea893b..039036b2c 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -118,7 +118,7 @@ static void destroy(private_gcrypt_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *gcrypt_plugin_create()
{
private_gcrypt_plugin_t *this;
@@ -126,7 +126,7 @@ plugin_t *plugin_create()
if (!gcry_check_version(GCRYPT_VERSION))
{
- DBG1("libgcrypt version mismatch");
+ DBG1(DBG_LIB, "libgcrypt version mismatch");
return NULL;
}
@@ -190,6 +190,10 @@ plugin_t *plugin_create()
/* diffie hellman groups, using modp */
lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
(dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->add_dh(lib->crypto, MODP_2048_224,
+ (dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->add_dh(lib->crypto, MODP_2048_256,
+ (dh_constructor_t)gcrypt_dh_create);
lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
(dh_constructor_t)gcrypt_dh_create);
lib->crypto->add_dh(lib->crypto, MODP_3072_BIT,
@@ -202,6 +206,8 @@ plugin_t *plugin_create()
(dh_constructor_t)gcrypt_dh_create);
lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
(dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->add_dh(lib->crypto, MODP_1024_160,
+ (dh_constructor_t)gcrypt_dh_create);
lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
(dh_constructor_t)gcrypt_dh_create);
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h
index f2247ed5c..05e5e7014 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h
@@ -39,9 +39,4 @@ struct gcrypt_plugin_t {
plugin_t plugin;
};
-/**
- * Create a gcrypt_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** GCRYPT_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index cd156961e..2cb13c5f3 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -130,14 +130,15 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this,
chunk_free(&em);
if (err)
{
- DBG1("building signature S-expression failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "building signature S-expression failed: %s",
+ gpg_strerror(err));
return FALSE;
}
err = gcry_pk_sign(&out, in, this->key);
gcry_sexp_release(in);
if (err)
{
- DBG1("creating pkcs1 signature failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "creating pkcs1 signature failed: %s", gpg_strerror(err));
return FALSE;
}
*signature = gcrypt_rsa_find_token(out, "s", this->key);
@@ -176,14 +177,14 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this,
chunk_free(&hash);
if (err)
{
- DBG1("building signature S-expression failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "building signature S-expression failed: %s", gpg_strerror(err));
return FALSE;
}
err = gcry_pk_sign(&out, in, this->key);
gcry_sexp_release(in);
if (err)
{
- DBG1("creating pkcs1 signature failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "creating pkcs1 signature failed: %s", gpg_strerror(err));
return FALSE;
}
*signature = gcrypt_rsa_find_token(out, "s", this->key);
@@ -222,7 +223,7 @@ static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t sche
case SIGN_RSA_EMSA_PKCS1_MD5:
return sign_pkcs1(this, HASH_MD5, "md5", data, sig);
default:
- DBG1("signature scheme %N not supported in RSA",
+ DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
return FALSE;
}
@@ -243,14 +244,15 @@ static bool decrypt(private_gcrypt_rsa_private_key_t *this,
encrypted.len, encrypted.ptr);
if (err)
{
- DBG1("building decryption S-expression failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "building decryption S-expression failed: %s",
+ gpg_strerror(err));
return FALSE;
}
err = gcry_pk_decrypt(&out, in, this->key);
gcry_sexp_release(in);
if (err)
{
- DBG1("decrypting pkcs1 data failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "decrypting pkcs1 data failed: %s", gpg_strerror(err));
return FALSE;
}
padded.ptr = (u_char*)gcry_sexp_nth_data(out, 1, &padded.len);
@@ -269,7 +271,7 @@ static bool decrypt(private_gcrypt_rsa_private_key_t *this,
gcry_sexp_release(out);
if (!pos)
{
- DBG1("decrypted data has invalid pkcs1 padding");
+ DBG1(DBG_LIB, "decrypted data has invalid pkcs1 padding");
return FALSE;
}
return TRUE;
@@ -329,7 +331,7 @@ static bool get_encoding(private_gcrypt_rsa_private_key_t *this,
chunk_clear(&cp);
chunk_clear(&cq);
chunk_clear(&cd);
- DBG1("scanning mpi for export failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "scanning mpi for export failed: %s", gpg_strerror(err));
return FALSE;
}
@@ -340,7 +342,7 @@ static bool get_encoding(private_gcrypt_rsa_private_key_t *this,
gcry_mpi_sub_ui(q, q, 1);
exp2 = gcry_mpi_new(gcry_pk_get_nbits(this->key));
- gcry_mpi_mod(exp1, d, q);
+ gcry_mpi_mod(exp2, d, q);
gcry_mpi_release(q);
err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp1.ptr, &cexp1.len, exp1)
@@ -352,7 +354,7 @@ static bool get_encoding(private_gcrypt_rsa_private_key_t *this,
if (err)
{
- DBG1("printing mpi for export failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "printing mpi for export failed: %s", gpg_strerror(err));
chunk_clear(&cp);
chunk_clear(&cq);
chunk_clear(&cd);
@@ -488,7 +490,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type,
err = gcry_sexp_build(&param, NULL, "(genkey(rsa(nbits %d)))", key_size);
if (err)
{
- DBG1("building S-expression failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "building S-expression failed: %s", gpg_strerror(err));
return NULL;
}
this = gcrypt_rsa_private_key_create_empty();
@@ -497,7 +499,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type,
if (err)
{
free(this);
- DBG1("generating RSA key failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "generating RSA key failed: %s", gpg_strerror(err));
return NULL;
}
return &this->public;
@@ -557,14 +559,14 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type,
p.len, p.ptr, q.len, q.ptr, u.len, u.ptr);
if (err)
{
- DBG1("loading private key failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "loading private key failed: %s", gpg_strerror(err));
free(this);
return NULL;
}
err = gcry_pk_testkey(this->key);
if (err)
{
- DBG1("private key sanity check failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "private key sanity check failed: %s", gpg_strerror(err));
destroy(this);
return NULL;
}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
index e083fac94..5fd15d9a3 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
@@ -83,14 +83,16 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this,
chunk_free(&em);
if (err)
{
- DBG1("building data S-expression failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "building data S-expression failed: %s",
+ gpg_strerror(err));
return FALSE;
}
err = gcry_sexp_build(&sig, NULL, "(sig-val(rsa(s %b)))",
signature.len, signature.ptr);
if (err)
{
- DBG1("building signature S-expression failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "building signature S-expression failed: %s",
+ gpg_strerror(err));
gcry_sexp_release(in);
return FALSE;
}
@@ -99,7 +101,8 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this,
gcry_sexp_release(sig);
if (err)
{
- DBG1("RSA signature verification failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "RSA signature verification failed: %s",
+ gpg_strerror(err));
return FALSE;
}
return TRUE;
@@ -130,7 +133,8 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this,
chunk_free(&hash);
if (err)
{
- DBG1("building data S-expression failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "building data S-expression failed: %s",
+ gpg_strerror(err));
return FALSE;
}
@@ -138,7 +142,8 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this,
signature.len, signature.ptr);
if (err)
{
- DBG1("building signature S-expression failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "building signature S-expression failed: %s",
+ gpg_strerror(err));
gcry_sexp_release(in);
return FALSE;
}
@@ -147,7 +152,8 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this,
gcry_sexp_release(sig);
if (err)
{
- DBG1("RSA signature verification failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "RSA signature verification failed: %s",
+ gpg_strerror(err));
return FALSE;
}
return TRUE;
@@ -184,7 +190,7 @@ static bool verify(private_gcrypt_rsa_public_key_t *this,
case SIGN_RSA_EMSA_PKCS1_SHA512:
return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature);
default:
- DBG1("signature scheme %N not supported in RSA",
+ DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
return FALSE;
}
@@ -205,14 +211,16 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain,
plain.len, plain.ptr);
if (err)
{
- DBG1("building encryption S-expression failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "building encryption S-expression failed: %s",
+ gpg_strerror(err));
return FALSE;
}
err = gcry_pk_encrypt(&out, in, this->key);
gcry_sexp_release(in);
if (err)
{
- DBG1("encrypting data using pkcs1 failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "encrypting data using pkcs1 failed: %s",
+ gpg_strerror(err));
return FALSE;
}
*encrypted = gcrypt_rsa_find_token(out, "a", this->key);
@@ -343,7 +351,7 @@ gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_load(key_type_t type,
n.len, n.ptr, e.len, e.ptr);
if (err)
{
- DBG1("loading public key failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "loading public key failed: %s", gpg_strerror(err));
free(this);
return NULL;
}
diff --git a/src/libstrongswan/plugins/gmp/Makefile.am b/src/libstrongswan/plugins/gmp/Makefile.am
index 1ab358328..cc8ad34db 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.am
+++ b/src/libstrongswan/plugins/gmp/Makefile.am
@@ -3,13 +3,17 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-gmp.la
+else
plugin_LTLIBRARIES = libstrongswan-gmp.la
+endif
-libstrongswan_gmp_la_SOURCES = gmp_plugin.h gmp_plugin.c \
- gmp_diffie_hellman.c gmp_diffie_hellman.h \
- gmp_rsa_private_key.c gmp_rsa_private_key.h \
- gmp_rsa_public_key.c gmp_rsa_public_key.h
+libstrongswan_gmp_la_SOURCES = \
+ gmp_plugin.h gmp_plugin.c \
+ gmp_diffie_hellman.c gmp_diffie_hellman.h \
+ gmp_rsa_private_key.c gmp_rsa_private_key.h \
+ gmp_rsa_public_key.c gmp_rsa_public_key.h
libstrongswan_gmp_la_LDFLAGS = -module -avoid-version
-libstrongswan_gmp_la_LIBADD = -lgmp
-
+libstrongswan_gmp_la_LIBADD = -lgmp
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index 3077ea7e8..5c1a1fcd9 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_gmp_la_DEPENDENCIES =
am_libstrongswan_gmp_la_OBJECTS = gmp_plugin.lo gmp_diffie_hellman.lo \
gmp_rsa_private_key.lo gmp_rsa_public_key.lo
@@ -80,6 +80,8 @@ libstrongswan_gmp_la_OBJECTS = $(am_libstrongswan_gmp_la_OBJECTS)
libstrongswan_gmp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_gmp_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_gmp_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_gmp_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,11 +257,13 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-gmp.la
-libstrongswan_gmp_la_SOURCES = gmp_plugin.h gmp_plugin.c \
- gmp_diffie_hellman.c gmp_diffie_hellman.h \
- gmp_rsa_private_key.c gmp_rsa_private_key.h \
- gmp_rsa_public_key.c gmp_rsa_public_key.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-gmp.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-gmp.la
+libstrongswan_gmp_la_SOURCES = \
+ gmp_plugin.h gmp_plugin.c \
+ gmp_diffie_hellman.c gmp_diffie_hellman.h \
+ gmp_rsa_private_key.c gmp_rsa_private_key.h \
+ gmp_rsa_public_key.c gmp_rsa_public_key.h
libstrongswan_gmp_la_LDFLAGS = -module -avoid-version
libstrongswan_gmp_la_LIBADD = -lgmp
@@ -296,6 +301,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +342,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-gmp.la: $(libstrongswan_gmp_la_OBJECTS) $(libstrongswan_gmp_la_DEPENDENCIES)
- $(libstrongswan_gmp_la_LINK) -rpath $(plugindir) $(libstrongswan_gmp_la_OBJECTS) $(libstrongswan_gmp_la_LIBADD) $(LIBS)
+ $(libstrongswan_gmp_la_LINK) $(am_libstrongswan_gmp_la_rpath) $(libstrongswan_gmp_la_OBJECTS) $(libstrongswan_gmp_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -484,8 +498,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -556,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
index ea7e6fdd2..4ee449890 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
@@ -1,6 +1,7 @@
/*
* Copyright (C) 1998-2002 D. Hugh Redelmeier.
* Copyright (C) 1999, 2000, 2001 Henry Spencer.
+ * Copyright (C) 2010 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -22,309 +23,10 @@
#include <debug.h>
-
-/**
- * Modulus of Group 1 (MODP_768_BIT).
- */
-static u_int8_t group1_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 2 (MODP_1024_BIT).
- */
-static u_int8_t group2_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 5 (MODP_1536_BIT).
- */
-static u_int8_t group5_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-/**
- * Modulus of Group 14 (MODP_2048_BIT).
- */
-static u_int8_t group14_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
- 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
- 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 15 (MODP_3072_BIT).
- */
-static u_int8_t group15_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
- 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
- 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
- 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
- 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
- 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
- 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
- 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
- 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 16 (MODP_4096_BIT).
- */
-static u_int8_t group16_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
- 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
- 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
- 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
- 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
- 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
- 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
- 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
- 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
- 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
- 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
- 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
- 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
- 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 17 (MODP_6144_BIT).
- */
-static u_int8_t group17_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
- 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
- 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
- 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
- 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
- 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
- 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
- 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
- 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
- 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
- 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
- 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
- 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
- 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
- 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
- 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
- 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
- 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
- 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
- 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
- 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
- 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
- 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
- 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
- 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 18 (MODP_8192_BIT).
- */
-static u_int8_t group18_modulus[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
- 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
- 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
- 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
- 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
- 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
- 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
- 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
- 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
- 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
- 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
- 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
- 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
- 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
- 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
- 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
- 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
- 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
- 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
- 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
- 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
- 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
- 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
- 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
- 0xE6,0x94,0xF9,0x1E,0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
- 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,0x73,0xB9,0x31,0xBA,
- 0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,
- 0x25,0x76,0xF6,0x93,0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
- 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,0xE3,0x9D,0x65,0x2D,
- 0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,
- 0x13,0xEB,0x57,0xA8,0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
- 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,0xA2,0xC0,0x87,0xE8,
- 0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,
- 0x6D,0x2A,0x13,0xF8,0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
- 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,0x08,0x46,0x85,0x1D,
- 0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,
- 0xFA,0xF3,0x6B,0xC3,0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
- 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B,
- 0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,
- 0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
- 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-};
-
-typedef struct modulus_entry_t modulus_entry_t;
-
-/**
- * Entry of the modulus list.
- */
-struct modulus_entry_t {
- /**
- * Group number as it is defined in file transform_substructure.h.
- */
- diffie_hellman_group_t group;
-
- /**
- * Pointer to first byte of modulus (network order).
- */
- u_int8_t *modulus;
-
- /*
- * Length of modulus in bytes.
- */
- size_t modulus_len;
-
- /*
- * Optimum length of exponent in bytes.
- */
- size_t opt_exponent_len;
-
- /*
- * Generator value.
- */
- u_int16_t generator;
-};
-
-/**
- * All supported modulus values - optimum exponent size according to RFC 3526.
- */
-static modulus_entry_t modulus_entries[] = {
- {MODP_768_BIT, group1_modulus, sizeof(group1_modulus), 32, 2},
- {MODP_1024_BIT, group2_modulus, sizeof(group2_modulus), 32, 2},
- {MODP_1536_BIT, group5_modulus, sizeof(group5_modulus), 32, 2},
- {MODP_2048_BIT, group14_modulus, sizeof(group14_modulus), 48, 2},
- {MODP_3072_BIT, group15_modulus, sizeof(group15_modulus), 48, 2},
- {MODP_4096_BIT, group16_modulus, sizeof(group16_modulus), 64, 2},
- {MODP_6144_BIT, group17_modulus, sizeof(group17_modulus), 64, 2},
- {MODP_8192_BIT, group18_modulus, sizeof(group18_modulus), 64, 2},
-};
+#ifdef HAVE_MPZ_POWM_SEC
+# undef mpz_powm
+# define mpz_powm mpz_powm_sec
+#endif
typedef struct private_gmp_diffie_hellman_t private_gmp_diffie_hellman_t;
@@ -378,11 +80,6 @@ struct private_gmp_diffie_hellman_t {
size_t p_len;
/**
- * Optimal exponent length.
- */
- size_t opt_exponent_len;
-
- /**
* True if shared secret is computed and stored in my_public_value.
*/
bool computed;
@@ -409,10 +106,20 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v
#ifdef EXTENDED_DH_TEST
/* 3. test if y ^ q mod p = 1, where q = (p - 1)/2. */
mpz_t q, one;
+ diffie_hellman_params_t *params;
mpz_init(q);
mpz_init(one);
- mpz_fdiv_q_2exp(q, p_min_1, 1);
+
+ params = diffie_hellman_get_params(this->group);
+ if (!params->subgroup.len)
+ {
+ mpz_fdiv_q_2exp(q, p_min_1, 1);
+ }
+ else
+ {
+ mpz_import(q, params->subgroup.len, 1, 1, 1, 0, params->subgroup.ptr);
+ }
mpz_powm(one, this->yb, q, this->p);
mpz_clear(q);
if (mpz_cmp_ui(one, 1) == 0)
@@ -422,7 +129,8 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v
}
else
{
- DBG1("public DH value verification failed: y ^ q mod p != 1");
+ DBG1(DBG_LIB, "public DH value verification failed:"
+ " y ^ q mod p != 1");
}
mpz_clear(one);
#else
@@ -432,7 +140,8 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v
}
else
{
- DBG1("public DH value verification failed: y < 2 || y > p - 1 ");
+ DBG1(DBG_LIB, "public DH value verification failed:"
+ " y < 2 || y > p - 1 ");
}
mpz_clear(p_min_1);
}
@@ -477,32 +186,6 @@ static diffie_hellman_group_t get_dh_group(private_gmp_diffie_hellman_t *this)
}
/**
- * Lookup the modulus in modulo table
- */
-static status_t set_modulus(private_gmp_diffie_hellman_t *this)
-{
- int i;
- status_t status = NOT_FOUND;
-
- for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++)
- {
- if (modulus_entries[i].group == this->group)
- {
- chunk_t chunk;
- chunk.ptr = modulus_entries[i].modulus;
- chunk.len = modulus_entries[i].modulus_len;
- mpz_import(this->p, chunk.len, 1, 1, 1, 0, chunk.ptr);
- this->p_len = chunk.len;
- this->opt_exponent_len = modulus_entries[i].opt_exponent_len;
- mpz_set_ui(this->g, modulus_entries[i].generator);
- status = SUCCESS;
- break;
- }
- }
- return status;
-}
-
-/**
* Implementation of gmp_diffie_hellman_t.destroy.
*/
static void destroy(private_gmp_diffie_hellman_t *this)
@@ -521,11 +204,18 @@ static void destroy(private_gmp_diffie_hellman_t *this)
*/
gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
{
- private_gmp_diffie_hellman_t *this = malloc_thing(private_gmp_diffie_hellman_t);
+ private_gmp_diffie_hellman_t *this;
+ diffie_hellman_params_t *params;
rng_t *rng;
chunk_t random;
- bool ansi_x9_42;
- size_t exponent_len;
+
+ params = diffie_hellman_get_params(group);
+ if (!params)
+ {
+ return NULL;
+ }
+
+ this = malloc_thing(private_gmp_diffie_hellman_t);
/* public functions */
this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
@@ -544,35 +234,31 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
mpz_init(this->g);
this->computed = FALSE;
+ this->p_len = params->prime.len;
+ mpz_import(this->p, params->prime.len, 1, 1, 1, 0, params->prime.ptr);
+ mpz_import(this->g, params->generator.len, 1, 1, 1, 0, params->generator.ptr);
- /* find a modulus according to group */
- if (set_modulus(this) != SUCCESS)
- {
- destroy(this);
- return NULL;
- }
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (!rng)
{
- DBG1("no RNG found for quality %N", rng_quality_names, RNG_STRONG);
+ DBG1(DBG_LIB, "no RNG found for quality %N", rng_quality_names,
+ RNG_STRONG);
destroy(this);
return NULL;
}
- ansi_x9_42 = lib->settings->get_int(lib->settings,
- "libstrongswan.dh_exponent_ansi_x9_42", TRUE);
- exponent_len = (ansi_x9_42) ? this->p_len : this->opt_exponent_len;
- rng->allocate_bytes(rng, exponent_len, &random);
+ rng->allocate_bytes(rng, params->exp_len, &random);
rng->destroy(rng);
- if (ansi_x9_42)
+ if (params->exp_len == this->p_len)
{
/* achieve bitsof(p)-1 by setting MSB to 0 */
*random.ptr &= 0x7F;
}
mpz_import(this->xa, random.len, 1, 1, 1, 0, random.ptr);
chunk_free(&random);
- DBG2("size of DH secret exponent: %u bits", mpz_sizeinbase(this->xa, 2));
+ DBG2(DBG_LIB, "size of DH secret exponent: %u bits",
+ mpz_sizeinbase(this->xa, 2));
mpz_powm(this->ya, this->g, this->xa, this->p);
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index b70ff881c..fbce9732f 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -52,7 +52,7 @@ static void destroy(private_gmp_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *gmp_plugin_create()
{
private_gmp_plugin_t *this = malloc_thing(private_gmp_plugin_t);
@@ -60,6 +60,10 @@ plugin_t *plugin_create()
lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_2048_224,
+ (dh_constructor_t)gmp_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_2048_256,
+ (dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_3072_BIT,
@@ -72,6 +76,8 @@ plugin_t *plugin_create()
(dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_1024_160,
+ (dh_constructor_t)gmp_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.h b/src/libstrongswan/plugins/gmp/gmp_plugin.h
index 77d53965d..e4a87c8e2 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.h
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.h
@@ -39,9 +39,4 @@ struct gmp_plugin_t {
plugin_t plugin;
};
-/**
- * Create a gmp_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** GMP_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index 1829bd459..f70b0b545 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -27,6 +27,11 @@
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
+#ifdef HAVE_MPZ_POWM_SEC
+# undef mpz_powm
+# define mpz_powm mpz_powm_sec
+#endif
+
/**
* Public exponent to use for key generation.
*/
@@ -136,7 +141,8 @@ static status_t compute_prime(private_gmp_rsa_private_key_t *this,
rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
if (!rng)
{
- DBG1("no RNG of quality %N found", rng_quality_names, RNG_TRUE);
+ DBG1(DBG_LIB, "no RNG of quality %N found", rng_quality_names,
+ RNG_TRUE);
return FAILED;
}
@@ -144,8 +150,8 @@ static status_t compute_prime(private_gmp_rsa_private_key_t *this,
do
{
rng->allocate_bytes(rng, prime_size, &random_bytes);
- /* make sure most significant bit is set */
- random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80;
+ /* make sure the two most significant bits are set */
+ random_bytes.ptr[0] = random_bytes.ptr[0] | 0xC0;
mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
mpz_nextprime (*prime, *prime);
@@ -243,7 +249,8 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
if (data.len > this->k - 3)
{
free(digestInfo.ptr);
- DBG1("unable to sign %d bytes using a %dbit key", data.len, this->k * 8);
+ DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len,
+ this->k * 8);
return FALSE;
}
@@ -304,7 +311,7 @@ static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
case SIGN_RSA_EMSA_PKCS1_MD5:
return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
default:
- DBG1("signature scheme %N not supported in RSA",
+ DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
return FALSE;
}
@@ -327,7 +334,7 @@ static bool decrypt(private_gmp_rsa_private_key_t *this, chunk_t crypto,
/* check for hex pattern 00 02 in decrypted message */
if ((*stripped.ptr++ != 0x00) || (*(stripped.ptr++) != 0x02))
{
- DBG1("incorrect padding - probably wrong rsa key");
+ DBG1(DBG_LIB, "incorrect padding - probably wrong rsa key");
goto end;
}
stripped.len -= 2;
@@ -337,7 +344,7 @@ static bool decrypt(private_gmp_rsa_private_key_t *this, chunk_t crypto,
if (stripped.len == 0)
{
- DBG1("no plaintext data");
+ DBG1(DBG_LIB, "no plaintext data");
goto end;
}
@@ -494,14 +501,14 @@ static status_t check(private_gmp_rsa_private_key_t *this)
*/
if (this->k < 512 / BITS_PER_BYTE)
{
- DBG1("key shorter than 512 bits");
+ DBG1(DBG_LIB, "key shorter than 512 bits");
return FAILED;
}
/* we picked a max modulus size to simplify buffer allocation */
if (this->k > 8192 / BITS_PER_BYTE)
{
- DBG1("key larger than 8192 bits");
+ DBG1(DBG_LIB, "key larger than 8192 bits");
return FAILED;
}
@@ -575,7 +582,7 @@ static status_t check(private_gmp_rsa_private_key_t *this)
mpz_clear_sensitive(q1);
if (status != SUCCESS)
{
- DBG1("key integrity tests failed");
+ DBG1(DBG_LIB, "key integrity tests failed");
}
return status;
}
@@ -664,7 +671,7 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
mpz_mul(n, p, q); /* n = p*q */
mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */
- mpz_init_set(m, p); /* m = p */
+ mpz_init_set(m, p); /* m = p */
mpz_sub_ui(m, m, 1); /* m = m -1 */
mpz_init_set(q1, q); /* q1 = q */
mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index 5fea69131..98dbb1922 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -28,6 +28,11 @@
#include <asn1/asn1_parser.h>
#include <crypto/hashers/hasher.h>
+#ifdef HAVE_MPZ_POWM_SEC
+# undef mpz_powm
+# define mpz_powm mpz_powm_sec
+#endif
+
typedef struct private_gmp_rsa_public_key_t private_gmp_rsa_public_key_t;
/**
@@ -178,8 +183,8 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
{ /* IKEv1 signatures without digestInfo */
if (em.len != data.len)
{
- DBG1("hash size in signature is %u bytes instead of %u bytes",
- em.len, data.len);
+ DBG1(DBG_LIB, "hash size in signature is %u bytes instead of"
+ " %u bytes", em.len, data.len);
goto end;
}
success = memeq(em.ptr, data.ptr, data.len);
@@ -191,7 +196,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
int objectID;
hash_algorithm_t hash_algorithm = HASH_UNKNOWN;
- DBG2("signature verification:");
+ DBG2(DBG_LIB, "signature verification:");
parser = asn1_parser_create(digestInfoObjects, em);
while (parser->iterate(parser, &objectID, &object))
@@ -202,7 +207,8 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
{
if (em.len > object.len)
{
- DBG1("digestInfo field in signature is followed by %u surplus bytes",
+ DBG1(DBG_LIB, "digestInfo field in signature is"
+ " followed by %u surplus bytes",
em.len - object.len);
goto end_parser;
}
@@ -216,8 +222,8 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
hash_algorithm = hasher_algorithm_from_oid(hash_oid);
if (hash_algorithm == HASH_UNKNOWN || hash_algorithm != algorithm)
{
- DBG1("expected hash algorithm %N, but found %N (OID: %#B)",
- hash_algorithm_names, algorithm,
+ DBG1(DBG_LIB, "expected hash algorithm %N, but found"
+ " %N (OID: %#B)", hash_algorithm_names, algorithm,
hash_algorithm_names, hash_algorithm, &object);
goto end_parser;
}
@@ -231,15 +237,16 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
if (hasher == NULL)
{
- DBG1("hash algorithm %N not supported",
+ DBG1(DBG_LIB, "hash algorithm %N not supported",
hash_algorithm_names, hash_algorithm);
goto end_parser;
}
if (object.len != hasher->get_hash_size(hasher))
{
- DBG1("hash size in signature is %u bytes instead of %u "
- "bytes", object.len, hasher->get_hash_size(hasher));
+ DBG1(DBG_LIB, "hash size in signature is %u bytes"
+ " instead of %u bytes", object.len,
+ hasher->get_hash_size(hasher));
hasher->destroy(hasher);
goto end_parser;
}
@@ -297,7 +304,7 @@ static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme
case SIGN_RSA_EMSA_PKCS1_SHA512:
return verify_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
default:
- DBG1("signature scheme %N not supported in RSA",
+ DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
return FALSE;
}
@@ -319,7 +326,7 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
if (rng == NULL)
{
- DBG1("no random generator available");
+ DBG1(DBG_LIB, "no random generator available");
return FALSE;
}
@@ -327,13 +334,14 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
padding = this->k - plain.len - 3;
if (padding < MIN_PS_PADDING)
{
- DBG1("pseudo-random padding must be at least %d octets", MIN_PS_PADDING);
+ DBG1(DBG_LIB, "pseudo-random padding must be at least %d octets",
+ MIN_PS_PADDING);
return FALSE;
}
/* padding according to PKCS#1 7.2.1 (RSAES-PKCS1-v1.5-ENCRYPT) */
- DBG2("padding %u bytes of data to the rsa modulus size of %u bytes",
- plain.len, this->k);
+ DBG2(DBG_LIB, "padding %u bytes of data to the rsa modulus size of"
+ " %u bytes", plain.len, this->k);
em.len = this->k;
em.ptr = malloc(em.len);
pos = em.ptr;
@@ -359,11 +367,11 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
/* now add the data */
memcpy(pos, plain.ptr, plain.len);
- DBG3("padded data before rsa encryption: %B", &em);
+ DBG3(DBG_LIB, "padded data before rsa encryption: %B", &em);
/* rsa encryption using PKCS#1 RSAEP */
*crypto = rsaep(this, em);
- DBG3("rsa encrypted data: %B", crypto);
+ DBG3(DBG_LIB, "rsa encrypted data: %B", crypto);
chunk_clear(&em);
return TRUE;
}
diff --git a/src/libstrongswan/plugins/hmac/Makefile.am b/src/libstrongswan/plugins/hmac/Makefile.am
index 1856cad2d..77aa0ffd1 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.am
+++ b/src/libstrongswan/plugins/hmac/Makefile.am
@@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-hmac.la
+else
plugin_LTLIBRARIES = libstrongswan-hmac.la
+endif
-libstrongswan_hmac_la_SOURCES = hmac_plugin.h hmac_plugin.c hmac.h hmac.c \
+libstrongswan_hmac_la_SOURCES = \
+ hmac_plugin.h hmac_plugin.c hmac.h hmac.c \
hmac_prf.h hmac_prf.c hmac_signer.h hmac_signer.c
-libstrongswan_hmac_la_LDFLAGS = -module -avoid-version
+libstrongswan_hmac_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index 7dc8269a4..c965f7392 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_hmac_la_LIBADD =
am_libstrongswan_hmac_la_OBJECTS = hmac_plugin.lo hmac.lo hmac_prf.lo \
hmac_signer.lo
@@ -80,6 +80,8 @@ libstrongswan_hmac_la_OBJECTS = $(am_libstrongswan_hmac_la_OBJECTS)
libstrongswan_hmac_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_hmac_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_hmac_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_hmac_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,8 +257,10 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-hmac.la
-libstrongswan_hmac_la_SOURCES = hmac_plugin.h hmac_plugin.c hmac.h hmac.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-hmac.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-hmac.la
+libstrongswan_hmac_la_SOURCES = \
+ hmac_plugin.h hmac_plugin.c hmac.h hmac.c \
hmac_prf.h hmac_prf.c hmac_signer.h hmac_signer.c
libstrongswan_hmac_la_LDFLAGS = -module -avoid-version
@@ -293,6 +298,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -325,7 +339,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-hmac.la: $(libstrongswan_hmac_la_OBJECTS) $(libstrongswan_hmac_la_DEPENDENCIES)
- $(libstrongswan_hmac_la_LINK) -rpath $(plugindir) $(libstrongswan_hmac_la_OBJECTS) $(libstrongswan_hmac_la_LIBADD) $(LIBS)
+ $(libstrongswan_hmac_la_LINK) $(am_libstrongswan_hmac_la_rpath) $(libstrongswan_hmac_la_OBJECTS) $(libstrongswan_hmac_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -481,8 +495,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -553,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c
index 94332ee36..e6b9f7a74 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.c
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c
@@ -47,7 +47,7 @@ static void destroy(private_hmac_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *hmac_plugin_create()
{
private_hmac_plugin_t *this = malloc_thing(private_hmac_plugin_t);
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.h b/src/libstrongswan/plugins/hmac/hmac_plugin.h
index 5c3afa7d6..03d1d1cf9 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.h
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.h
@@ -39,9 +39,4 @@ struct hmac_plugin_t {
plugin_t plugin;
};
-/**
- * Create a hmac_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** HMAC_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/ldap/Makefile.am b/src/libstrongswan/plugins/ldap/Makefile.am
index 6ad073d97..2b2f7d31d 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.am
+++ b/src/libstrongswan/plugins/ldap/Makefile.am
@@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-ldap.la
+else
plugin_LTLIBRARIES = libstrongswan-ldap.la
+endif
+
+libstrongswan_ldap_la_SOURCES = \
+ ldap_plugin.h ldap_plugin.c ldap_fetcher.h ldap_fetcher.c
-libstrongswan_ldap_la_SOURCES = ldap_plugin.h ldap_plugin.c ldap_fetcher.h ldap_fetcher.c
libstrongswan_ldap_la_LDFLAGS = -module -avoid-version
libstrongswan_ldap_la_LIBADD = -lldap -llber
-
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index d9ebb0147..3b69f082f 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_ldap_la_DEPENDENCIES =
am_libstrongswan_ldap_la_OBJECTS = ldap_plugin.lo ldap_fetcher.lo
libstrongswan_ldap_la_OBJECTS = $(am_libstrongswan_ldap_la_OBJECTS)
libstrongswan_ldap_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_ldap_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_ldap_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_ldap_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-ldap.la
-libstrongswan_ldap_la_SOURCES = ldap_plugin.h ldap_plugin.c ldap_fetcher.h ldap_fetcher.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ldap.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ldap.la
+libstrongswan_ldap_la_SOURCES = \
+ ldap_plugin.h ldap_plugin.c ldap_fetcher.h ldap_fetcher.c
+
libstrongswan_ldap_la_LDFLAGS = -module -avoid-version
libstrongswan_ldap_la_LIBADD = -lldap -llber
all: all-am
@@ -291,6 +297,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -323,7 +338,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-ldap.la: $(libstrongswan_ldap_la_OBJECTS) $(libstrongswan_ldap_la_DEPENDENCIES)
- $(libstrongswan_ldap_la_LINK) -rpath $(plugindir) $(libstrongswan_ldap_la_OBJECTS) $(libstrongswan_ldap_la_LIBADD) $(LIBS)
+ $(libstrongswan_ldap_la_LINK) $(am_libstrongswan_ldap_la_rpath) $(libstrongswan_ldap_la_OBJECTS) $(libstrongswan_ldap_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -477,8 +492,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -549,18 +564,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
index ce5b7d56b..59e655cd5 100644
--- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c
+++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
@@ -73,27 +73,27 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response)
}
else
{
- DBG1("LDAP response contains no values");
+ DBG1(DBG_LIB, "LDAP response contains no values");
}
ldap_value_free_len(values);
}
else
{
- DBG1("getting LDAP values failed: %s",
+ DBG1(DBG_LIB, "getting LDAP values failed: %s",
ldap_err2string(ldap_result2error(ldap, entry, 0)));
}
ldap_memfree(attr);
}
else
{
- DBG1("finding LDAP attributes failed: %s",
+ DBG1(DBG_LIB, "finding LDAP attributes failed: %s",
ldap_err2string(ldap_result2error(ldap, entry, 0)));
}
ber_free(ber, 0);
}
else
{
- DBG1("finding first LDAP entry failed: %s",
+ DBG1(DBG_LIB, "finding first LDAP entry failed: %s",
ldap_err2string(ldap_result2error(ldap, entry, 0)));
}
return success;
@@ -122,7 +122,7 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url,
ldap = ldap_init(lurl->lud_host, lurl->lud_port);
if (ldap == NULL)
{
- DBG1("LDAP initialization failed: %s", strerror(errno));
+ DBG1(DBG_LIB, "LDAP initialization failed: %s", strerror(errno));
ldap_free_urldesc(lurl);
return FAILED;
}
@@ -133,7 +133,7 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url,
ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldap_version);
ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, &timeout);
- DBG2("sending LDAP request to '%s'...", url);
+ DBG2(DBG_LIB, "sending LDAP request to '%s'...", url);
res = ldap_simple_bind_s(ldap, NULL, NULL);
if (res == LDAP_SUCCESS)
@@ -152,12 +152,13 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url,
}
else
{
- DBG1("LDAP search failed: %s", ldap_err2string(res));
+ DBG1(DBG_LIB, "LDAP search failed: %s", ldap_err2string(res));
}
}
else
{
- DBG1("LDAP bind to '%s' failed: %s", url, ldap_err2string(res));
+ DBG1(DBG_LIB, "LDAP bind to '%s' failed: %s", url,
+ ldap_err2string(res));
}
ldap_unbind_s(ldap);
ldap_free_urldesc(lurl);
diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c
index a31308bbf..372ac9f93 100644
--- a/src/libstrongswan/plugins/ldap/ldap_plugin.c
+++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_ldap_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *ldap_plugin_create()
{
private_ldap_plugin_t *this = malloc_thing(private_ldap_plugin_t);
diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.h b/src/libstrongswan/plugins/ldap/ldap_plugin.h
index de4ff3422..e4fcebaa3 100644
--- a/src/libstrongswan/plugins/ldap/ldap_plugin.h
+++ b/src/libstrongswan/plugins/ldap/ldap_plugin.h
@@ -39,9 +39,4 @@ struct ldap_plugin_t {
plugin_t plugin;
};
-/**
- * Create a ldap_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** LDAP_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/md4/Makefile.am b/src/libstrongswan/plugins/md4/Makefile.am
index a47da2e8e..904af70c0 100644
--- a/src/libstrongswan/plugins/md4/Makefile.am
+++ b/src/libstrongswan/plugins/md4/Makefile.am
@@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-md4.la
+else
plugin_LTLIBRARIES = libstrongswan-md4.la
+endif
-libstrongswan_md4_la_SOURCES = md4_plugin.h md4_plugin.c md4_hasher.c md4_hasher.h
-libstrongswan_md4_la_LDFLAGS = -module -avoid-version
+libstrongswan_md4_la_SOURCES = \
+ md4_plugin.h md4_plugin.c md4_hasher.c md4_hasher.h
+libstrongswan_md4_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 6014ddcf8..cb3307bbc 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_md4_la_LIBADD =
am_libstrongswan_md4_la_OBJECTS = md4_plugin.lo md4_hasher.lo
libstrongswan_md4_la_OBJECTS = $(am_libstrongswan_md4_la_OBJECTS)
libstrongswan_md4_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_md4_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_md4_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_md4_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-md4.la
-libstrongswan_md4_la_SOURCES = md4_plugin.h md4_plugin.c md4_hasher.c md4_hasher.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-md4.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-md4.la
+libstrongswan_md4_la_SOURCES = \
+ md4_plugin.h md4_plugin.c md4_hasher.c md4_hasher.h
+
libstrongswan_md4_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -290,6 +296,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-md4.la: $(libstrongswan_md4_la_OBJECTS) $(libstrongswan_md4_la_DEPENDENCIES)
- $(libstrongswan_md4_la_LINK) -rpath $(plugindir) $(libstrongswan_md4_la_OBJECTS) $(libstrongswan_md4_la_LIBADD) $(LIBS)
+ $(libstrongswan_md4_la_LINK) $(am_libstrongswan_md4_la_rpath) $(libstrongswan_md4_la_OBJECTS) $(libstrongswan_md4_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -476,8 +491,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c
index ba4041d2d..38ae0d4bc 100644
--- a/src/libstrongswan/plugins/md4/md4_plugin.c
+++ b/src/libstrongswan/plugins/md4/md4_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_md4_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *md4_plugin_create()
{
private_md4_plugin_t *this = malloc_thing(private_md4_plugin_t);
diff --git a/src/libstrongswan/plugins/md4/md4_plugin.h b/src/libstrongswan/plugins/md4/md4_plugin.h
index b13002d7b..9fde665e6 100644
--- a/src/libstrongswan/plugins/md4/md4_plugin.h
+++ b/src/libstrongswan/plugins/md4/md4_plugin.h
@@ -39,9 +39,4 @@ struct md4_plugin_t {
plugin_t plugin;
};
-/**
- * Create a md4_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** MD4_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/md5/Makefile.am b/src/libstrongswan/plugins/md5/Makefile.am
index ce0611c13..b2eb2abd2 100644
--- a/src/libstrongswan/plugins/md5/Makefile.am
+++ b/src/libstrongswan/plugins/md5/Makefile.am
@@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-md5.la
+else
plugin_LTLIBRARIES = libstrongswan-md5.la
+endif
-libstrongswan_md5_la_SOURCES = md5_plugin.h md5_plugin.c md5_hasher.c md5_hasher.h
-libstrongswan_md5_la_LDFLAGS = -module -avoid-version
+libstrongswan_md5_la_SOURCES = \
+ md5_plugin.h md5_plugin.c md5_hasher.c md5_hasher.h
+libstrongswan_md5_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index fcb921316..8948ddcc5 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_md5_la_LIBADD =
am_libstrongswan_md5_la_OBJECTS = md5_plugin.lo md5_hasher.lo
libstrongswan_md5_la_OBJECTS = $(am_libstrongswan_md5_la_OBJECTS)
libstrongswan_md5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_md5_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_md5_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_md5_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-md5.la
-libstrongswan_md5_la_SOURCES = md5_plugin.h md5_plugin.c md5_hasher.c md5_hasher.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-md5.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-md5.la
+libstrongswan_md5_la_SOURCES = \
+ md5_plugin.h md5_plugin.c md5_hasher.c md5_hasher.h
+
libstrongswan_md5_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -290,6 +296,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-md5.la: $(libstrongswan_md5_la_OBJECTS) $(libstrongswan_md5_la_DEPENDENCIES)
- $(libstrongswan_md5_la_LINK) -rpath $(plugindir) $(libstrongswan_md5_la_OBJECTS) $(libstrongswan_md5_la_LIBADD) $(LIBS)
+ $(libstrongswan_md5_la_LINK) $(am_libstrongswan_md5_la_rpath) $(libstrongswan_md5_la_OBJECTS) $(libstrongswan_md5_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -476,8 +491,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c
index 7592c20df..cfbf6acea 100644
--- a/src/libstrongswan/plugins/md5/md5_plugin.c
+++ b/src/libstrongswan/plugins/md5/md5_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_md5_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *md5_plugin_create()
{
private_md5_plugin_t *this = malloc_thing(private_md5_plugin_t);
diff --git a/src/libstrongswan/plugins/md5/md5_plugin.h b/src/libstrongswan/plugins/md5/md5_plugin.h
index 057689ad3..c4ca619dc 100644
--- a/src/libstrongswan/plugins/md5/md5_plugin.h
+++ b/src/libstrongswan/plugins/md5/md5_plugin.h
@@ -39,9 +39,4 @@ struct md5_plugin_t {
plugin_t plugin;
};
-/**
- * Create a md5_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** MD5_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/mysql/Makefile.am b/src/libstrongswan/plugins/mysql/Makefile.am
index c64481fd5..801a7a7be 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.am
+++ b/src/libstrongswan/plugins/mysql/Makefile.am
@@ -3,10 +3,16 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic $(MYSQLCFLAG)
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-mysql.la
+else
plugin_LTLIBRARIES = libstrongswan-mysql.la
+endif
-libstrongswan_mysql_la_SOURCES = mysql_plugin.h mysql_plugin.c \
+libstrongswan_mysql_la_SOURCES = \
+ mysql_plugin.h mysql_plugin.c \
mysql_database.h mysql_database.c
+
libstrongswan_mysql_la_LDFLAGS = -module -avoid-version
-libstrongswan_mysql_la_LIBADD = $(MYSQLLIB)
+libstrongswan_mysql_la_LIBADD = $(MYSQLLIB)
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index dc56940d2..1a97c620e 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
am__DEPENDENCIES_1 =
libstrongswan_mysql_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
am_libstrongswan_mysql_la_OBJECTS = mysql_plugin.lo mysql_database.lo
@@ -80,6 +80,9 @@ libstrongswan_mysql_la_OBJECTS = $(am_libstrongswan_mysql_la_OBJECTS)
libstrongswan_mysql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_mysql_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_mysql_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_mysql_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,8 +258,10 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic $(MYSQLCFLAG)
-plugin_LTLIBRARIES = libstrongswan-mysql.la
-libstrongswan_mysql_la_SOURCES = mysql_plugin.h mysql_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-mysql.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-mysql.la
+libstrongswan_mysql_la_SOURCES = \
+ mysql_plugin.h mysql_plugin.c \
mysql_database.h mysql_database.c
libstrongswan_mysql_la_LDFLAGS = -module -avoid-version
@@ -294,6 +300,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -326,7 +341,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-mysql.la: $(libstrongswan_mysql_la_OBJECTS) $(libstrongswan_mysql_la_DEPENDENCIES)
- $(libstrongswan_mysql_la_LINK) -rpath $(plugindir) $(libstrongswan_mysql_la_OBJECTS) $(libstrongswan_mysql_la_LIBADD) $(LIBS)
+ $(libstrongswan_mysql_la_LINK) $(am_libstrongswan_mysql_la_rpath) $(libstrongswan_mysql_la_OBJECTS) $(libstrongswan_mysql_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -480,8 +495,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -552,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c
index 2338428f2..8005b9149 100644
--- a/src/libstrongswan/plugins/mysql/mysql_database.c
+++ b/src/libstrongswan/plugins/mysql/mysql_database.c
@@ -203,7 +203,7 @@ static conn_t *conn_get(private_mysql_database_t *this)
this->password, this->database, this->port,
NULL, 0))
{
- DBG1("connecting to mysql://%s:***@%s:%d/%s failed: %s",
+ DBG1(DBG_LIB, "connecting to mysql://%s:***@%s:%d/%s failed: %s",
this->username, this->host, this->port, this->database,
mysql_error(found->mysql));
conn_destroy(found);
@@ -213,7 +213,7 @@ static conn_t *conn_get(private_mysql_database_t *this)
{
this->mutex->lock(this->mutex);
this->pool->insert_last(this->pool, found);
- DBG2("increased MySQL connection pool size to %d",
+ DBG2(DBG_LIB, "increased MySQL connection pool size to %d",
this->pool->get_count(this->pool));
this->mutex->unlock(this->mutex);
}
@@ -232,12 +232,14 @@ static MYSQL_STMT* run(MYSQL *mysql, char *sql, va_list *args)
stmt = mysql_stmt_init(mysql);
if (stmt == NULL)
{
- DBG1("creating MySQL statement failed: %s", mysql_error(mysql));
+ DBG1(DBG_LIB, "creating MySQL statement failed: %s",
+ mysql_error(mysql));
return NULL;
}
if (mysql_stmt_prepare(stmt, sql, strlen(sql)))
{
- DBG1("preparing MySQL statement failed: %s", mysql_stmt_error(stmt));
+ DBG1(DBG_LIB, "preparing MySQL statement failed: %s",
+ mysql_stmt_error(stmt));
mysql_stmt_close(stmt);
return NULL;
}
@@ -303,21 +305,23 @@ static MYSQL_STMT* run(MYSQL *mysql, char *sql, va_list *args)
break;
}
default:
- DBG1("invalid data type supplied");
+ DBG1(DBG_LIB, "invalid data type supplied");
mysql_stmt_close(stmt);
return NULL;
}
}
if (mysql_stmt_bind_param(stmt, bind))
{
- DBG1("binding MySQL param failed: %s", mysql_stmt_error(stmt));
+ DBG1(DBG_LIB, "binding MySQL param failed: %s",
+ mysql_stmt_error(stmt));
mysql_stmt_close(stmt);
return NULL;
}
}
if (mysql_stmt_execute(stmt))
{
- DBG1("executing MySQL statement failed: %s", mysql_stmt_error(stmt));
+ DBG1(DBG_LIB, "executing MySQL statement failed: %s",
+ mysql_stmt_error(stmt));
mysql_stmt_close(stmt);
return NULL;
}
@@ -413,7 +417,8 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...)
case MYSQL_NO_DATA:
return FALSE;
default:
- DBG1("fetching MySQL row failed: %s", mysql_stmt_error(this->stmt));
+ DBG1(DBG_LIB, "fetching MySQL row failed: %s",
+ mysql_stmt_error(this->stmt));
return FALSE;
}
@@ -536,7 +541,7 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...)
break;
}
default:
- DBG1("invalid result data type supplied");
+ DBG1(DBG_LIB, "invalid result data type supplied");
mysql_enumerator_destroy(enumerator);
va_end(args);
return NULL;
@@ -544,7 +549,8 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...)
}
if (mysql_stmt_bind_result(stmt, enumerator->bind))
{
- DBG1("binding MySQL result failed: %s", mysql_stmt_error(stmt));
+ DBG1(DBG_LIB, "binding MySQL result failed: %s",
+ mysql_stmt_error(stmt));
mysql_enumerator_destroy(enumerator);
enumerator = NULL;
}
@@ -653,7 +659,7 @@ static bool parse_uri(private_mysql_database_t *this, char *uri)
}
}
}
- DBG1("parsing MySQL database uri '%s' failed", uri);
+ DBG1(DBG_LIB, "parsing MySQL database uri '%s' failed", uri);
return FALSE;
}
diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c
index 0e64bbc3d..a13aa8091 100644
--- a/src/libstrongswan/plugins/mysql/mysql_plugin.c
+++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c
@@ -46,13 +46,13 @@ static void destroy(private_mysql_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *mysql_plugin_create()
{
private_mysql_plugin_t *this;
if (!mysql_database_init())
{
- DBG1("MySQL client library initialization failed");
+ DBG1(DBG_LIB, "MySQL client library initialization failed");
return NULL;
}
diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.h b/src/libstrongswan/plugins/mysql/mysql_plugin.h
index fa53c2b7a..d1f21870c 100644
--- a/src/libstrongswan/plugins/mysql/mysql_plugin.h
+++ b/src/libstrongswan/plugins/mysql/mysql_plugin.h
@@ -39,9 +39,4 @@ struct mysql_plugin_t {
plugin_t plugin;
};
-/**
- * Create a mysql_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** MYSQL_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/Makefile.am b/src/libstrongswan/plugins/openssl/Makefile.am
index 25cc5aa1d..a50799798 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.am
+++ b/src/libstrongswan/plugins/openssl/Makefile.am
@@ -3,12 +3,18 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-openssl.la
+else
plugin_LTLIBRARIES = libstrongswan-openssl.la
+endif
-libstrongswan_openssl_la_SOURCES = openssl_plugin.h openssl_plugin.c \
+libstrongswan_openssl_la_SOURCES = \
+ openssl_plugin.h openssl_plugin.c \
openssl_util.c openssl_util.h \
openssl_crypter.c openssl_crypter.h \
openssl_hasher.c openssl_hasher.h \
+ openssl_sha1_prf.c openssl_sha1_prf.h \
openssl_diffie_hellman.c openssl_diffie_hellman.h \
openssl_rsa_private_key.c openssl_rsa_private_key.h \
openssl_rsa_public_key.c openssl_rsa_public_key.h \
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index aa8ecf06c..a2a931d42 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -72,18 +72,22 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_openssl_la_DEPENDENCIES =
am_libstrongswan_openssl_la_OBJECTS = openssl_plugin.lo \
openssl_util.lo openssl_crypter.lo openssl_hasher.lo \
- openssl_diffie_hellman.lo openssl_rsa_private_key.lo \
- openssl_rsa_public_key.lo openssl_ec_diffie_hellman.lo \
- openssl_ec_private_key.lo openssl_ec_public_key.lo
+ openssl_sha1_prf.lo openssl_diffie_hellman.lo \
+ openssl_rsa_private_key.lo openssl_rsa_public_key.lo \
+ openssl_ec_diffie_hellman.lo openssl_ec_private_key.lo \
+ openssl_ec_public_key.lo
libstrongswan_openssl_la_OBJECTS = \
$(am_libstrongswan_openssl_la_OBJECTS)
libstrongswan_openssl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_openssl_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_openssl_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_openssl_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -222,6 +226,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -258,11 +263,14 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-openssl.la
-libstrongswan_openssl_la_SOURCES = openssl_plugin.h openssl_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-openssl.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-openssl.la
+libstrongswan_openssl_la_SOURCES = \
+ openssl_plugin.h openssl_plugin.c \
openssl_util.c openssl_util.h \
openssl_crypter.c openssl_crypter.h \
openssl_hasher.c openssl_hasher.h \
+ openssl_sha1_prf.c openssl_sha1_prf.h \
openssl_diffie_hellman.c openssl_diffie_hellman.h \
openssl_rsa_private_key.c openssl_rsa_private_key.h \
openssl_rsa_public_key.c openssl_rsa_public_key.h \
@@ -306,6 +314,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -338,7 +355,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-openssl.la: $(libstrongswan_openssl_la_OBJECTS) $(libstrongswan_openssl_la_DEPENDENCIES)
- $(libstrongswan_openssl_la_LINK) -rpath $(plugindir) $(libstrongswan_openssl_la_OBJECTS) $(libstrongswan_openssl_la_LIBADD) $(LIBS)
+ $(libstrongswan_openssl_la_LINK) $(am_libstrongswan_openssl_la_rpath) $(libstrongswan_openssl_la_OBJECTS) $(libstrongswan_openssl_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -355,6 +372,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_plugin.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_rsa_private_key.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_rsa_public_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_sha1_prf.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_util.Plo@am__quote@
.c.o:
@@ -500,8 +518,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -572,18 +590,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index 80a1ee878..9a032c54f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2008-2010 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -20,47 +20,6 @@
#include <debug.h>
-typedef struct modulus_entry_t modulus_entry_t;
-
-/**
- * Entry of the modulus list.
- */
-struct modulus_entry_t {
- /**
- * Group number as it is defined in file transform_substructure.h.
- */
- diffie_hellman_group_t group;
-
- /**
- * Pointer to the function to get the modulus.
- */
- BIGNUM *(*get_prime)(BIGNUM *bn);
-
- /*
- * Optimum length of exponent in bits.
- */
- long opt_exponent_len;
-
- /*
- * Generator value.
- */
- u_int16_t generator;
-};
-
-/**
- * All supported modulus values - optimum exponent size according to RFC 3526.
- */
-static modulus_entry_t modulus_entries[] = {
- {MODP_768_BIT, get_rfc2409_prime_768, 256, 2},
- {MODP_1024_BIT, get_rfc2409_prime_1024, 256, 2},
- {MODP_1536_BIT, get_rfc3526_prime_1536, 256, 2},
- {MODP_2048_BIT, get_rfc3526_prime_2048, 384, 2},
- {MODP_3072_BIT, get_rfc3526_prime_3072, 384, 2},
- {MODP_4096_BIT, get_rfc3526_prime_4096, 512, 2},
- {MODP_6144_BIT, get_rfc3526_prime_6144, 512, 2},
- {MODP_8192_BIT, get_rfc3526_prime_8192, 512, 2},
-};
-
typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t;
/**
@@ -125,7 +84,6 @@ static status_t get_shared_secret(private_openssl_diffie_hellman_t *this,
memset(secret->ptr, 0, secret->len);
memcpy(secret->ptr + secret->len - this->shared_secret.len,
this->shared_secret.ptr, this->shared_secret.len);
-
return SUCCESS;
}
@@ -145,7 +103,7 @@ static void set_other_public_value(private_openssl_diffie_hellman_t *this,
len = DH_compute_key(this->shared_secret.ptr, this->pub_key, this->dh);
if (len < 0)
{
- DBG1("DH shared secret computation failed");
+ DBG1(DBG_LIB, "DH shared secret computation failed");
return;
}
this->shared_secret.len = len;
@@ -165,27 +123,18 @@ static diffie_hellman_group_t get_dh_group(private_openssl_diffie_hellman_t *thi
*/
static status_t set_modulus(private_openssl_diffie_hellman_t *this)
{
- int i;
- bool ansi_x9_42;
-
- ansi_x9_42 = lib->settings->get_bool(lib->settings,
- "libstrongswan.dh_exponent_ansi_x9_42", TRUE);
-
- for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++)
+ diffie_hellman_params_t *params = diffie_hellman_get_params(this->group);
+ if (!params)
{
- if (modulus_entries[i].group == this->group)
- {
- this->dh->p = modulus_entries[i].get_prime(NULL);
- this->dh->g = BN_new();
- BN_set_word(this->dh->g, modulus_entries[i].generator);
- if (!ansi_x9_42)
- {
- this->dh->length = modulus_entries[i].opt_exponent_len;
- }
- return SUCCESS;
- }
+ return NOT_FOUND;
}
- return NOT_FOUND;
+ this->dh->p = BN_bin2bn(params->prime.ptr, params->prime.len, NULL);
+ this->dh->g = BN_bin2bn(params->generator.ptr, params->generator.len, NULL);
+ if (params->exp_len != params->prime.len)
+ {
+ this->dh->length = params->exp_len * 8;
+ }
+ return SUCCESS;
}
/**
@@ -237,7 +186,8 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t g
destroy(this);
return NULL;
}
- DBG2("size of DH secret exponent: %d bits", BN_num_bits(this->dh->priv_key));
+ DBG2(DBG_LIB, "size of DH secret exponent: %d bits",
+ BN_num_bits(this->dh->priv_key));
return &this->public;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index 671fa41e2..faec411cd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -212,14 +212,14 @@ static void set_other_public_value(private_openssl_ec_diffie_hellman_t *this, ch
{
if (!chunk2ecp(this->ec_group, value, this->pub_key))
{
- DBG1("ECDH public value is malformed");
+ DBG1(DBG_LIB, "ECDH public value is malformed");
return;
}
chunk_free(&this->shared_secret);
if (!compute_shared_key(this, &this->shared_secret)) {
- DBG1("ECDH shared secret computation failed");
+ DBG1(DBG_LIB, "ECDH shared secret computation failed");
return;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index 89ced5a9a..bdcfda974 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -84,14 +84,14 @@ static bool build_curve_signature(private_openssl_ec_private_key_t *this,
req_group = EC_GROUP_new_by_curve_name(nid_curve);
if (!req_group)
{
- DBG1("signature scheme %N not supported in EC (required curve "
+ DBG1(DBG_LIB, "signature scheme %N not supported in EC (required curve "
"not supported)", signature_scheme_names, scheme);
return FALSE;
}
my_group = EC_KEY_get0_group(this->ec);
if (EC_GROUP_cmp(my_group, req_group, NULL) != 0)
{
- DBG1("signature scheme %N not supported by private key",
+ DBG1(DBG_LIB, "signature scheme %N not supported by private key",
signature_scheme_names, scheme);
return FALSE;
}
@@ -162,7 +162,7 @@ static bool sign(private_openssl_ec_private_key_t *this,
return build_curve_signature(this, scheme, NID_sha512,
NID_secp521r1, data, signature);
default:
- DBG1("signature scheme %N not supported",
+ DBG1(DBG_LIB, "signature scheme %N not supported",
signature_scheme_names, scheme);
return FALSE;
}
@@ -174,7 +174,7 @@ static bool sign(private_openssl_ec_private_key_t *this,
static bool decrypt(private_openssl_ec_private_key_t *this,
chunk_t crypto, chunk_t *plain)
{
- DBG1("EC private key decryption not implemented");
+ DBG1(DBG_LIB, "EC private key decryption not implemented");
return FALSE;
}
@@ -233,11 +233,24 @@ static bool get_encoding(private_openssl_ec_private_key_t *this,
switch (type)
{
case KEY_PRIV_ASN1_DER:
+ case KEY_PRIV_PEM:
{
+ bool success = TRUE;
+
*encoding = chunk_alloc(i2d_ECPrivateKey(this->ec, NULL));
p = encoding->ptr;
i2d_ECPrivateKey(this->ec, &p);
- return TRUE;
+
+ if (type == KEY_PRIV_PEM)
+ {
+ chunk_t asn1_encoding = *encoding;
+
+ success = lib->encoding->encode(lib->encoding, KEY_PRIV_PEM,
+ NULL, encoding, KEY_PART_ECDSA_PRIV_ASN1_DER,
+ asn1_encoding, KEY_PART_END);
+ chunk_clear(&asn1_encoding);
+ }
+ return success;
}
default:
return FALSE;
@@ -335,13 +348,13 @@ openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type,
this->ec = EC_KEY_new_by_curve_name(NID_secp521r1);
break;
default:
- DBG1("EC private key size %d not supported", key_size);
+ DBG1(DBG_LIB, "EC private key size %d not supported", key_size);
destroy(this);
return NULL;
}
if (EC_KEY_generate_key(this->ec) != 1)
{
- DBG1("EC private key generation failed", key_size);
+ DBG1(DBG_LIB, "EC private key generation failed", key_size);
destroy(this);
return NULL;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index f37c736b1..790a8487d 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -82,14 +82,14 @@ static bool verify_curve_signature(private_openssl_ec_public_key_t *this,
req_group = EC_GROUP_new_by_curve_name(nid_curve);
if (!req_group)
{
- DBG1("signature scheme %N not supported in EC (required curve "
+ DBG1(DBG_LIB, "signature scheme %N not supported in EC (required curve "
"not supported)", signature_scheme_names, scheme);
return FALSE;
}
my_group = EC_KEY_get0_group(this->ec);
if (EC_GROUP_cmp(my_group, req_group, NULL) != 0)
{
- DBG1("signature scheme %N not supported by private key",
+ DBG1(DBG_LIB, "signature scheme %N not supported by private key",
signature_scheme_names, scheme);
return FALSE;
}
@@ -162,7 +162,7 @@ static bool verify(private_openssl_ec_public_key_t *this,
return verify_curve_signature(this, scheme, NID_sha512,
NID_secp521r1, data, signature);
default:
- DBG1("signature scheme %N not supported in EC",
+ DBG1(DBG_LIB, "signature scheme %N not supported in EC",
signature_scheme_names, scheme);
return FALSE;
}
@@ -174,7 +174,7 @@ static bool verify(private_openssl_ec_public_key_t *this,
static bool encrypt_(private_openssl_ec_public_key_t *this,
chunk_t crypto, chunk_t *plain)
{
- DBG1("EC public key encryption not implemented");
+ DBG1(DBG_LIB, "EC public key encryption not implemented");
return FALSE;
}
@@ -217,7 +217,7 @@ bool openssl_ec_fingerprint(EC_KEY *ec, key_encoding_type_t type, chunk_t *fp)
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher)
{
- DBG1("SHA1 hash algorithm not supported, fingerprinting failed");
+ DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed");
free(key.ptr);
return FALSE;
}
@@ -248,11 +248,24 @@ static bool get_encoding(private_openssl_ec_public_key_t *this,
switch (type)
{
case KEY_PUB_SPKI_ASN1_DER:
+ case KEY_PUB_PEM:
{
+ bool success = TRUE;
+
*encoding = chunk_alloc(i2d_EC_PUBKEY(this->ec, NULL));
p = encoding->ptr;
i2d_EC_PUBKEY(this->ec, &p);
- return TRUE;
+
+ if (type == KEY_PUB_PEM)
+ {
+ chunk_t asn1_encoding = *encoding;
+
+ success = lib->encoding->encode(lib->encoding, KEY_PUB_PEM,
+ NULL, encoding, KEY_PART_ECDSA_PUB_ASN1_DER,
+ asn1_encoding, KEY_PART_END);
+ chunk_clear(&asn1_encoding);
+ }
+ return success;
}
default:
return FALSE;
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 548a76bb4..c1545ffb8 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -27,6 +27,7 @@
#include "openssl_util.h"
#include "openssl_crypter.h"
#include "openssl_hasher.h"
+#include "openssl_sha1_prf.h"
#include "openssl_diffie_hellman.h"
#include "openssl_ec_diffie_hellman.h"
#include "openssl_rsa_private_key.h"
@@ -170,6 +171,8 @@ static void destroy(private_openssl_plugin_t *this)
(crypter_constructor_t)openssl_crypter_create);
lib->crypto->remove_hasher(lib->crypto,
(hasher_constructor_t)openssl_hasher_create);
+ lib->crypto->remove_prf(lib->crypto,
+ (prf_constructor_t)openssl_sha1_prf_create);
lib->crypto->remove_dh(lib->crypto,
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->remove_dh(lib->crypto,
@@ -201,7 +204,7 @@ static void destroy(private_openssl_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *openssl_plugin_create()
{
private_openssl_plugin_t *this = malloc_thing(private_openssl_plugin_t);
@@ -256,9 +259,17 @@ plugin_t *plugin_create()
lib->crypto->add_hasher(lib->crypto, HASH_SHA512,
(hasher_constructor_t)openssl_hasher_create);
+ /* prf */
+ lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1,
+ (prf_constructor_t)openssl_sha1_prf_create);
+
/* (ec) diffie hellman */
lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_2048_224,
+ (dh_constructor_t)openssl_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_2048_256,
+ (dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, ECP_256_BIT,
@@ -281,6 +292,8 @@ plugin_t *plugin_create()
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_1024_160,
+ (dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.h b/src/libstrongswan/plugins/openssl/openssl_plugin.h
index 9f422c9d0..0762c37b9 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.h
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.h
@@ -39,9 +39,4 @@ struct openssl_plugin_t {
plugin_t plugin;
};
-/**
- * Create a openssl_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** OPENSSL_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 078f889a6..de751fe89 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -160,7 +160,7 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch
case SIGN_RSA_EMSA_PKCS1_MD5:
return build_emsa_pkcs1_signature(this, NID_md5, data, signature);
default:
- DBG1("signature scheme %N not supported in RSA",
+ DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
return FALSE;
}
@@ -172,7 +172,7 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch
static bool decrypt(private_openssl_rsa_private_key_t *this,
chunk_t crypto, chunk_t *plain)
{
- DBG1("RSA private key decryption not implemented");
+ DBG1(DBG_LIB, "RSA private key decryption not implemented");
return FALSE;
}
@@ -226,11 +226,24 @@ static bool get_encoding(private_openssl_rsa_private_key_t *this,
switch (type)
{
case KEY_PRIV_ASN1_DER:
+ case KEY_PRIV_PEM:
{
+ bool success = TRUE;
+
*encoding = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL));
p = encoding->ptr;
i2d_RSAPrivateKey(this->rsa, &p);
- return TRUE;
+
+ if (type == KEY_PRIV_PEM)
+ {
+ chunk_t asn1_encoding = *encoding;
+
+ success = lib->encoding->encode(lib->encoding, KEY_PRIV_PEM,
+ NULL, encoding, KEY_PART_RSA_PRIV_ASN1_DER,
+ asn1_encoding, KEY_PART_END);
+ chunk_clear(&asn1_encoding);
+ }
+ return success;
}
default:
return FALSE;
@@ -296,6 +309,8 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type,
{
private_openssl_rsa_private_key_t *this;
u_int key_size = 0;
+ RSA *rsa = NULL;
+ BIGNUM *e = NULL;
while (TRUE)
{
@@ -315,10 +330,31 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type,
{
return NULL;
}
+ e = BN_new();
+ if (!e || !BN_set_word(e, PUBLIC_EXPONENT))
+ {
+ goto error;
+ }
+ rsa = RSA_new();
+ if (!rsa || !RSA_generate_key_ex(rsa, key_size, e, NULL))
+ {
+ goto error;
+ }
this = create_empty();
- this->rsa = RSA_generate_key(key_size, PUBLIC_EXPONENT, NULL, NULL);
-
+ this->rsa = rsa;
+ BN_free(e);
return &this->public;
+
+error:
+ if (e)
+ {
+ BN_free(e);
+ }
+ if (rsa)
+ {
+ RSA_free(rsa);
+ }
+ return NULL;
}
/**
@@ -440,22 +476,22 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
}
engine_id = lib->settings->get_str(lib->settings,
- "library.plugins.openssl.engine_id", "pkcs11");
+ "libstrongswan.plugins.openssl.engine_id", "pkcs11");
engine = ENGINE_by_id(engine_id);
if (!engine)
{
- DBG1("engine '%s' is not available", engine_id);
+ DBG1(DBG_LIB, "engine '%s' is not available", engine_id);
return NULL;
}
if (!ENGINE_init(engine))
{
- DBG1("failed to initialize engine '%s'", engine_id);
+ DBG1(DBG_LIB, "failed to initialize engine '%s'", engine_id);
ENGINE_free(engine);
return NULL;
}
if (!ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0))
{
- DBG1("failed to set PIN on engine '%s'", engine_id);
+ DBG1(DBG_LIB, "failed to set PIN on engine '%s'", engine_id);
ENGINE_free(engine);
return NULL;
}
@@ -463,8 +499,8 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
key = ENGINE_load_private_key(engine, keyid, NULL, NULL);
if (!key)
{
- DBG1("failed to load private key with ID '%s' from engine '%s'",
- keyid, engine_id);
+ DBG1(DBG_LIB, "failed to load private key with ID '%s' from "
+ "engine '%s'", keyid, engine_id);
ENGINE_free(engine);
return NULL;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 422262b19..ffa575a97 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -145,7 +145,7 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc
case SIGN_RSA_EMSA_PKCS1_MD5:
return verify_emsa_pkcs1_signature(this, NID_md5, data, signature);
default:
- DBG1("signature scheme %N not supported in RSA",
+ DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
return FALSE;
}
@@ -157,7 +157,7 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc
static bool encrypt_(private_openssl_rsa_public_key_t *this,
chunk_t crypto, chunk_t *plain)
{
- DBG1("RSA public key encryption not implemented");
+ DBG1(DBG_LIB, "RSA public key encryption not implemented");
return FALSE;
}
@@ -200,7 +200,7 @@ bool openssl_rsa_fingerprint(RSA *rsa, key_encoding_type_t type, chunk_t *fp)
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher)
{
- DBG1("SHA1 hash algorithm not supported, fingerprinting failed");
+ DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed");
free(key.ptr);
return FALSE;
}
@@ -231,11 +231,24 @@ static bool get_encoding(private_openssl_rsa_public_key_t *this,
switch (type)
{
case KEY_PUB_SPKI_ASN1_DER:
+ case KEY_PUB_PEM:
{
+ bool success = TRUE;
+
*encoding = chunk_alloc(i2d_RSA_PUBKEY(this->rsa, NULL));
p = encoding->ptr;
i2d_RSA_PUBKEY(this->rsa, &p);
- return TRUE;
+
+ if (type == KEY_PUB_PEM)
+ {
+ chunk_t asn1_encoding = *encoding;
+
+ success = lib->encoding->encode(lib->encoding, KEY_PUB_PEM,
+ NULL, encoding, KEY_PART_RSA_PUB_ASN1_DER,
+ asn1_encoding, KEY_PART_END);
+ chunk_clear(&asn1_encoding);
+ }
+ return success;
}
case KEY_PUB_ASN1_DER:
{
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
new file mode 100644
index 000000000..b65388010
--- /dev/null
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "openssl_sha1_prf.h"
+
+#include <openssl/sha.h>
+
+typedef struct private_openssl_sha1_prf_t private_openssl_sha1_prf_t;
+
+/**
+ * Private data of an openssl_sha1_prf_t object.
+ */
+struct private_openssl_sha1_prf_t {
+
+ /**
+ * Public openssl_sha1_prf_t interface.
+ */
+ openssl_sha1_prf_t public;
+
+ /**
+ * SHA1 context
+ */
+ SHA_CTX ctx;
+};
+
+METHOD(prf_t, get_bytes, void,
+ private_openssl_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes)
+{
+ SHA1_Update(&this->ctx, seed.ptr, seed.len);
+
+ if (bytes)
+ {
+ u_int32_t *hash = (u_int32_t*)bytes;
+
+ hash[0] = htonl(this->ctx.h0);
+ hash[1] = htonl(this->ctx.h1);
+ hash[2] = htonl(this->ctx.h2);
+ hash[3] = htonl(this->ctx.h3);
+ hash[4] = htonl(this->ctx.h4);
+ }
+}
+
+METHOD(prf_t, get_block_size, size_t,
+ private_openssl_sha1_prf_t *this)
+{
+ return HASH_SIZE_SHA1;
+}
+
+METHOD(prf_t, allocate_bytes, void,
+ private_openssl_sha1_prf_t *this, chunk_t seed, chunk_t *chunk)
+{
+ if (chunk)
+ {
+ *chunk = chunk_alloc(HASH_SIZE_SHA1);
+ get_bytes(this, seed, chunk->ptr);
+ }
+ else
+ {
+ get_bytes(this, seed, NULL);
+ }
+}
+
+METHOD(prf_t, get_key_size, size_t,
+ private_openssl_sha1_prf_t *this)
+{
+ return HASH_SIZE_SHA1;
+}
+
+METHOD(prf_t, set_key, void,
+ private_openssl_sha1_prf_t *this, chunk_t key)
+{
+ SHA1_Init(&this->ctx);
+
+ if (key.len >= 4)
+ {
+ this->ctx.h0 ^= untoh32(key.ptr);
+ }
+ if (key.len >= 8)
+ {
+ this->ctx.h1 ^= untoh32(key.ptr + 4);
+ }
+ if (key.len >= 12)
+ {
+ this->ctx.h2 ^= untoh32(key.ptr + 8);
+ }
+ if (key.len >= 16)
+ {
+ this->ctx.h3 ^= untoh32(key.ptr + 12);
+ }
+ if (key.len >= 20)
+ {
+ this->ctx.h4 ^= untoh32(key.ptr + 16);
+ }
+}
+
+METHOD(prf_t, destroy, void,
+ private_openssl_sha1_prf_t *this)
+{
+ free(this);
+}
+
+/**
+ * See header
+ */
+openssl_sha1_prf_t *openssl_sha1_prf_create(pseudo_random_function_t algo)
+{
+ private_openssl_sha1_prf_t *this;
+
+ if (algo != PRF_KEYED_SHA1)
+ {
+ return NULL;
+ }
+
+ INIT(this,
+ .public.prf = {
+ .get_block_size = _get_block_size,
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h
new file mode 100644
index 000000000..9a24e7ee1
--- /dev/null
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup openssl_sha1_prf openssl_sha1_prf
+ * @{ @ingroup sha1_p
+ */
+
+#ifndef OPENSSL_SHA1_PRF_H_
+#define OPENSSL_SHA1_PRF_H_
+
+typedef struct openssl_sha1_prf_t openssl_sha1_prf_t;
+
+#include <crypto/prfs/prf.h>
+
+/**
+ * Implementation of prf_t interface using keyed SHA1 algorithm as used
+ * in EAP-AKA/FIPS_PRF.
+ */
+struct openssl_sha1_prf_t {
+
+ /**
+ * Implements prf_t interface.
+ */
+ prf_t prf;
+};
+
+/**
+ * Creates a new openssl_sha1_prf_t.
+ *
+ * @param algo algorithm, must be PRF_KEYED_SHA1
+ * @return sha1_keyed_prf_tobject
+ */
+openssl_sha1_prf_t *openssl_sha1_prf_create(pseudo_random_function_t algo);
+
+#endif /** OPENSSL_SHA1_PRF_H_ @}*/
diff --git a/src/libstrongswan/plugins/padlock/Makefile.am b/src/libstrongswan/plugins/padlock/Makefile.am
index b2b1f9d85..6706d26cb 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.am
+++ b/src/libstrongswan/plugins/padlock/Makefile.am
@@ -3,11 +3,16 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-padlock.la
+else
plugin_LTLIBRARIES = libstrongswan-padlock.la
+endif
-libstrongswan_padlock_la_SOURCES = padlock_plugin.h padlock_plugin.c \
+libstrongswan_padlock_la_SOURCES = \
+ padlock_plugin.h padlock_plugin.c \
padlock_aes_crypter.c padlock_aes_crypter.h \
padlock_sha1_hasher.c padlock_sha1_hasher.h \
padlock_rng.c padlock_rng.h
-libstrongswan_padlock_la_LDFLAGS = -module -avoid-version
+libstrongswan_padlock_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index 59ea98799..84c2ef2fb 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_padlock_la_LIBADD =
am_libstrongswan_padlock_la_OBJECTS = padlock_plugin.lo \
padlock_aes_crypter.lo padlock_sha1_hasher.lo padlock_rng.lo
@@ -81,6 +81,9 @@ libstrongswan_padlock_la_OBJECTS = \
libstrongswan_padlock_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_padlock_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_padlock_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_padlock_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -255,8 +259,10 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-padlock.la
-libstrongswan_padlock_la_SOURCES = padlock_plugin.h padlock_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-padlock.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-padlock.la
+libstrongswan_padlock_la_SOURCES = \
+ padlock_plugin.h padlock_plugin.c \
padlock_aes_crypter.c padlock_aes_crypter.h \
padlock_sha1_hasher.c padlock_sha1_hasher.h \
padlock_rng.c padlock_rng.h
@@ -296,6 +302,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +343,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-padlock.la: $(libstrongswan_padlock_la_OBJECTS) $(libstrongswan_padlock_la_DEPENDENCIES)
- $(libstrongswan_padlock_la_LINK) -rpath $(plugindir) $(libstrongswan_padlock_la_OBJECTS) $(libstrongswan_padlock_la_LIBADD) $(LIBS)
+ $(libstrongswan_padlock_la_LINK) $(am_libstrongswan_padlock_la_rpath) $(libstrongswan_padlock_la_OBJECTS) $(libstrongswan_padlock_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -484,8 +499,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -556,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c
index 32b18ec4b..c9606ae15 100644
--- a/src/libstrongswan/plugins/padlock/padlock_plugin.c
+++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c
@@ -97,7 +97,7 @@ static padlock_feature_t get_padlock_features()
return d;
}
}
- DBG1("Padlock not found, CPU is %s", vendor);
+ DBG1(DBG_LIB, "Padlock not found, CPU is %s", vendor);
return 0;
}
@@ -131,7 +131,7 @@ static void destroy(private_padlock_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *padlock_plugin_create()
{
private_padlock_plugin_t *this = malloc_thing(private_padlock_plugin_t);
@@ -143,7 +143,7 @@ plugin_t *plugin_create()
free(this);
return NULL;
}
- DBG1("Padlock found, supports:%s%s%s%s%s, enabled:%s%s%s%s%s",
+ DBG1(DBG_LIB, "Padlock found, supports:%s%s%s%s%s, enabled:%s%s%s%s%s",
this->features & PADLOCK_RNG_AVAILABLE ? " RNG" : "",
this->features & PADLOCK_ACE_AVAILABLE ? " ACE" : "",
this->features & PADLOCK_ACE2_AVAILABLE ? " ACE2" : "",
diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.h b/src/libstrongswan/plugins/padlock/padlock_plugin.h
index 76f4d1135..d99d4db0f 100644
--- a/src/libstrongswan/plugins/padlock/padlock_plugin.h
+++ b/src/libstrongswan/plugins/padlock/padlock_plugin.h
@@ -39,9 +39,4 @@ struct padlock_plugin_t {
plugin_t plugin;
};
-/**
- * Create a padlock_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** PADLOCK_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/pem/Makefile.am b/src/libstrongswan/plugins/pem/Makefile.am
index 98f356aaf..b815b1e0b 100644
--- a/src/libstrongswan/plugins/pem/Makefile.am
+++ b/src/libstrongswan/plugins/pem/Makefile.am
@@ -3,10 +3,15 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-pem.la
+else
plugin_LTLIBRARIES = libstrongswan-pem.la
+endif
-libstrongswan_pem_la_SOURCES = pem_plugin.h pem_plugin.c \
- pem_builder.c pem_builder.h
+libstrongswan_pem_la_SOURCES = \
+ pem_plugin.h pem_plugin.c \
+ pem_builder.c pem_builder.h \
+ pem_encoder.c pem_encoder.h
libstrongswan_pem_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index e81b4f78f..4e39c8f7b 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -72,13 +72,16 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_pem_la_LIBADD =
-am_libstrongswan_pem_la_OBJECTS = pem_plugin.lo pem_builder.lo
+am_libstrongswan_pem_la_OBJECTS = pem_plugin.lo pem_builder.lo \
+ pem_encoder.lo
libstrongswan_pem_la_OBJECTS = $(am_libstrongswan_pem_la_OBJECTS)
libstrongswan_pem_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_pem_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_pem_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_pem_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -217,6 +220,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,9 +257,12 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-pem.la
-libstrongswan_pem_la_SOURCES = pem_plugin.h pem_plugin.c \
- pem_builder.c pem_builder.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pem.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pem.la
+libstrongswan_pem_la_SOURCES = \
+ pem_plugin.h pem_plugin.c \
+ pem_builder.c pem_builder.h \
+ pem_encoder.c pem_encoder.h
libstrongswan_pem_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -292,6 +299,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -324,7 +340,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-pem.la: $(libstrongswan_pem_la_OBJECTS) $(libstrongswan_pem_la_DEPENDENCIES)
- $(libstrongswan_pem_la_LINK) -rpath $(plugindir) $(libstrongswan_pem_la_OBJECTS) $(libstrongswan_pem_la_LIBADD) $(LIBS)
+ $(libstrongswan_pem_la_LINK) $(am_libstrongswan_pem_la_rpath) $(libstrongswan_pem_la_OBJECTS) $(libstrongswan_pem_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -333,6 +349,7 @@ distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem_builder.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem_encoder.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem_plugin.Plo@am__quote@
.c.o:
@@ -478,8 +495,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -550,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index 2f285e9bc..65be9501b 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -73,7 +73,7 @@ static bool find_boundary(char* tag, chunk_t *line)
{
if (present("-----", line))
{
- DBG2(" -----%s %.*s-----", tag, (int)name.len, name.ptr);
+ DBG2(DBG_LIB, " -----%s %.*s-----", tag, (int)name.len, name.ptr);
return TRUE;
}
line->ptr++; line->len--; name.len++;
@@ -99,7 +99,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
if (hasher == NULL)
{
- DBG1(" MD5 hash algorithm not available");
+ DBG1(DBG_LIB, " MD5 hash algorithm not available");
return NOT_SUPPORTED;
}
hash.len = hasher->get_hash_size(hasher);
@@ -121,7 +121,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size);
if (crypter == NULL)
{
- DBG1(" %N encryption algorithm not available",
+ DBG1(DBG_LIB, " %N encryption algorithm not available",
encryption_algorithm_names, alg);
return NOT_SUPPORTED;
}
@@ -131,7 +131,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
blob->len % iv.len)
{
crypter->destroy(crypter);
- DBG1(" data size is not multiple of block size");
+ DBG1(DBG_LIB, " data size is not multiple of block size");
return PARSE_ERROR;
}
crypter->decrypt(crypter, *blob, iv, &decrypted);
@@ -155,7 +155,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
{
if (*last_padding_pos != padding)
{
- DBG1(" invalid passphrase");
+ DBG1(DBG_LIB, " invalid passphrase");
return INVALID_ARG;
}
}
@@ -234,7 +234,7 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
}
/* we are looking for a parameter: value pair */
- DBG2(" %.*s", (int)line.len, line.ptr);
+ DBG2(DBG_LIB, " %.*s", (int)line.len, line.ptr);
ugh = extract_parameter_value(&name, &value, &line);
if (ugh != NULL)
{
@@ -274,8 +274,8 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
}
else
{
- DBG1(" encryption algorithm '%.*s' not supported",
- dek.len, dek.ptr);
+ DBG1(DBG_LIB, " encryption algorithm '%.*s'"
+ " not supported", dek.len, dek.ptr);
return NOT_SUPPORTED;
}
eat_whitespace(&value);
@@ -298,7 +298,8 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
*pgp = TRUE;
data.ptr++;
data.len--;
- DBG2(" armor checksum: %.*s", (int)data.len, data.ptr);
+ DBG2(DBG_LIB, " armor checksum: %.*s", (int)data.len,
+ data.ptr);
continue;
}
@@ -318,7 +319,7 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
if (state != PEM_POST)
{
- DBG1(" file coded in unknown format, discarded");
+ DBG1(DBG_LIB, " file coded in unknown format, discarded");
return PARSE_ERROR;
}
if (!encrypted)
@@ -327,7 +328,7 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
}
if (!cb)
{
- DBG1(" missing passphrase");
+ DBG1(DBG_LIB, " missing passphrase");
return INVALID_ARG;
}
while (TRUE)
@@ -404,13 +405,14 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
fd = open(file, O_RDONLY);
if (fd == -1)
{
- DBG1(" opening '%s' failed: %s", file, strerror(errno));
+ DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno));
return NULL;
}
if (fstat(fd, &sb) == -1)
{
- DBG1(" getting file size of '%s' failed: %s", file, strerror(errno));
+ DBG1(DBG_LIB, " getting file size of '%s' failed: %s", file,
+ strerror(errno));
close(fd);
return NULL;
}
@@ -418,7 +420,7 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
if (addr == MAP_FAILED)
{
- DBG1(" mapping '%s' failed: %s", file, strerror(errno));
+ DBG1(DBG_LIB, " mapping '%s' failed: %s", file, strerror(errno));
close(fd);
return NULL;
}
@@ -447,7 +449,8 @@ static void *load_from_fd(int fd, credential_type_t type, int subtype,
len = read(fd, pos, buf + sizeof(buf) - pos);
if (len < 0)
{
- DBG1("reading from file descriptor failed: %s", strerror(errno));
+ DBG1(DBG_LIB, "reading from file descriptor failed: %s",
+ strerror(errno));
return NULL;
}
if (len == 0)
@@ -457,7 +460,7 @@ static void *load_from_fd(int fd, credential_type_t type, int subtype,
total += len;
if (total == sizeof(buf))
{
- DBG1("buffer too small to read from file descriptor");
+ DBG1(DBG_LIB, "buffer too small to read from file descriptor");
return NULL;
}
}
diff --git a/src/libstrongswan/plugins/pem/pem_builder.h b/src/libstrongswan/plugins/pem/pem_builder.h
index 189a5430f..87f5a2c69 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.h
+++ b/src/libstrongswan/plugins/pem/pem_builder.h
@@ -18,8 +18,8 @@
* @{ @ingroup pem_p
*/
-#ifndef PEM_PRIVATE_KEY_H_
-#define PEM_PRIVATE_KEY_H_
+#ifndef PEM_BUILDER_H_
+#define PEM_BUILDER_H_
#include <credentials/builder.h>
#include <credentials/credential_factory.h>
@@ -53,5 +53,5 @@ public_key_t *pem_public_key_load(key_type_t type, va_list args);
*/
certificate_t *pem_certificate_load(certificate_type_t type, va_list args);
-#endif /** PEM_PRIVATE_KEY_H_ @}*/
+#endif /** PEM_BUILDER_H_ @}*/
diff --git a/src/libstrongswan/plugins/pem/pem_encoder.c b/src/libstrongswan/plugins/pem/pem_encoder.c
new file mode 100644
index 000000000..13c99a958
--- /dev/null
+++ b/src/libstrongswan/plugins/pem/pem_encoder.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pem_encoder.h"
+
+#define BYTES_PER_LINE 48
+
+/**
+ * See header.
+ */
+bool pem_encoder_encode(key_encoding_type_t type, chunk_t *encoding,
+ va_list args)
+{
+ chunk_t asn1;
+ char *label;
+ u_char *pos;
+ size_t len, written, pem_chars, pem_lines;
+ chunk_t n, e, d, p, q, exp1, exp2, coeff, to_free = chunk_empty;
+
+ switch (type)
+ {
+ case KEY_PUB_PEM:
+ label ="PUBLIC KEY";
+ /* direct PKCS#1 PEM encoding */
+ if (key_encoding_args(args, KEY_PART_RSA_PUB_ASN1_DER,
+ &asn1, KEY_PART_END) ||
+ key_encoding_args(args, KEY_PART_ECDSA_PUB_ASN1_DER,
+ &asn1, KEY_PART_END))
+ {
+ break;
+ }
+ /* indirect PEM encoding from components */
+ if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n,
+ KEY_PART_RSA_PUB_EXP, &e, KEY_PART_END))
+ {
+ if (lib->encoding->encode(lib->encoding, KEY_PUB_SPKI_ASN1_DER,
+ NULL, &asn1, KEY_PART_RSA_MODULUS, n,
+ KEY_PART_RSA_PUB_EXP, e, KEY_PART_END))
+ {
+ to_free = asn1;
+ break;
+ }
+ }
+ return FALSE;
+ case KEY_PRIV_PEM:
+ label ="RSA PRIVATE KEY";
+ /* direct PKCS#1 PEM encoding */
+ if (key_encoding_args(args, KEY_PART_RSA_PRIV_ASN1_DER,
+ &asn1, KEY_PART_END))
+ {
+ break;
+ }
+ /* indirect PEM encoding from components */
+ if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n,
+ KEY_PART_RSA_PUB_EXP, &e, KEY_PART_RSA_PRIV_EXP, &d,
+ KEY_PART_RSA_PRIME1, &p, KEY_PART_RSA_PRIME2, &q,
+ KEY_PART_RSA_EXP1, &exp1, KEY_PART_RSA_EXP2, &exp2,
+ KEY_PART_RSA_COEFF, &coeff, KEY_PART_END))
+ {
+ if (lib->encoding->encode(lib->encoding, KEY_PRIV_ASN1_DER, NULL,
+ &asn1, KEY_PART_RSA_MODULUS, n,
+ KEY_PART_RSA_PUB_EXP, e, KEY_PART_RSA_PRIV_EXP, d,
+ KEY_PART_RSA_PRIME1, p, KEY_PART_RSA_PRIME2, q,
+ KEY_PART_RSA_EXP1, exp1, KEY_PART_RSA_EXP2, exp2,
+ KEY_PART_RSA_COEFF, coeff, KEY_PART_END))
+ {
+ to_free = asn1;
+ break;
+ }
+ }
+ if (key_encoding_args(args, KEY_PART_ECDSA_PRIV_ASN1_DER,
+ &asn1, KEY_PART_END))
+ {
+ label ="EC PRIVATE KEY";
+ break;
+ }
+ return FALSE;
+ default:
+ return FALSE;
+ }
+
+ /* compute and allocate maximum size of PEM object */
+ pem_chars = 4*(asn1.len + 2)/3;
+ pem_lines = (asn1.len + BYTES_PER_LINE - 1) / BYTES_PER_LINE;
+ *encoding = chunk_alloc(5 + 2*(6 + strlen(label) + 6) + 3 + pem_chars + pem_lines);
+ pos = encoding->ptr;
+ len = encoding->len;
+
+ /* write PEM header */
+ written = snprintf(pos, len, "-----BEGIN %s-----\n", label);
+ pos += written;
+ len -= written;
+
+ /* write PEM body */
+ while (pem_lines--)
+ {
+ chunk_t asn1_line, pem_line;
+
+ asn1_line = chunk_create(asn1.ptr, min(asn1.len, BYTES_PER_LINE));
+ asn1.ptr += asn1_line.len;
+ asn1.len -= asn1_line.len;
+ pem_line = chunk_to_base64(asn1_line, pos);
+ pos += pem_line.len;
+ len -= pem_line.len;
+ *pos = '\n';
+ pos++;
+ len--;
+ }
+
+ chunk_clear(&to_free);
+
+ /* write PEM trailer */
+ written = snprintf(pos, len, "-----END %s-----", label);
+ pos += written;
+ len -= written;
+
+ /* replace termination null character with newline */
+ *pos = '\n';
+ pos++;
+ len--;
+
+ /* compute effective length of PEM object */
+ encoding->len = pos - encoding->ptr;
+ return TRUE;
+}
+
diff --git a/src/libstrongswan/plugins/pem/pem_encoder.h b/src/libstrongswan/plugins/pem/pem_encoder.h
new file mode 100644
index 000000000..a181133b7
--- /dev/null
+++ b/src/libstrongswan/plugins/pem/pem_encoder.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pem_encoder pem_encoder
+ * @{ @ingroup pem_p
+ */
+
+#ifndef PEM_ENCODER_H_
+#define PEM_ENCODER_H_
+
+#include <credentials/keys/key_encoding.h>
+
+/**
+ * Encoding from ASN.1 to PEM format.
+ */
+bool pem_encoder_encode(key_encoding_type_t type, chunk_t *encoding,
+ va_list args);
+
+#endif /** PEM_ENCODER_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c
index 5a5149ca8..810901b7a 100644
--- a/src/libstrongswan/plugins/pem/pem_plugin.c
+++ b/src/libstrongswan/plugins/pem/pem_plugin.c
@@ -16,7 +16,9 @@
#include "pem_plugin.h"
#include <library.h>
+
#include "pem_builder.h"
+#include "pem_encoder.h"
typedef struct private_pem_plugin_t private_pem_plugin_t;
@@ -48,7 +50,7 @@ static void destroy(private_pem_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *pem_plugin_create()
{
private_pem_plugin_t *this = malloc_thing(private_pem_plugin_t);
@@ -100,6 +102,9 @@ plugin_t *plugin_create()
lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL,
(builder_function_t)pem_certificate_load);
+ /* register PEM encoder */
+ lib->encoding->add_encoder(lib->encoding, pem_encoder_encode);
+
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/pem/pem_plugin.h b/src/libstrongswan/plugins/pem/pem_plugin.h
index 75616c496..944a3fc85 100644
--- a/src/libstrongswan/plugins/pem/pem_plugin.h
+++ b/src/libstrongswan/plugins/pem/pem_plugin.h
@@ -39,9 +39,4 @@ struct pem_plugin_t {
plugin_t plugin;
};
-/**
- * Create a pem_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** PEM_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/pgp/Makefile.am b/src/libstrongswan/plugins/pgp/Makefile.am
index c232971bb..4b414616d 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.am
+++ b/src/libstrongswan/plugins/pgp/Makefile.am
@@ -3,13 +3,17 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-pgp.la
+else
plugin_LTLIBRARIES = libstrongswan-pgp.la
+endif
-libstrongswan_pgp_la_SOURCES = pgp_plugin.h pgp_plugin.c \
- pgp_utils.h pgp_utils.c \
- pgp_cert.h pgp_cert.c \
- pgp_encoder.h pgp_encoder.c \
- pgp_builder.h pgp_builder.c
+libstrongswan_pgp_la_SOURCES = \
+ pgp_plugin.h pgp_plugin.c \
+ pgp_utils.h pgp_utils.c \
+ pgp_cert.h pgp_cert.c \
+ pgp_encoder.h pgp_encoder.c \
+ pgp_builder.h pgp_builder.c
libstrongswan_pgp_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index 70840c400..5d487364f 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_pgp_la_LIBADD =
am_libstrongswan_pgp_la_OBJECTS = pgp_plugin.lo pgp_utils.lo \
pgp_cert.lo pgp_encoder.lo pgp_builder.lo
@@ -80,6 +80,8 @@ libstrongswan_pgp_la_OBJECTS = $(am_libstrongswan_pgp_la_OBJECTS)
libstrongswan_pgp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_pgp_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_pgp_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_pgp_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,12 +257,14 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-pgp.la
-libstrongswan_pgp_la_SOURCES = pgp_plugin.h pgp_plugin.c \
- pgp_utils.h pgp_utils.c \
- pgp_cert.h pgp_cert.c \
- pgp_encoder.h pgp_encoder.c \
- pgp_builder.h pgp_builder.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pgp.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pgp.la
+libstrongswan_pgp_la_SOURCES = \
+ pgp_plugin.h pgp_plugin.c \
+ pgp_utils.h pgp_utils.c \
+ pgp_cert.h pgp_cert.c \
+ pgp_encoder.h pgp_encoder.c \
+ pgp_builder.h pgp_builder.c
libstrongswan_pgp_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -296,6 +301,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +342,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-pgp.la: $(libstrongswan_pgp_la_OBJECTS) $(libstrongswan_pgp_la_DEPENDENCIES)
- $(libstrongswan_pgp_la_LINK) -rpath $(plugindir) $(libstrongswan_pgp_la_OBJECTS) $(libstrongswan_pgp_la_LIBADD) $(LIBS)
+ $(libstrongswan_pgp_la_LINK) $(am_libstrongswan_pgp_la_rpath) $(libstrongswan_pgp_la_OBJECTS) $(libstrongswan_pgp_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -485,8 +499,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -557,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c
index d262d18ff..84c9bfddd 100644
--- a/src/libstrongswan/plugins/pgp/pgp_builder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_builder.c
@@ -41,7 +41,7 @@ static public_key_t *parse_public_key(chunk_t blob)
BUILD_BLOB_PGP, blob, BUILD_END);
break;
default:
- DBG1("PGP public key algorithm %N not supported",
+ DBG1(DBG_LIB, "PGP public key algorithm %N not supported",
pgp_pubkey_alg_names, alg);
return NULL;
}
@@ -90,12 +90,13 @@ static private_key_t *parse_rsa_private_key(chunk_t blob)
}
if (s2k == 255 || s2k == 254)
{
- DBG1("string-to-key specifiers not supported");
+ DBG1(DBG_LIB, "string-to-key specifiers not supported");
return NULL;
}
if (s2k != PGP_SYM_ALG_PLAIN)
{
- DBG1("%N private key encryption not supported", pgp_sym_alg_names, s2k);
+ DBG1(DBG_LIB, "%N private key encryption not supported",
+ pgp_sym_alg_names, s2k);
return NULL;
}
@@ -121,7 +122,7 @@ static private_key_t *parse_rsa_private_key(chunk_t blob)
static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme,
chunk_t data, chunk_t *signature)
{
- DBG1("signing failed - decryption only key");
+ DBG1(DBG_LIB, "signing failed - decryption only key");
return FALSE;
}
@@ -131,7 +132,7 @@ static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme,
static bool decrypt_not_allowed(private_key_t *this,
chunk_t crypto, chunk_t *plain)
{
- DBG1("decryption failed - signature only key");
+ DBG1(DBG_LIB, "decryption failed - signature only key");
return FALSE;
}
@@ -164,7 +165,7 @@ static private_key_t *parse_private_key(chunk_t blob)
case 4:
break;
default:
- DBG1("PGP packet version V%d not supported", version);
+ DBG1(DBG_LIB, "PGP packet version V%d not supported", version);
return FALSE;
}
if (!pgp_read_scalar(&packet, 4, &created))
diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c
index fa2612285..cd04f3d1a 100644
--- a/src/libstrongswan/plugins/pgp/pgp_cert.c
+++ b/src/libstrongswan/plugins/pgp/pgp_cert.c
@@ -198,9 +198,9 @@ static bool is_newer(certificate_t *this, certificate_t *that)
this->get_validity(this, &now, &this_update, NULL);
that->get_validity(that, &now, &that_update, NULL);
new = this_update > that_update;
- DBG1(" certificate from %T is %s - existing certificate from %T %s",
- &this_update, FALSE, new ? "newer":"not newer",
- &that_update, FALSE, new ? "replaced":"retained");
+ DBG1(DBG_LIB, " certificate from %T is %s - existing certificate"
+ " from %T %s", &this_update, FALSE, new ? "newer" : "not newer",
+ &that_update, FALSE, new ? "replaced" : "retained");
return new;
}
@@ -322,16 +322,18 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
}
break;
default:
- DBG1("PGP packet version V%d not supported", this->version);
+ DBG1(DBG_LIB, "PGP packet version V%d not supported",
+ this->version);
return FALSE;
}
if (this->valid)
{
- DBG2("L2 - created %T, valid %d days", &this->created, FALSE, this->valid);
+ DBG2(DBG_LIB, "L2 - created %T, valid %d days", &this->created, FALSE,
+ this->valid);
}
else
{
- DBG2("L2 - created %T, never expires", &this->created, FALSE);
+ DBG2(DBG_LIB, "L2 - created %T, never expires", &this->created, FALSE);
}
DESTROY_IF(this->key);
this->key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
@@ -352,13 +354,13 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (hasher == NULL)
{
- DBG1("no SHA-1 hasher available");
+ DBG1(DBG_LIB, "no SHA-1 hasher available");
return FALSE;
}
hasher->allocate_hash(hasher, pubkey_packet_header, NULL);
hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint);
hasher->destroy(hasher);
- DBG2("L2 - v4 fingerprint %#B", &this->fingerprint);
+ DBG2(DBG_LIB, "L2 - v4 fingerprint %#B", &this->fingerprint);
}
else
{
@@ -369,7 +371,7 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
return FALSE;
}
this->fingerprint = chunk_clone(this->fingerprint);
- DBG2("L2 - v3 fingerprint %#B", &this->fingerprint);
+ DBG2(DBG_LIB, "L2 - v3 fingerprint %#B", &this->fingerprint);
}
return TRUE;
}
@@ -389,7 +391,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
/* we parse only v3 or v4 signature packets */
if (version != 3 && version != 4)
{
- DBG2("L2 - v%d signature ignored", version);
+ DBG2(DBG_LIB, "L2 - v%d signature ignored", version);
return TRUE;
}
if (version == 4)
@@ -398,7 +400,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
{
return FALSE;
}
- DBG2("L2 - v%d signature of type 0x%02x", version, type);
+ DBG2(DBG_LIB, "L2 - v%d signature of type 0x%02x", version, type);
}
else
{
@@ -411,8 +413,8 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
{
return FALSE;
}
- DBG2("L2 - v3 signature of type 0x%02x, created %T", type,
- &created, FALSE);
+ DBG2(DBG_LIB, "L2 - v3 signature of type 0x%02x, created %T", type,
+ &created, FALSE);
}
/* TODO: parse and save signature to a list */
return TRUE;
@@ -425,7 +427,7 @@ static bool parse_user_id(private_pgp_cert_t *this, chunk_t packet)
{
DESTROY_IF(this->user_id);
this->user_id = identification_create_from_encoding(ID_KEY_ID, packet);
- DBG2("L2 - '%Y'", this->user_id);
+ DBG2(DBG_LIB, "L2 - '%Y'", this->user_id);
return TRUE;
}
@@ -486,7 +488,7 @@ pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args)
}
break;
default:
- DBG1("ignoring %N packet in PGP certificate",
+ DBG1(DBG_LIB, "ignoring %N packet in PGP certificate",
pgp_packet_tag_names, tag);
break;
}
diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.c b/src/libstrongswan/plugins/pgp/pgp_encoder.c
index 56acac597..d5c3df590 100644
--- a/src/libstrongswan/plugins/pgp/pgp_encoder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_encoder.c
@@ -31,7 +31,8 @@ static bool build_v3_fingerprint(chunk_t *encoding, va_list args)
hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
if (!hasher)
{
- DBG1("MD5 hash algorithm not supported, PGP fingerprinting failed");
+ DBG1(DBG_LIB, "MD5 hash algorithm not supported, PGP"
+ " fingerprinting failed");
return FALSE;
}
/* remove leading zero bytes before hashing modulus and exponent */
diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c
index eabb3695f..3ed1faf01 100644
--- a/src/libstrongswan/plugins/pgp/pgp_plugin.c
+++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c
@@ -54,7 +54,7 @@ static void destroy(private_pgp_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *pgp_plugin_create()
{
private_pgp_plugin_t *this = malloc_thing(private_pgp_plugin_t);
diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.h b/src/libstrongswan/plugins/pgp/pgp_plugin.h
index 95765cd76..8a0ab89d6 100644
--- a/src/libstrongswan/plugins/pgp/pgp_plugin.h
+++ b/src/libstrongswan/plugins/pgp/pgp_plugin.h
@@ -39,9 +39,4 @@ struct pgp_plugin_t {
plugin_t plugin;
};
-/**
- * Create a pgp_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** PGP_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.c b/src/libstrongswan/plugins/pgp/pgp_utils.c
index 1658f3232..2d85cc0c8 100644
--- a/src/libstrongswan/plugins/pgp/pgp_utils.c
+++ b/src/libstrongswan/plugins/pgp/pgp_utils.c
@@ -79,7 +79,7 @@ bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar)
if (bytes > blob->len)
{
- DBG1("PGP data too short to read %d byte scalar", bytes);
+ DBG1(DBG_LIB, "PGP data too short to read %d byte scalar", bytes);
return FALSE;
}
while (bytes-- > 0)
@@ -100,13 +100,13 @@ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi)
if (!pgp_read_scalar(blob, 2, &bits))
{
- DBG1("PGP data too short to read MPI length");
+ DBG1(DBG_LIB, "PGP data too short to read MPI length");
return FALSE;
}
bytes = (bits + 7) / 8;
if (bytes > blob->len)
{
- DBG1("PGP data too short to read %d byte MPI", bytes);
+ DBG1(DBG_LIB, "PGP data too short to read %d byte MPI", bytes);
return FALSE;
}
*mpi = chunk_create(blob->ptr, bytes);
@@ -146,7 +146,7 @@ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag)
if (!blob->len)
{
- DBG1("missing input");
+ DBG1(DBG_LIB, "missing input");
return FALSE;
}
t = blob->ptr[0];
@@ -154,27 +154,27 @@ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag)
/* bit 7 must be set */
if (!(t & 0x80))
{
- DBG1("invalid packet tag");
+ DBG1(DBG_LIB, "invalid packet tag");
return FALSE;
}
/* bit 6 set defines new packet format */
if (t & 0x40)
{
- DBG1("new PGP packet format not supported");
+ DBG1(DBG_LIB, "new PGP packet format not supported");
return FALSE;
}
t = (t & 0x3C) >> 2;
if (!pgp_old_packet_length(blob, &len) || len > blob->len)
{
- DBG1("invalid packet length");
+ DBG1(DBG_LIB, "invalid packet length");
return FALSE;
}
*data = chunk_create(blob->ptr, len);
*blob = chunk_skip(*blob, len);
*tag = t;
- DBG2("L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len);
- DBG3("%B", data);
+ DBG2(DBG_LIB, "L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len);
+ DBG3(DBG_LIB, "%B", data);
return TRUE;
}
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.am b/src/libstrongswan/plugins/pkcs1/Makefile.am
index 88d25a26b..bd3203dae 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.am
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.am
@@ -3,11 +3,15 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-pkcs1.la
+else
plugin_LTLIBRARIES = libstrongswan-pkcs1.la
+endif
-libstrongswan_pkcs1_la_SOURCES = pkcs1_plugin.h pkcs1_plugin.c \
- pkcs1_encoder.h pkcs1_encoder.c \
- pkcs1_builder.h pkcs1_builder.c
+libstrongswan_pkcs1_la_SOURCES = \
+ pkcs1_plugin.h pkcs1_plugin.c \
+ pkcs1_encoder.h pkcs1_encoder.c \
+ pkcs1_builder.h pkcs1_builder.c
libstrongswan_pkcs1_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index 4439cd60f..3fdcd0590 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_pkcs1_la_LIBADD =
am_libstrongswan_pkcs1_la_OBJECTS = pkcs1_plugin.lo pkcs1_encoder.lo \
pkcs1_builder.lo
@@ -80,6 +80,9 @@ libstrongswan_pkcs1_la_OBJECTS = $(am_libstrongswan_pkcs1_la_OBJECTS)
libstrongswan_pkcs1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_pkcs1_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_pkcs1_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_pkcs1_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,10 +258,12 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-pkcs1.la
-libstrongswan_pkcs1_la_SOURCES = pkcs1_plugin.h pkcs1_plugin.c \
- pkcs1_encoder.h pkcs1_encoder.c \
- pkcs1_builder.h pkcs1_builder.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pkcs1.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pkcs1.la
+libstrongswan_pkcs1_la_SOURCES = \
+ pkcs1_plugin.h pkcs1_plugin.c \
+ pkcs1_encoder.h pkcs1_encoder.c \
+ pkcs1_builder.h pkcs1_builder.c
libstrongswan_pkcs1_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -294,6 +300,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -326,7 +341,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-pkcs1.la: $(libstrongswan_pkcs1_la_OBJECTS) $(libstrongswan_pkcs1_la_DEPENDENCIES)
- $(libstrongswan_pkcs1_la_LINK) -rpath $(plugindir) $(libstrongswan_pkcs1_la_OBJECTS) $(libstrongswan_pkcs1_la_LIBADD) $(LIBS)
+ $(libstrongswan_pkcs1_la_LINK) $(am_libstrongswan_pkcs1_la_rpath) $(libstrongswan_pkcs1_la_OBJECTS) $(libstrongswan_pkcs1_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -481,8 +496,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -553,18 +568,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
index fbd35e830..88c848899 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
@@ -81,10 +81,10 @@ static public_key_t *parse_public_key(chunk_t blob)
/* skip initial bit string octet defining 0 unused bits */
object = chunk_skip(object, 1);
}
- DBG2("-- > --");
+ DBG2(DBG_LIB, "-- > --");
key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, type,
BUILD_BLOB_ASN1_DER, object, BUILD_END);
- DBG2("-- < --");
+ DBG2(DBG_LIB, "-- < --");
break;
}
}
@@ -197,7 +197,7 @@ static private_key_t *parse_rsa_private_key(chunk_t blob)
case PRIV_KEY_VERSION:
if (object.len > 0 && *object.ptr != 0)
{
- DBG1("PKCS#1 private key format is not version 1");
+ DBG1(DBG_LIB, "PKCS#1 private key format is not version 1");
goto end;
}
break;
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h
index 62ca9f351..9f251833e 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h
@@ -14,7 +14,7 @@
*/
/**
- * @defgroup pkcs1_public_key pkcs1_public_key
+ * @defgroup pkcs1_builder pkcs1_builder
* @{ @ingroup pkcs1
*/
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c
index 0a8da815a..e46062d97 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c
@@ -97,7 +97,8 @@ static bool hash_pubkey(chunk_t pubkey, chunk_t *hash)
if (hasher == NULL)
{
chunk_free(&pubkey);
- DBG1("SHA1 hash algorithm not supported, fingerprinting failed");
+ DBG1(DBG_LIB, "SHA1 hash algorithm not supported, "
+ "fingerprinting failed");
return FALSE;
}
hasher->allocate_hash(hasher, pubkey, hash);
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
index 9d71e1388..35ec2d2bf 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
@@ -50,7 +50,7 @@ static void destroy(private_pkcs1_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *pkcs1_plugin_create()
{
private_pkcs1_plugin_t *this = malloc_thing(private_pkcs1_plugin_t);
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h
index 465c7ef2c..588bde559 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h
@@ -39,9 +39,4 @@ struct pkcs1_plugin_t {
plugin_t plugin;
};
-/**
- * Create a pkcs1_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** PKCS1_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h
index 28c800c0c..6d8a370fb 100644
--- a/src/libstrongswan/plugins/plugin.h
+++ b/src/libstrongswan/plugins/plugin.h
@@ -38,9 +38,9 @@ struct plugin_t {
/**
* Plugin constructor function definiton.
*
- * Each plugin has a constructor functions. This function is called on daemon
+ * Each plugin has a constructor function. This function is called on daemon
* startup to initialize each plugin.
- * The plugin function is named plugin_create().
+ * The plugin function is named plugin_name_plugin_create().
*
* @return plugin_t instance
*/
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index d4513f25a..cad279a9d 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2010 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -49,37 +50,83 @@ struct private_plugin_loader_t {
linked_list_t *names;
};
+#ifdef MONOLITHIC
+/**
+ * load a single plugin in monolithic mode
+ */
+static plugin_t* load_plugin(private_plugin_loader_t *this,
+ char *path, char *name)
+{
+ char create[128];
+ plugin_t *plugin;
+ plugin_constructor_t constructor;
+
+ if (snprintf(create, sizeof(create), "%s_plugin_create",
+ name) >= sizeof(create))
+ {
+ return NULL;
+ }
+ translate(create, "-", "_");
+ constructor = dlsym(RTLD_DEFAULT, create);
+ if (constructor == NULL)
+ {
+ DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name,
+ create);
+ return NULL;
+ }
+ plugin = constructor();
+ if (plugin == NULL)
+ {
+ DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name,
+ create);
+ return NULL;
+ }
+ DBG2(DBG_LIB, "plugin '%s': loaded successfully", name);
+
+ return plugin;
+}
+#else
/**
* load a single plugin
*/
static plugin_t* load_plugin(private_plugin_loader_t *this,
char *path, char *name)
{
+ char create[128];
char file[PATH_MAX];
void *handle;
plugin_t *plugin;
plugin_constructor_t constructor;
- snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, name);
-
+ if (snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path,
+ name) >= sizeof(file) ||
+ snprintf(create, sizeof(create), "%s_plugin_create",
+ name) >= sizeof(create))
+ {
+ return NULL;
+ }
+ translate(create, "-", "_");
if (lib->integrity)
{
if (!lib->integrity->check_file(lib->integrity, name, file))
{
- DBG1("plugin '%s': failed file integrity test of '%s'", name, file);
+ DBG1(DBG_LIB, "plugin '%s': failed file integrity test of '%s'",
+ name, file);
return NULL;
}
}
handle = dlopen(file, RTLD_LAZY);
if (handle == NULL)
{
- DBG1("plugin '%s': failed to load '%s' - %s", name, file, dlerror());
+ DBG1(DBG_LIB, "plugin '%s': failed to load '%s' - %s", name, file,
+ dlerror());
return NULL;
}
- constructor = dlsym(handle, "plugin_create");
+ constructor = dlsym(handle, create);
if (constructor == NULL)
{
- DBG1("plugin '%s': failed to load - no plugin_create() function", name);
+ DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name,
+ create);
dlclose(handle);
return NULL;
}
@@ -87,25 +134,28 @@ static plugin_t* load_plugin(private_plugin_loader_t *this,
{
if (!lib->integrity->check_segment(lib->integrity, name, constructor))
{
- DBG1("plugin '%s': failed segment integrity test", name);
+ DBG1(DBG_LIB, "plugin '%s': failed segment integrity test", name);
dlclose(handle);
return NULL;
}
- DBG1("plugin '%s': passed file and segment integrity tests", name);
+ DBG1(DBG_LIB, "plugin '%s': passed file and segment integrity tests",
+ name);
}
plugin = constructor();
if (plugin == NULL)
{
- DBG1("plugin '%s': failed to load - plugin_create() returned NULL", name);
+ DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name,
+ create);
dlclose(handle);
return NULL;
}
- DBG2("plugin '%s': loaded successfully", name);
+ DBG2(DBG_LIB, "plugin '%s': loaded successfully", name);
/* we do not store or free dlopen() handles, leak_detective requires
* the modules to keep loaded until leak report */
return plugin;
}
+#endif
/**
* Implementation of plugin_loader_t.load_plugins.
@@ -116,10 +166,12 @@ static bool load(private_plugin_loader_t *this, char *path, char *list)
char *token;
bool critical_failed = FALSE;
+#ifndef MONOLITHIC
if (path == NULL)
{
path = PLUGINDIR;
}
+#endif
enumerator = enumerator_create_token(list, " ", " ");
while (!critical_failed && enumerator->enumerate(enumerator, &token))
@@ -147,7 +199,7 @@ static bool load(private_plugin_loader_t *this, char *path, char *list)
if (critical)
{
critical_failed = TRUE;
- DBG1("loading critical plugin '%s' failed", token);
+ DBG1(DBG_LIB, "loading critical plugin '%s' failed", token);
}
free(token);
}
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.am b/src/libstrongswan/plugins/pubkey/Makefile.am
index 770d77325..c2974a585 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.am
+++ b/src/libstrongswan/plugins/pubkey/Makefile.am
@@ -3,10 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-pubkey.la
+else
plugin_LTLIBRARIES = libstrongswan-pubkey.la
+endif
-libstrongswan_pubkey_la_SOURCES = pubkey_plugin.h pubkey_plugin.c \
- pubkey_cert.h pubkey_cert.c
+libstrongswan_pubkey_la_SOURCES = \
+ pubkey_plugin.h pubkey_plugin.c \
+ pubkey_cert.h pubkey_cert.c
libstrongswan_pubkey_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index f95e7b357..5fe3d58f1 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_pubkey_la_LIBADD =
am_libstrongswan_pubkey_la_OBJECTS = pubkey_plugin.lo pubkey_cert.lo
libstrongswan_pubkey_la_OBJECTS = \
@@ -80,6 +80,9 @@ libstrongswan_pubkey_la_OBJECTS = \
libstrongswan_pubkey_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_pubkey_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_pubkey_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_pubkey_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,9 +258,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-pubkey.la
-libstrongswan_pubkey_la_SOURCES = pubkey_plugin.h pubkey_plugin.c \
- pubkey_cert.h pubkey_cert.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pubkey.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pubkey.la
+libstrongswan_pubkey_la_SOURCES = \
+ pubkey_plugin.h pubkey_plugin.c \
+ pubkey_cert.h pubkey_cert.c
libstrongswan_pubkey_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -293,6 +299,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -325,7 +340,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-pubkey.la: $(libstrongswan_pubkey_la_OBJECTS) $(libstrongswan_pubkey_la_DEPENDENCIES)
- $(libstrongswan_pubkey_la_LINK) -rpath $(plugindir) $(libstrongswan_pubkey_la_OBJECTS) $(libstrongswan_pubkey_la_LIBADD) $(LIBS)
+ $(libstrongswan_pubkey_la_LINK) $(am_libstrongswan_pubkey_la_rpath) $(libstrongswan_pubkey_la_OBJECTS) $(libstrongswan_pubkey_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -479,8 +494,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -551,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
index ad84eed99..b0eabc9ee 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_pubkey_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *pubkey_plugin_create()
{
private_pubkey_plugin_t *this = malloc_thing(private_pubkey_plugin_t);
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
index a3fd2f155..db71bddc0 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
+++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
@@ -39,9 +39,4 @@ struct pubkey_plugin_t {
plugin_t plugin;
};
-/**
- * Create a pubkey_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** PUBKEY_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/random/Makefile.am b/src/libstrongswan/plugins/random/Makefile.am
index 7c2283ae7..5df992718 100644
--- a/src/libstrongswan/plugins/random/Makefile.am
+++ b/src/libstrongswan/plugins/random/Makefile.am
@@ -5,9 +5,14 @@ AM_CFLAGS = -rdynamic \
-DDEV_RANDOM=\"${random_device}\" \
-DDEV_URANDOM=\"${urandom_device}\"
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-random.la
+else
plugin_LTLIBRARIES = libstrongswan-random.la
+endif
-libstrongswan_random_la_SOURCES = random_plugin.h random_plugin.c \
- random_rng.c random_rng.h
-libstrongswan_random_la_LDFLAGS = -module -avoid-version
+libstrongswan_random_la_SOURCES = \
+ random_plugin.h random_plugin.c \
+ random_rng.c random_rng.h
+libstrongswan_random_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index 355ab14bc..27360aa8c 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_random_la_LIBADD =
am_libstrongswan_random_la_OBJECTS = random_plugin.lo random_rng.lo
libstrongswan_random_la_OBJECTS = \
@@ -80,6 +80,9 @@ libstrongswan_random_la_OBJECTS = \
libstrongswan_random_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_random_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_random_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_random_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -257,9 +261,11 @@ AM_CFLAGS = -rdynamic \
-DDEV_RANDOM=\"${random_device}\" \
-DDEV_URANDOM=\"${urandom_device}\"
-plugin_LTLIBRARIES = libstrongswan-random.la
-libstrongswan_random_la_SOURCES = random_plugin.h random_plugin.c \
- random_rng.c random_rng.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-random.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-random.la
+libstrongswan_random_la_SOURCES = \
+ random_plugin.h random_plugin.c \
+ random_rng.c random_rng.h
libstrongswan_random_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -296,6 +302,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +343,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-random.la: $(libstrongswan_random_la_OBJECTS) $(libstrongswan_random_la_DEPENDENCIES)
- $(libstrongswan_random_la_LINK) -rpath $(plugindir) $(libstrongswan_random_la_OBJECTS) $(libstrongswan_random_la_LIBADD) $(LIBS)
+ $(libstrongswan_random_la_LINK) $(am_libstrongswan_random_la_rpath) $(libstrongswan_random_la_OBJECTS) $(libstrongswan_random_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -482,8 +497,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -554,18 +569,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c
index df0a8f556..39678ba71 100644
--- a/src/libstrongswan/plugins/random/random_plugin.c
+++ b/src/libstrongswan/plugins/random/random_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_random_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *random_plugin_create()
{
private_random_plugin_t *this = malloc_thing(private_random_plugin_t);
diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h
index 6ce0f71be..7e22c3e5f 100644
--- a/src/libstrongswan/plugins/random/random_plugin.h
+++ b/src/libstrongswan/plugins/random/random_plugin.h
@@ -39,9 +39,4 @@ struct random_plugin_t {
plugin_t plugin;
};
-/**
- * Create a random_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** RANDOM_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c
index 34f300296..b09f3f57a 100644
--- a/src/libstrongswan/plugins/random/random_rng.c
+++ b/src/libstrongswan/plugins/random/random_rng.c
@@ -71,7 +71,7 @@ static void get_bytes(private_random_rng_t *this, size_t bytes,
got = read(this->dev, buffer + done, bytes - done);
if (got <= 0)
{
- DBG1("reading from \"%s\" failed: %s, retrying...",
+ DBG1(DBG_LIB, "reading from \"%s\" failed: %s, retrying...",
this->file, strerror(errno));
close(this->dev);
sleep(1);
@@ -124,7 +124,7 @@ random_rng_t *random_rng_create(rng_quality_t quality)
this->dev = open(this->file, 0);
if (this->dev < 0)
{
- DBG1("opening \"%s\" failed: %s", this->file, strerror(errno));
+ DBG1(DBG_LIB, "opening \"%s\" failed: %s", this->file, strerror(errno));
free(this);
return NULL;
}
diff --git a/src/libstrongswan/plugins/sha1/Makefile.am b/src/libstrongswan/plugins/sha1/Makefile.am
index ead51a45a..4e539fd83 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.am
+++ b/src/libstrongswan/plugins/sha1/Makefile.am
@@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-sha1.la
+else
plugin_LTLIBRARIES = libstrongswan-sha1.la
+endif
-libstrongswan_sha1_la_SOURCES = sha1_plugin.h sha1_plugin.c \
+libstrongswan_sha1_la_SOURCES = \
+ sha1_plugin.h sha1_plugin.c \
sha1_hasher.c sha1_hasher.h sha1_prf.c sha1_prf.h
-libstrongswan_sha1_la_LDFLAGS = -module -avoid-version
+libstrongswan_sha1_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index 4f08b882c..dacb5be4b 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_sha1_la_LIBADD =
am_libstrongswan_sha1_la_OBJECTS = sha1_plugin.lo sha1_hasher.lo \
sha1_prf.lo
@@ -80,6 +80,8 @@ libstrongswan_sha1_la_OBJECTS = $(am_libstrongswan_sha1_la_OBJECTS)
libstrongswan_sha1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_sha1_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_sha1_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_sha1_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,8 +257,10 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-sha1.la
-libstrongswan_sha1_la_SOURCES = sha1_plugin.h sha1_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sha1.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sha1.la
+libstrongswan_sha1_la_SOURCES = \
+ sha1_plugin.h sha1_plugin.c \
sha1_hasher.c sha1_hasher.h sha1_prf.c sha1_prf.h
libstrongswan_sha1_la_LDFLAGS = -module -avoid-version
@@ -293,6 +298,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -325,7 +339,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-sha1.la: $(libstrongswan_sha1_la_OBJECTS) $(libstrongswan_sha1_la_DEPENDENCIES)
- $(libstrongswan_sha1_la_LINK) -rpath $(plugindir) $(libstrongswan_sha1_la_OBJECTS) $(libstrongswan_sha1_la_LIBADD) $(LIBS)
+ $(libstrongswan_sha1_la_LINK) $(am_libstrongswan_sha1_la_rpath) $(libstrongswan_sha1_la_OBJECTS) $(libstrongswan_sha1_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -480,8 +494,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -552,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c
index a038228da..7b9cf878f 100644
--- a/src/libstrongswan/plugins/sha1/sha1_plugin.c
+++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c
@@ -47,7 +47,7 @@ static void destroy(private_sha1_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *sha1_plugin_create()
{
private_sha1_plugin_t *this = malloc_thing(private_sha1_plugin_t);
diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.h b/src/libstrongswan/plugins/sha1/sha1_plugin.h
index 36b12b91e..cd1ff615d 100644
--- a/src/libstrongswan/plugins/sha1/sha1_plugin.h
+++ b/src/libstrongswan/plugins/sha1/sha1_plugin.h
@@ -39,9 +39,4 @@ struct sha1_plugin_t {
plugin_t plugin;
};
-/**
- * Create a sha1_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** SHA1_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/sha2/Makefile.am b/src/libstrongswan/plugins/sha2/Makefile.am
index 5422e1d4e..a255d0609 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.am
+++ b/src/libstrongswan/plugins/sha2/Makefile.am
@@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-sha2.la
+else
plugin_LTLIBRARIES = libstrongswan-sha2.la
+endif
-libstrongswan_sha2_la_SOURCES = sha2_plugin.h sha2_plugin.c sha2_hasher.c sha2_hasher.h
-libstrongswan_sha2_la_LDFLAGS = -module -avoid-version
+libstrongswan_sha2_la_SOURCES = \
+ sha2_plugin.h sha2_plugin.c sha2_hasher.c sha2_hasher.h
+libstrongswan_sha2_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index e4ea58094..6db4374c8 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_sha2_la_LIBADD =
am_libstrongswan_sha2_la_OBJECTS = sha2_plugin.lo sha2_hasher.lo
libstrongswan_sha2_la_OBJECTS = $(am_libstrongswan_sha2_la_OBJECTS)
libstrongswan_sha2_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_sha2_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_sha2_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_sha2_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-sha2.la
-libstrongswan_sha2_la_SOURCES = sha2_plugin.h sha2_plugin.c sha2_hasher.c sha2_hasher.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sha2.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sha2.la
+libstrongswan_sha2_la_SOURCES = \
+ sha2_plugin.h sha2_plugin.c sha2_hasher.c sha2_hasher.h
+
libstrongswan_sha2_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -290,6 +296,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-sha2.la: $(libstrongswan_sha2_la_OBJECTS) $(libstrongswan_sha2_la_DEPENDENCIES)
- $(libstrongswan_sha2_la_LINK) -rpath $(plugindir) $(libstrongswan_sha2_la_OBJECTS) $(libstrongswan_sha2_la_LIBADD) $(LIBS)
+ $(libstrongswan_sha2_la_LINK) $(am_libstrongswan_sha2_la_rpath) $(libstrongswan_sha2_la_OBJECTS) $(libstrongswan_sha2_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -476,8 +491,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c
index 90f7cec77..810d9922a 100644
--- a/src/libstrongswan/plugins/sha2/sha2_plugin.c
+++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_sha2_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *sha2_plugin_create()
{
private_sha2_plugin_t *this = malloc_thing(private_sha2_plugin_t);
diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.h b/src/libstrongswan/plugins/sha2/sha2_plugin.h
index b80f7560e..48ee2d94c 100644
--- a/src/libstrongswan/plugins/sha2/sha2_plugin.h
+++ b/src/libstrongswan/plugins/sha2/sha2_plugin.h
@@ -39,9 +39,4 @@ struct sha2_plugin_t {
plugin_t plugin;
};
-/**
- * Create a sha2_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** SHA2_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.am b/src/libstrongswan/plugins/sqlite/Makefile.am
index f26e31294..2e1d9733f 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.am
+++ b/src/libstrongswan/plugins/sqlite/Makefile.am
@@ -3,10 +3,16 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-sqlite.la
+else
plugin_LTLIBRARIES = libstrongswan-sqlite.la
+endif
-libstrongswan_sqlite_la_SOURCES = sqlite_plugin.h sqlite_plugin.c \
+libstrongswan_sqlite_la_SOURCES = \
+ sqlite_plugin.h sqlite_plugin.c \
sqlite_database.h sqlite_database.c
+
libstrongswan_sqlite_la_LDFLAGS = -module -avoid-version
-libstrongswan_sqlite_la_LIBADD = -lsqlite3
+libstrongswan_sqlite_la_LIBADD = -lsqlite3
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index 831408c9e..cb466ad03 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_sqlite_la_DEPENDENCIES =
am_libstrongswan_sqlite_la_OBJECTS = sqlite_plugin.lo \
sqlite_database.lo
@@ -81,6 +81,9 @@ libstrongswan_sqlite_la_OBJECTS = \
libstrongswan_sqlite_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_sqlite_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_sqlite_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_sqlite_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -255,8 +259,10 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-sqlite.la
-libstrongswan_sqlite_la_SOURCES = sqlite_plugin.h sqlite_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sqlite.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sqlite.la
+libstrongswan_sqlite_la_SOURCES = \
+ sqlite_plugin.h sqlite_plugin.c \
sqlite_database.h sqlite_database.c
libstrongswan_sqlite_la_LDFLAGS = -module -avoid-version
@@ -295,6 +301,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +342,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-sqlite.la: $(libstrongswan_sqlite_la_OBJECTS) $(libstrongswan_sqlite_la_DEPENDENCIES)
- $(libstrongswan_sqlite_la_LINK) -rpath $(plugindir) $(libstrongswan_sqlite_la_OBJECTS) $(libstrongswan_sqlite_la_LIBADD) $(LIBS)
+ $(libstrongswan_sqlite_la_LINK) $(am_libstrongswan_sqlite_la_rpath) $(libstrongswan_sqlite_la_OBJECTS) $(libstrongswan_sqlite_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -481,8 +496,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -553,18 +568,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c
index 721f1a126..3e20dbb51 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_database.c
+++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c
@@ -110,11 +110,13 @@ static sqlite3_stmt* run(private_sqlite_database_t *this, char *sql,
}
else
{
- DBG1("preparing sqlite statement failed: %s", sqlite3_errmsg(this->db));
+ DBG1(DBG_LIB, "preparing sqlite statement failed: %s",
+ sqlite3_errmsg(this->db));
}
if (res != SQLITE_OK)
{
- DBG1("binding sqlite statement failed: %s", sqlite3_errmsg(this->db));
+ DBG1(DBG_LIB, "binding sqlite statement failed: %s",
+ sqlite3_errmsg(this->db));
sqlite3_finalize(stmt);
return NULL;
}
@@ -160,7 +162,7 @@ static bool sqlite_enumerator_enumerate(sqlite_enumerator_t *this, ...)
case SQLITE_ROW:
break;
default:
- DBG1("stepping sqlite statement failed: %s",
+ DBG1(DBG_LIB, "stepping sqlite statement failed: %s",
sqlite3_errmsg(this->database->db));
/* fall */
case SQLITE_DONE:
@@ -203,7 +205,7 @@ static bool sqlite_enumerator_enumerate(sqlite_enumerator_t *this, ...)
break;
}
default:
- DBG1("invalid result type supplied");
+ DBG1(DBG_LIB, "invalid result type supplied");
return FALSE;
}
}
@@ -272,7 +274,8 @@ static int execute(private_sqlite_database_t *this, int *rowid, char *sql, ...)
}
else
{
- DBG1("sqlite execute failed: %s", sqlite3_errmsg(this->db));
+ DBG1(DBG_LIB, "sqlite execute failed: %s",
+ sqlite3_errmsg(this->db));
}
sqlite3_finalize(stmt);
}
@@ -337,7 +340,7 @@ sqlite_database_t *sqlite_database_create(char *uri)
if (sqlite3_open(file, &this->db) != SQLITE_OK)
{
- DBG1("opening SQLite database '%s' failed: %s",
+ DBG1(DBG_LIB, "opening SQLite database '%s' failed: %s",
file, sqlite3_errmsg(this->db));
destroy(this);
return NULL;
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
index 955402bf9..332d82318 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
+++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_sqlite_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *sqlite_plugin_create()
{
private_sqlite_plugin_t *this = malloc_thing(private_sqlite_plugin_t);
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h
index 82735a311..dbc461cf4 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h
+++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h
@@ -39,9 +39,4 @@ struct sqlite_plugin_t {
plugin_t plugin;
};
-/**
- * Create a sqlite_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** SQLITE_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am
index 6028805c4..6d3b05d19 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.am
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.am
@@ -3,7 +3,11 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-test-vectors.la
+else
plugin_LTLIBRARIES = libstrongswan-test-vectors.la
+endif
libstrongswan_test_vectors_la_SOURCES = \
test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \
@@ -29,5 +33,5 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors/sha2_hmac.c \
test_vectors/fips_prf.c \
test_vectors/rng.c
-libstrongswan_test_vectors_la_LDFLAGS = -module -avoid-version
+libstrongswan_test_vectors_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index a8674d282..dbe62c056 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_test_vectors_la_LIBADD =
am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \
3des_cbc.lo aes_cbc.lo aes_xcbc.lo blowfish.lo camellia_cbc.lo \
@@ -85,6 +85,9 @@ libstrongswan_test_vectors_la_LINK = $(LIBTOOL) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_test_vectors_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_test_vectors_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_test_vectors_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -223,6 +226,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -259,7 +263,8 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-test-vectors.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-test-vectors.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-test-vectors.la
libstrongswan_test_vectors_la_SOURCES = \
test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \
test_vectors/3des_cbc.c \
@@ -320,6 +325,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -352,7 +366,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-test-vectors.la: $(libstrongswan_test_vectors_la_OBJECTS) $(libstrongswan_test_vectors_la_DEPENDENCIES)
- $(libstrongswan_test_vectors_la_LINK) -rpath $(plugindir) $(libstrongswan_test_vectors_la_OBJECTS) $(libstrongswan_test_vectors_la_LIBADD) $(LIBS)
+ $(libstrongswan_test_vectors_la_LINK) $(am_libstrongswan_test_vectors_la_rpath) $(libstrongswan_test_vectors_la_OBJECTS) $(libstrongswan_test_vectors_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -681,8 +695,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -753,18 +767,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c
index 4dc1cc174..18e0c9278 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c
@@ -44,7 +44,7 @@ static bool test_monobit(monobit_t *param, chunk_t data)
}
}
}
- DBG2(" Monobit: %d/%d bits set", bits, data.len * 8);
+ DBG2(DBG_LIB, " Monobit: %d/%d bits set", bits, data.len * 8);
if (bits > param->lower && bits < param->upper)
{
return TRUE;
@@ -101,7 +101,7 @@ static bool test_poker(poker_t *param, chunk_t data)
sum += (counter[i] * counter[i]) / 5000.0 * 16.0;
}
sum -= 5000.0;
- DBG2(" Poker: %f", sum);
+ DBG2(DBG_LIB, " Poker: %f", sum);
if (sum > param->lower && sum < param->upper)
{
return TRUE;
@@ -190,7 +190,7 @@ static bool test_runs(runs_t *param, chunk_t data)
}
}
- DBG2(" Runs: zero: %d/%d/%d/%d/%d/%d, one: %d/%d/%d/%d/%d/%d, "
+ DBG2(DBG_LIB, " Runs: zero: %d/%d/%d/%d/%d/%d, one: %d/%d/%d/%d/%d/%d, "
"longruns: %d",
zero_runs[1], zero_runs[2], zero_runs[3],
zero_runs[4], zero_runs[5], zero_runs[6],
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
index 7ad8c3c73..234d237f3 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
@@ -104,7 +104,7 @@ static void destroy(private_test_vectors_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *test_vectors_plugin_create()
{
private_test_vectors_plugin_t *this = malloc_thing(private_test_vectors_plugin_t);
int i;
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h
index 9cb959c88..661529295 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h
@@ -39,9 +39,4 @@ struct test_vectors_plugin_t {
plugin_t plugin;
};
-/**
- * Create a test_vectors_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** TEST_VECTORS_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/x509/Makefile.am b/src/libstrongswan/plugins/x509/Makefile.am
index 853b1cebc..4b50d78dc 100644
--- a/src/libstrongswan/plugins/x509/Makefile.am
+++ b/src/libstrongswan/plugins/x509/Makefile.am
@@ -3,14 +3,19 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-x509.la
+else
plugin_LTLIBRARIES = libstrongswan-x509.la
+endif
-libstrongswan_x509_la_SOURCES = x509_plugin.h x509_plugin.c \
- x509_cert.h x509_cert.c \
- x509_crl.h x509_crl.c \
- x509_ac.h x509_ac.c \
- x509_pkcs10.h x509_pkcs10.c \
- x509_ocsp_request.h x509_ocsp_request.c \
- x509_ocsp_response.h x509_ocsp_response.c
-libstrongswan_x509_la_LDFLAGS = -module -avoid-version
+libstrongswan_x509_la_SOURCES = \
+ x509_plugin.h x509_plugin.c \
+ x509_cert.h x509_cert.c \
+ x509_crl.h x509_crl.c \
+ x509_ac.h x509_ac.c \
+ x509_pkcs10.h x509_pkcs10.c \
+ x509_ocsp_request.h x509_ocsp_request.c \
+ x509_ocsp_response.h x509_ocsp_response.c
+libstrongswan_x509_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 428643254..2bee453cd 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_x509_la_LIBADD =
am_libstrongswan_x509_la_OBJECTS = x509_plugin.lo x509_cert.lo \
x509_crl.lo x509_ac.lo x509_pkcs10.lo x509_ocsp_request.lo \
@@ -81,6 +81,8 @@ libstrongswan_x509_la_OBJECTS = $(am_libstrongswan_x509_la_OBJECTS)
libstrongswan_x509_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_x509_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_x509_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_x509_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -219,6 +221,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -255,14 +258,16 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-x509.la
-libstrongswan_x509_la_SOURCES = x509_plugin.h x509_plugin.c \
- x509_cert.h x509_cert.c \
- x509_crl.h x509_crl.c \
- x509_ac.h x509_ac.c \
- x509_pkcs10.h x509_pkcs10.c \
- x509_ocsp_request.h x509_ocsp_request.c \
- x509_ocsp_response.h x509_ocsp_response.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-x509.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-x509.la
+libstrongswan_x509_la_SOURCES = \
+ x509_plugin.h x509_plugin.c \
+ x509_cert.h x509_cert.c \
+ x509_crl.h x509_crl.c \
+ x509_ac.h x509_ac.c \
+ x509_pkcs10.h x509_pkcs10.c \
+ x509_ocsp_request.h x509_ocsp_request.c \
+ x509_ocsp_response.h x509_ocsp_response.c
libstrongswan_x509_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -299,6 +304,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -331,7 +345,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-x509.la: $(libstrongswan_x509_la_OBJECTS) $(libstrongswan_x509_la_DEPENDENCIES)
- $(libstrongswan_x509_la_LINK) -rpath $(plugindir) $(libstrongswan_x509_la_OBJECTS) $(libstrongswan_x509_la_LIBADD) $(LIBS)
+ $(libstrongswan_x509_la_LINK) $(am_libstrongswan_x509_la_rpath) $(libstrongswan_x509_la_OBJECTS) $(libstrongswan_x509_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -490,8 +504,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -562,18 +576,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index 79ff80933..95e72789e 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -192,7 +192,7 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi
}
else
{
- DBG1("more than one directory name - first selected");
+ DBG1(DBG_LIB, "more than one directory name - first selected");
directoryName->destroy(directoryName);
}
}
@@ -200,7 +200,7 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi
}
else
{
- DBG1("no directoryName found");
+ DBG1(DBG_LIB, "no directoryName found");
}
list->destroy(list);
@@ -359,10 +359,11 @@ static bool parse_certificate(private_x509_ac_t *this)
break;
case AC_OBJ_VERSION:
this->version = (object.len) ? (1 + (u_int)*object.ptr) : 1;
- DBG2(" v%d", this->version);
+ DBG2(DBG_LIB, " v%d", this->version);
if (this->version != 2)
{
- DBG1("v%d attribute certificates are not supported", this->version);
+ DBG1(DBG_LIB, "v%d attribute certificates are not "
+ "supported", this->version);
goto end;
}
break;
@@ -407,20 +408,20 @@ static bool parse_certificate(private_x509_ac_t *this)
switch (type)
{
case OID_AUTHENTICATION_INFO:
- DBG2(" need to parse authenticationInfo");
+ DBG2(DBG_LIB, " need to parse authenticationInfo");
break;
case OID_ACCESS_IDENTITY:
- DBG2(" need to parse accessIdentity");
+ DBG2(DBG_LIB, " need to parse accessIdentity");
break;
case OID_CHARGING_IDENTITY:
- DBG2("-- > --");
+ DBG2(DBG_LIB, "-- > --");
this->charging = ietf_attributes_create_from_encoding(object);
- DBG2("-- < --");
+ DBG2(DBG_LIB, "-- < --");
break;
case OID_GROUP:
- DBG2("-- > --");
+ DBG2(DBG_LIB, "-- > --");
this->groups = ietf_attributes_create_from_encoding(object);
- DBG2("-- < --");
+ DBG2(DBG_LIB, "-- < --");
break;
case OID_ROLE:
parse_roleSyntax(object, level);
@@ -435,21 +436,21 @@ static bool parse_certificate(private_x509_ac_t *this)
break;
case AC_OBJ_CRITICAL:
critical = object.len && *object.ptr;
- DBG2(" %s",(critical)?"TRUE":"FALSE");
+ DBG2(DBG_LIB, " %s",(critical)?"TRUE":"FALSE");
break;
case AC_OBJ_EXTN_VALUE:
{
switch (extn_oid)
{
case OID_CRL_DISTRIBUTION_POINTS:
- DBG2(" need to parse crlDistributionPoints");
+ DBG2(DBG_LIB, " need to parse crlDistributionPoints");
break;
case OID_AUTHORITY_KEY_ID:
this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object,
level, &this->authKeySerialNumber);
break;
case OID_TARGET_INFORMATION:
- DBG2(" need to parse targetInformation");
+ DBG2(DBG_LIB, " need to parse targetInformation");
break;
case OID_NO_REV_AVAIL:
this->noRevAvail = TRUE;
@@ -464,7 +465,7 @@ static bool parse_certificate(private_x509_ac_t *this)
NULL);
if (this->algorithm != sig_alg)
{
- DBG1(" signature algorithms do not agree");
+ DBG1(DBG_LIB, " signature algorithms do not agree");
success = FALSE;
goto end;
}
@@ -824,9 +825,9 @@ static bool is_newer(private_x509_ac_t *this, ac_t *that)
this_cert->get_validity(this_cert, &now, &this_update, NULL);
that_cert->get_validity(that_cert, &now, &that_update, NULL);
new = this_update > that_update;
- DBG1(" attr cert from %T is %s - existing attr cert from %T %s",
- &this_update, FALSE, new ? "newer":"not newer",
- &that_update, FALSE, new ? "replaced":"retained");
+ DBG1(DBG_LIB, " attr cert from %T is %s - existing attr cert from %T %s",
+ &this_update, FALSE, new ? "newer":"not newer",
+ &that_update, FALSE, new ? "replaced":"retained");
return new;
}
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 3b729236e..bdbaa8d4a 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -219,7 +219,7 @@ static void parse_basicConstraints(chunk_t blob, int level0,
{
case BASIC_CONSTRAINTS_CA:
isCA = object.len && *object.ptr;
- DBG2(" %s", isCA ? "TRUE" : "FALSE");
+ DBG2(DBG_LIB, " %s", isCA ? "TRUE" : "FALSE");
if (isCA)
{
this->flags |= X509_CA;
@@ -383,7 +383,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
if (id_type != ID_ANY)
{
gn = identification_create_from_encoding(id_type, object);
- DBG2(" '%Y'", gn);
+ DBG2(DBG_LIB, " '%Y'", gn);
goto end;
}
}
@@ -539,7 +539,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0,
/* parsing went wrong - abort */
goto end;
}
- DBG2(" '%Y'", id);
+ DBG2(DBG_LIB, " '%Y'", id);
if (accessMethod == OID_OCSP &&
asprintf(&uri, "%Y", id) > 0)
{
@@ -704,34 +704,36 @@ static bool check_address_object(ts_type_t ts_type, chunk_t object)
case TS_IPV4_ADDR_RANGE:
if (object.len > 5)
{
- DBG1("IPv4 address object is larger than 5 octets");
+ DBG1(DBG_LIB, "IPv4 address object is larger than 5 octets");
return FALSE;
}
break;
case TS_IPV6_ADDR_RANGE:
if (object.len > 17)
{
- DBG1("IPv6 address object is larger than 17 octets");
+ DBG1(DBG_LIB, "IPv6 address object is larger than 17 octets");
return FALSE;
}
break;
default:
- DBG1("unknown address family");
+ DBG1(DBG_LIB, "unknown address family");
return FALSE;
}
if (object.len == 0)
{
- DBG1("An ASN.1 bit string must contain at least the initial octet");
+ DBG1(DBG_LIB, "An ASN.1 bit string must contain at least the "
+ "initial octet");
return FALSE;
}
if (object.len == 1 && object.ptr[0] != 0)
{
- DBG1("An empty ASN.1 bit string must contain a zero initial octet");
+ DBG1(DBG_LIB, "An empty ASN.1 bit string must contain a zero "
+ "initial octet");
return FALSE;
}
if (object.ptr[0] > 7)
{
- DBG1("number of unused bits is too large");
+ DBG1(DBG_LIB, "number of unused bits is too large");
return FALSE;
}
return TRUE;
@@ -769,11 +771,11 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
{
break;
}
- DBG2(" %N", ts_type_name, ts_type);
+ DBG2(DBG_LIB, " %N", ts_type_name, ts_type);
}
break;
case IP_ADDR_BLOCKS_INHERIT:
- DBG1("inherit choice is not supported");
+ DBG1(DBG_LIB, "inherit choice is not supported");
break;
case IP_ADDR_BLOCKS_PREFIX:
if (!check_address_object(ts_type, object))
@@ -782,7 +784,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
}
ts = traffic_selector_create_from_rfc3779_format(ts_type,
object, object);
- DBG2(" %R", ts);
+ DBG2(DBG_LIB, " %R", ts);
this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts);
break;
case IP_ADDR_BLOCKS_MIN:
@@ -799,7 +801,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
}
ts = traffic_selector_create_from_rfc3779_format(ts_type,
min_object, object);
- DBG2(" %R", ts);
+ DBG2(DBG_LIB, " %R", ts);
this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts);
break;
default:
@@ -893,12 +895,12 @@ static bool parse_certificate(private_x509_cert_t *this)
this->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
if (this->version < 1 || this->version > 3)
{
- DBG1("X.509v%d not supported", this->version);
+ DBG1(DBG_LIB, "X.509v%d not supported", this->version);
goto end;
}
else
{
- DBG2(" X.509v%d", this->version);
+ DBG2(DBG_LIB, " X.509v%d", this->version);
}
break;
case X509_OBJ_SERIAL_NUMBER:
@@ -909,7 +911,7 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
case X509_OBJ_ISSUER:
this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(" '%Y'", this->issuer);
+ DBG2(DBG_LIB, " '%Y'", this->issuer);
break;
case X509_OBJ_NOT_BEFORE:
this->notBefore = asn1_parse_time(object, level);
@@ -919,13 +921,13 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
case X509_OBJ_SUBJECT:
this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(" '%Y'", this->subject);
+ DBG2(DBG_LIB, " '%Y'", this->subject);
break;
case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO:
- DBG2("-- > --");
+ DBG2(DBG_LIB, "-- > --");
this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END);
- DBG2("-- < --");
+ DBG2(DBG_LIB, "-- < --");
if (this->public_key == NULL)
{
goto end;
@@ -934,7 +936,7 @@ static bool parse_certificate(private_x509_cert_t *this)
case X509_OBJ_OPTIONAL_EXTENSIONS:
if (this->version != 3)
{
- DBG1("Only X.509v3 certificates have extensions");
+ DBG1(DBG_LIB, "Only X.509v3 certificates have extensions");
goto end;
}
break;
@@ -943,7 +945,7 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
case X509_OBJ_CRITICAL:
critical = object.len && *object.ptr;
- DBG2(" %s", critical ? "TRUE" : "FALSE");
+ DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE");
break;
case X509_OBJ_EXTN_VALUE:
{
@@ -974,6 +976,9 @@ static bool parse_certificate(private_x509_cert_t *this)
case OID_AUTHORITY_INFO_ACCESS:
parse_authorityInfoAccess(object, level, this);
break;
+ case OID_KEY_USAGE:
+ /* TODO parse the flags */
+ break;
case OID_EXTENDED_KEY_USAGE:
parse_extendedKeyUsage(object, level, this);
break;
@@ -994,7 +999,7 @@ static bool parse_certificate(private_x509_cert_t *this)
if (critical && lib->settings->get_bool(lib->settings,
"libstrongswan.plugins.x509.enforce_critical", FALSE))
{
- DBG1("critical %s extension not supported",
+ DBG1(DBG_LIB, "critical %s extension not supported",
(extn_oid == OID_UNKNOWN) ? "unknown" :
(char*)oid_names[extn_oid].name);
goto end;
@@ -1007,7 +1012,7 @@ static bool parse_certificate(private_x509_cert_t *this)
this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
if (this->algorithm != sig_alg)
{
- DBG1(" signature algorithms do not agree");
+ DBG1(DBG_LIB, " signature algorithms do not agree");
goto end;
}
break;
@@ -1035,7 +1040,7 @@ end:
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (hasher == NULL)
{
- DBG1(" unable to create hash of certificate, SHA1 not supported");
+ DBG1(DBG_LIB, " unable to create hash of certificate, SHA1 not supported");
return NULL;
}
hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
@@ -1214,9 +1219,9 @@ static bool is_newer(certificate_t *this, certificate_t *that)
this->get_validity(this, &now, &this_update, NULL);
that->get_validity(that, &now, &that_update, NULL);
new = this_update > that_update;
- DBG1(" certificate from %T is %s - existing certificate from %T %s",
- &this_update, FALSE, new ? "newer":"not newer",
- &that_update, FALSE, new ? "replaced":"retained");
+ DBG1(DBG_LIB, " certificate from %T is %s - existing certificate "
+ "from %T %s", &this_update, FALSE, new ? "newer":"not newer",
+ &that_update, FALSE, new ? "replaced":"retained");
return new;
}
@@ -1453,7 +1458,7 @@ chunk_t x509_build_subjectAltNames(linked_list_t *list)
context = ASN1_CONTEXT_S_7;
break;
default:
- DBG1("encoding %N as subjectAltName not supported",
+ DBG1(DBG_LIB, "encoding %N as subjectAltName not supported",
id_type_names, id->get_type(id));
enumerator->destroy(enumerator);
free(subjectAltNames.ptr);
@@ -1481,7 +1486,9 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
chunk_t extensions = chunk_empty, extendedKeyUsage = chunk_empty;
chunk_t serverAuth = chunk_empty, clientAuth = chunk_empty;
chunk_t ocspSigning = chunk_empty;
- chunk_t basicConstraints = chunk_empty, subjectAltNames = chunk_empty;
+ chunk_t basicConstraints = chunk_empty;
+ chunk_t keyUsage = chunk_empty;
+ chunk_t subjectAltNames = chunk_empty;
chunk_t subjectKeyIdentifier = chunk_empty, authKeyIdentifier = chunk_empty;
chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty;
identification_t *issuer, *subject;
@@ -1583,7 +1590,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
asn1_wrap(ASN1_SEQUENCE, "m", authorityInfoAccess)));
}
- /* build CA basicConstraint for CA certificates */
+ /* build CA basicConstraint and keyUsage flags for CA certificates */
if (cert->flags & X509_CA)
{
chunk_t pathLenConstraint = chunk_empty;
@@ -1603,6 +1610,13 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
asn1_wrap(ASN1_BOOLEAN, "c",
chunk_from_chars(0xFF)),
pathLenConstraint)));
+ keyUsage = asn1_wrap(ASN1_SEQUENCE, "mmm",
+ asn1_build_known_oid(OID_KEY_USAGE),
+ asn1_wrap(ASN1_BOOLEAN, "c",
+ chunk_from_chars(0xFF)),
+ asn1_wrap(ASN1_OCTET_STRING, "m",
+ asn1_wrap(ASN1_BIT_STRING, "c",
+ chunk_from_chars(0x01, 0x06))));
}
/* add serverAuth extendedKeyUsage flag */
@@ -1663,8 +1677,8 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
crlDistributionPoints.ptr)
{
extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m",
- asn1_wrap(ASN1_SEQUENCE, "mmmmmmm",
- basicConstraints, subjectKeyIdentifier,
+ asn1_wrap(ASN1_SEQUENCE, "mmmmmmmm",
+ basicConstraints, keyUsage, subjectKeyIdentifier,
authKeyIdentifier, subjectAltNames,
extendedKeyUsage, crlDistributionPoints,
authorityInfoAccess));
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index b9ef3218b..c755d7f63 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -216,14 +216,14 @@ static bool parse(private_x509_crl_t *this)
break;
case CRL_OBJ_VERSION:
this->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
- DBG2(" v%d", this->version);
+ DBG2(DBG_LIB, " v%d", this->version);
break;
case CRL_OBJ_SIG_ALG:
sig_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
break;
case CRL_OBJ_ISSUER:
this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(" '%Y'", this->issuer);
+ DBG2(DBG_LIB, " '%Y'", this->issuer);
break;
case CRL_OBJ_THIS_UPDATE:
this->thisUpdate = asn1_parse_time(object, level);
@@ -248,7 +248,7 @@ static bool parse(private_x509_crl_t *this)
case CRL_OBJ_CRL_ENTRY_CRITICAL:
case CRL_OBJ_CRITICAL:
critical = object.len && *object.ptr;
- DBG2(" %s", critical ? "TRUE" : "FALSE");
+ DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE");
break;
case CRL_OBJ_CRL_ENTRY_EXTN_VALUE:
case CRL_OBJ_EXTN_VALUE:
@@ -262,7 +262,8 @@ static bool parse(private_x509_crl_t *this)
{
revoked->reason = *object.ptr;
}
- DBG2(" '%N'", crl_reason_names, revoked->reason);
+ DBG2(DBG_LIB, " '%N'", crl_reason_names,
+ revoked->reason);
}
else if (extn_oid == OID_AUTHORITY_KEY_ID)
{
@@ -286,7 +287,7 @@ static bool parse(private_x509_crl_t *this)
this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
if (this->algorithm != sig_alg)
{
- DBG1(" signature algorithms do not agree");
+ DBG1(DBG_LIB, " signature algorithms do not agree");
goto end;
}
break;
@@ -483,7 +484,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that)
if (this->crlNumber.ptr != NULL && that_crlNumber.ptr != NULL)
{
new = chunk_compare(this->crlNumber, that_crlNumber) > 0;
- DBG1(" crl #%#B is %s - existing crl #%#B %s",
+ DBG1(DBG_LIB, " crl #%#B is %s - existing crl #%#B %s",
&this->crlNumber, new ? "newer":"not newer",
&that_crlNumber, new ? "replaced":"retained");
}
@@ -497,7 +498,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that)
this_cert->get_validity(this_cert, &now, &this_update, NULL);
that_cert->get_validity(that_cert, &now, &that_update, NULL);
new = this_update > that_update;
- DBG1(" crl from %T is %s - existing crl from %T %s",
+ DBG1(DBG_LIB, " crl from %T is %s - existing crl from %T %s",
&this_update, FALSE, new ? "newer":"not newer",
&that_update, FALSE, new ? "replaced":"retained");
}
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index f86f87751..c835d5dc8 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -179,13 +179,14 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this)
}
else
{
- DBG1("creating OCSP request failed, SHA1 not supported");
+ DBG1(DBG_LIB, "creating OCSP request failed, SHA1 not supported");
}
public->destroy(public);
}
else
{
- DBG1("creating OCSP request failed, CA certificate has no public key");
+ DBG1(DBG_LIB, "creating OCSP request failed, CA certificate has "
+ "no public key");
}
return asn1_wrap(ASN1_SEQUENCE, "m", list);
}
@@ -205,7 +206,7 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this)
return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
}
- DBG1("creating OCSP request nonce failed, no RNG found");
+ DBG1(DBG_LIB, "creating OCSP request nonce failed, no RNG found");
return chunk_empty;
}
@@ -263,14 +264,14 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this,
scheme = SIGN_ECDSA_WITH_SHA1_DER;
break;
default:
- DBG1("unable to sign OCSP request, %N signature not supported",
- key_type_names, this->key->get_type(this->key));
+ DBG1(DBG_LIB, "unable to sign OCSP request, %N signature not "
+ "supported", key_type_names, this->key->get_type(this->key));
return chunk_empty;
}
if (!this->key->sign(this->key, scheme, tbsRequest, &signature))
{
- DBG1("creating OCSP signature failed, skipped");
+ DBG1(DBG_LIB, "creating OCSP signature failed, skipped");
return chunk_empty;
}
if (this->cert)
@@ -378,7 +379,7 @@ static id_match_t has_issuer(private_x509_ocsp_request_t *this,
*/
static bool issued_by(private_x509_ocsp_request_t *this, certificate_t *issuer)
{
- DBG1("OCSP request validation not implemented!");
+ DBG1(DBG_LIB, "OCSP request validation not implemented!");
return FALSE;
}
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
index 948d7ad85..c70d461df 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -509,7 +509,8 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
if (version != OCSP_BASIC_RESPONSE_VERSION)
{
- DBG1(" ocsp ResponseData version %d not supported", version);
+ DBG1(DBG_LIB, " ocsp ResponseData version %d not "
+ "supported", version);
goto end;
}
break;
@@ -517,12 +518,12 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
case BASIC_RESPONSE_ID_BY_NAME:
this->responderId = identification_create_from_encoding(
ID_DER_ASN1_DN, object);
- DBG2(" '%Y'", this->responderId);
+ DBG2(DBG_LIB, " '%Y'", this->responderId);
break;
case BASIC_RESPONSE_ID_BY_KEY:
this->responderId = identification_create_from_encoding(
ID_KEY_ID, object);
- DBG2(" '%Y'", this->responderId);
+ DBG2(DBG_LIB, " '%Y'", this->responderId);
break;
case BASIC_RESPONSE_PRODUCED_AT:
this->producedAt = asn1_to_time(&object, ASN1_GENERALIZEDTIME);
@@ -536,7 +537,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
break;
case BASIC_RESPONSE_CRITICAL:
critical = object.len && *object.ptr;
- DBG2(" %s", critical ? "TRUE" : "FALSE");
+ DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE");
break;
case BASIC_RESPONSE_EXT_VALUE:
if (extn_oid == OID_NONCE)
@@ -622,7 +623,7 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this)
case OCSP_SUCCESSFUL:
break;
default:
- DBG1(" ocsp response status: %N",
+ DBG1(DBG_LIB, " ocsp response status: %N",
ocsp_status_names, status);
goto end;
}
@@ -638,7 +639,8 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this)
parser->get_level(parser)+1);
break;
default:
- DBG1(" ocsp response type %#B not supported", &object);
+ DBG1(DBG_LIB, " ocsp response type %#B not supported",
+ &object);
goto end;
}
break;
@@ -772,9 +774,9 @@ static bool is_newer(certificate_t *this, certificate_t *that)
this->get_validity(this, &now, &this_update, NULL);
that->get_validity(that, &now, &that_update, NULL);
new = this_update > that_update;
- DBG1(" ocsp response from %T is %s - existing ocsp response from %T %s",
- &this_update, FALSE, new ? "newer":"not newer",
- &that_update, FALSE, new ? "replaced":"retained");
+ DBG1(DBG_LIB, " ocsp response from %T is %s - existing ocsp response "
+ "from %T %s", &this_update, FALSE, new ? "newer" : "not newer",
+ &that_update, FALSE, new ? "replaced" : "retained");
return new;
}
diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c
index 6d750c98c..1009ec931 100644
--- a/src/libstrongswan/plugins/x509/x509_pkcs10.c
+++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c
@@ -297,7 +297,7 @@ static bool parse_extension_request(private_x509_pkcs10_t *this, chunk_t blob, i
break;
case PKCS10_EXTN_CRITICAL:
critical = object.len && *object.ptr;
- DBG2(" %s", critical ? "TRUE" : "FALSE");
+ DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE");
break;
case PKCS10_EXTN_VALUE:
{
@@ -330,25 +330,25 @@ static bool parse_challengePassword(private_x509_pkcs10_t *this, chunk_t blob, i
if (blob.len < 2)
{
- DBG1("L%d - challengePassword: ASN.1 object smaller than 2 octets",
- level);
+ DBG1(DBG_LIB, "L%d - challengePassword: ASN.1 object smaller "
+ "than 2 octets", level);
return FALSE;
}
tag = *blob.ptr;
if (tag < ASN1_UTF8STRING || tag > ASN1_IA5STRING)
{
- DBG1("L%d - challengePassword: ASN.1 object is not a character string",
- level);
+ DBG1(DBG_LIB, "L%d - challengePassword: ASN.1 object is not "
+ "a character string", level);
return FALSE;
}
if (asn1_length(&blob) == ASN1_INVALID_LENGTH)
{
- DBG1("L%d - challengePassword: ASN.1 object has an invalid length",
- level);
+ DBG1(DBG_LIB, "L%d - challengePassword: ASN.1 object has an "
+ "invalid length", level);
return FALSE;
- }
- DBG2("L%d - challengePassword:", level);
- DBG4(" '%.*s'", blob.len, blob.ptr);
+ }
+ DBG2(DBG_LIB, "L%d - challengePassword:", level);
+ DBG4(DBG_LIB, " '%.*s'", blob.len, blob.ptr);
return TRUE;
}
@@ -406,13 +406,14 @@ static bool parse_certificate_request(private_x509_pkcs10_t *this)
case PKCS10_VERSION:
if (object.len > 0 && *object.ptr != 0)
{
- DBG1("PKCS#10 certificate request format is not version 1");
+ DBG1(DBG_LIB, "PKCS#10 certificate request format is "
+ "not version 1");
goto end;
}
break;
case PKCS10_SUBJECT:
this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(" '%Y'", this->subject);
+ DBG2(DBG_LIB, " '%Y'", this->subject);
break;
case PKCS10_SUBJECT_PUBLIC_KEY_INFO:
this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
@@ -467,7 +468,7 @@ end:
}
else
{
- DBG1("certificate request is not self-signed");
+ DBG1(DBG_LIB, "certificate request is not self-signed");
success = FALSE;
}
}
diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c
index 94c49b1e1..e71c55efc 100644
--- a/src/libstrongswan/plugins/x509/x509_plugin.c
+++ b/src/libstrongswan/plugins/x509/x509_plugin.c
@@ -65,7 +65,7 @@ static void destroy(private_x509_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *x509_plugin_create()
{
private_x509_plugin_t *this = malloc_thing(private_x509_plugin_t);
diff --git a/src/libstrongswan/plugins/x509/x509_plugin.h b/src/libstrongswan/plugins/x509/x509_plugin.h
index fe8c0b31f..e3f959ffa 100644
--- a/src/libstrongswan/plugins/x509/x509_plugin.h
+++ b/src/libstrongswan/plugins/x509/x509_plugin.h
@@ -39,9 +39,4 @@ struct x509_plugin_t {
plugin_t plugin;
};
-/**
- * Create a x509_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** X509_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.am b/src/libstrongswan/plugins/xcbc/Makefile.am
index 515b75031..7de306832 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.am
+++ b/src/libstrongswan/plugins/xcbc/Makefile.am
@@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-xcbc.la
+else
plugin_LTLIBRARIES = libstrongswan-xcbc.la
+endif
-libstrongswan_xcbc_la_SOURCES = xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c \
+libstrongswan_xcbc_la_SOURCES = \
+ xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c \
xcbc_prf.h xcbc_prf.c xcbc_signer.h xcbc_signer.c
-libstrongswan_xcbc_la_LDFLAGS = -module -avoid-version
+libstrongswan_xcbc_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 3720aeaeb..c49e2b76a 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_xcbc_la_LIBADD =
am_libstrongswan_xcbc_la_OBJECTS = xcbc_plugin.lo xcbc.lo xcbc_prf.lo \
xcbc_signer.lo
@@ -80,6 +80,8 @@ libstrongswan_xcbc_la_OBJECTS = $(am_libstrongswan_xcbc_la_OBJECTS)
libstrongswan_xcbc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstrongswan_xcbc_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_xcbc_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_xcbc_la_rpath =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -254,8 +257,10 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-xcbc.la
-libstrongswan_xcbc_la_SOURCES = xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-xcbc.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-xcbc.la
+libstrongswan_xcbc_la_SOURCES = \
+ xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c \
xcbc_prf.h xcbc_prf.c xcbc_signer.h xcbc_signer.c
libstrongswan_xcbc_la_LDFLAGS = -module -avoid-version
@@ -293,6 +298,15 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -325,7 +339,7 @@ clean-pluginLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan-xcbc.la: $(libstrongswan_xcbc_la_OBJECTS) $(libstrongswan_xcbc_la_DEPENDENCIES)
- $(libstrongswan_xcbc_la_LINK) -rpath $(plugindir) $(libstrongswan_xcbc_la_OBJECTS) $(libstrongswan_xcbc_la_LIBADD) $(LIBS)
+ $(libstrongswan_xcbc_la_LINK) $(am_libstrongswan_xcbc_la_rpath) $(libstrongswan_xcbc_la_OBJECTS) $(libstrongswan_xcbc_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -481,8 +495,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -553,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
index 3eb7f0927..9d903bfaa 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
@@ -47,7 +47,7 @@ static void destroy(private_xcbc_plugin_t *this)
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *xcbc_plugin_create()
{
private_xcbc_plugin_t *this = malloc_thing(private_xcbc_plugin_t);
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h
index 803d847aa..9824088c6 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h
@@ -39,9 +39,4 @@ struct xcbc_plugin_t {
plugin_t plugin;
};
-/**
- * Create a xcbc_plugin instance.
- */
-plugin_t *plugin_create();
-
#endif /** XCBC_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/printf_hook.c b/src/libstrongswan/printf_hook.c
index 0b516c99e..037f0b918 100644
--- a/src/libstrongswan/printf_hook.c
+++ b/src/libstrongswan/printf_hook.c
@@ -16,8 +16,8 @@
#include "printf_hook.h"
-#include <utils.h>
-#include <debug.h>
+#include "utils.h"
+#include "debug.h"
#include <stdio.h>
#include <stdarg.h>
@@ -333,7 +333,8 @@ static void add_handler(private_printf_hook_t *this, char spec,
if (!IS_VALID_SPEC(spec))
{
- DBG1("'%c' is not a valid printf hook specifier, not registered!", spec);
+ DBG1(DBG_LIB, "'%c' is not a valid printf hook specifier, "
+ "not registered!", spec);
return;
}
@@ -345,7 +346,8 @@ static void add_handler(private_printf_hook_t *this, char spec,
{
if (++i >= ARGS_MAX)
{
- DBG1("Too many arguments for printf hook with specifier '%c', not registered!", spec);
+ DBG1(DBG_LIB, "Too many arguments for printf hook with "
+ "specifier '%c', not registered!", spec);
va_end(args);
free(handler);
return;
@@ -427,7 +429,7 @@ printf_hook_t *printf_hook_create()
#ifdef USE_VSTR
if (!vstr_init())
{
- DBG1("failed to initialize Vstr library!");
+ DBG1(DBG_LIB, "failed to initialize Vstr library!");
free(this);
return NULL;
}
diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h
index b5964b541..257da3f24 100644
--- a/src/libstrongswan/selectors/traffic_selector.h
+++ b/src/libstrongswan/selectors/traffic_selector.h
@@ -74,8 +74,8 @@ struct traffic_selector_t {
*
* @param other traffic selector to compare
* @return
- * - created subset of them
- * - or NULL if no match between this and other
+ * - created subset of them
+ * - or NULL if no match between this and other
*/
traffic_selector_t *(*get_subset) (traffic_selector_t *this,
traffic_selector_t *other);
@@ -173,7 +173,7 @@ struct traffic_selector_t {
* Compare two traffic selectors for equality.
*
* @param other ts to compare with this
- * @return TRUE if equal, FALSE otherwise
+ * @return TRUE if equal, FALSE otherwise
*/
bool (*equals) (traffic_selector_t *this, traffic_selector_t *other);
@@ -215,15 +215,15 @@ struct traffic_selector_t {
/**
* Create a new traffic selector using human readable params.
*
- * @param protocol protocol for this ts, such as TCP or UDP
+ * @param protocol protocol for this ts, such as TCP or UDP
* @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
* @param from_addr start of address range as string
* @param from_port port number in host order
* @param to_addr end of address range as string
* @param to_port port number in host order
* @return
- * - traffic_selector_t object
- * - NULL if invalid address strings/protocol
+ * - traffic_selector_t object
+ * - NULL if invalid address strings/protocol
*/
traffic_selector_t *traffic_selector_create_from_string(
u_int8_t protocol, ts_type_t type,
@@ -237,11 +237,11 @@ traffic_selector_t *traffic_selector_create_from_string(
* But the parser gives us this data in this format, so we
* don't have to convert twice.
*
- * @param protocol protocol for this ts, such as TCP or UDP
+ * @param protocol protocol for this ts, such as TCP or UDP
* @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
- * @param from_addr start of address range, network order
+ * @param from_address start of address range, network order
* @param from_port port number, host order
- * @param to_addr end of address range, network order
+ * @param to_address end of address range, network order
* @param to_port port number, host order
* @return traffic_selector_t object
*/
@@ -273,11 +273,11 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type,
*
* @param net subnet to use
* @param netbits size of the subnet, as used in e.g. 192.168.0.0/24 notation
- * @param protocol protocol for this ts, such as TCP or UDP
+ * @param protocol protocol for this ts, such as TCP or UDP
* @param port port number, host order
* @return
- * - traffic_selector_t object
- * - NULL if address family of net not supported
+ * - traffic_selector_t object
+ * - NULL if address family of net not supported
*/
traffic_selector_t *traffic_selector_create_from_subnet(
host_t *net, u_int8_t netbits,
@@ -295,8 +295,8 @@ traffic_selector_t *traffic_selector_create_from_subnet(
* @param from_port start of allowed port range
* @param to_port end of range
* @return
- * - traffic_selector_t object
- * - NULL if type not supported
+ * - traffic_selector_t object
+ * - NULL if type not supported
*/
traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
u_int16_t from_port, u_int16_t to_port);
diff --git a/src/libstrongswan/settings.c b/src/libstrongswan/settings.c
index 4a822bcbf..610e2b8ea 100644
--- a/src/libstrongswan/settings.c
+++ b/src/libstrongswan/settings.c
@@ -21,8 +21,8 @@
#include "settings.h"
-#include <debug.h>
-#include <utils/linked_list.h>
+#include "debug.h"
+#include "utils/linked_list.h"
typedef struct private_settings_t private_settings_t;
@@ -293,8 +293,8 @@ static u_int32_t get_time(private_settings_t *this, char *key, u_int32_t def, ..
if (value)
{
errno = 0;
- timeval = strtol(value, &endptr, 10);
- if (errno == 0 && timeval >= 0)
+ timeval = strtoul(value, &endptr, 10);
+ if (errno == 0)
{
switch (*endptr)
{
@@ -497,7 +497,7 @@ static section_t* parse_section(char **text, char *name)
continue;
}
}
- DBG1("matching '}' not found near %s", *text);
+ DBG1(DBG_LIB, "matching '}' not found near %s", *text);
break;
case '=':
if (parse(text, "\t ", "\n", NULL, &value))
@@ -508,7 +508,7 @@ static section_t* parse_section(char **text, char *name)
section->kv->insert_last(section->kv, kv);
continue;
}
- DBG1("parsing value failed near %s", *text);
+ DBG1(DBG_LIB, "parsing value failed near %s", *text);
break;
case '#':
parse(text, "", "\n", NULL, &value);
@@ -566,7 +566,7 @@ settings_t *settings_create(char *file)
fd = fopen(file, "r");
if (fd == NULL)
{
- DBG1("'%s' does not exist or is not readable", file);
+ DBG1(DBG_LIB, "'%s' does not exist or is not readable", file);
return &this->public;
}
fseek(fd, 0, SEEK_END);
diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h
index 9e8d75cc0..f274fb33c 100644
--- a/src/libstrongswan/settings.h
+++ b/src/libstrongswan/settings.h
@@ -23,8 +23,8 @@
typedef struct settings_t settings_t;
-#include <utils.h>
-#include <utils/enumerator.h>
+#include "utils.h"
+#include "utils/enumerator.h"
/**
* Generic configuration options read from a config file.
diff --git a/src/libstrongswan/threading/mutex.c b/src/libstrongswan/threading/mutex.c
index a35695624..8597abb44 100644
--- a/src/libstrongswan/threading/mutex.c
+++ b/src/libstrongswan/threading/mutex.c
@@ -108,7 +108,7 @@ static void lock(private_mutex_t *this)
err = pthread_mutex_lock(&this->mutex);
if (err)
{
- DBG1("!!! MUTEX LOCK ERROR: %s !!!", strerror(err));
+ DBG1(DBG_LIB, "!!! MUTEX LOCK ERROR: %s !!!", strerror(err));
}
profiler_end(&this->profile);
}
@@ -123,7 +123,7 @@ static void unlock(private_mutex_t *this)
err = pthread_mutex_unlock(&this->mutex);
if (err)
{
- DBG1("!!! MUTEX UNLOCK ERROR: %s !!!", strerror(err));
+ DBG1(DBG_LIB, "!!! MUTEX UNLOCK ERROR: %s !!!", strerror(err));
}
}
diff --git a/src/libstrongswan/threading/rwlock.c b/src/libstrongswan/threading/rwlock.c
index ee9fb10be..cec43f59c 100644
--- a/src/libstrongswan/threading/rwlock.c
+++ b/src/libstrongswan/threading/rwlock.c
@@ -98,7 +98,7 @@ static void read_lock(private_rwlock_t *this)
err = pthread_rwlock_rdlock(&this->rwlock);
if (err != 0)
{
- DBG1("!!! RWLOCK READ LOCK ERROR: %s !!!", strerror(err));
+ DBG1(DBG_LIB, "!!! RWLOCK READ LOCK ERROR: %s !!!", strerror(err));
}
profiler_end(&this->profile);
}
@@ -114,7 +114,7 @@ static void write_lock(private_rwlock_t *this)
err = pthread_rwlock_wrlock(&this->rwlock);
if (err != 0)
{
- DBG1("!!! RWLOCK WRITE LOCK ERROR: %s !!!", strerror(err));
+ DBG1(DBG_LIB, "!!! RWLOCK WRITE LOCK ERROR: %s !!!", strerror(err));
}
profiler_end(&this->profile);
}
@@ -137,7 +137,7 @@ static void rw_unlock(private_rwlock_t *this)
err = pthread_rwlock_unlock(&this->rwlock);
if (err != 0)
{
- DBG1("!!! RWLOCK UNLOCK ERROR: %s !!!", strerror(err));
+ DBG1(DBG_LIB, "!!! RWLOCK UNLOCK ERROR: %s !!!", strerror(err));
}
}
diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c
index bbfb2c2c6..3751bb749 100644
--- a/src/libstrongswan/threading/thread.c
+++ b/src/libstrongswan/threading/thread.c
@@ -155,7 +155,7 @@ static void cancel(private_thread_t *this)
if (pthread_equal(this->thread_id, pthread_self()))
{
this->mutex->unlock(this->mutex);
- DBG1("!!! CANNOT CANCEL CURRENT THREAD !!!");
+ DBG1(DBG_LIB, "!!! CANNOT CANCEL CURRENT THREAD !!!");
return;
}
#ifdef HAVE_PTHREAD_CANCEL
@@ -180,7 +180,7 @@ static void _kill(private_thread_t *this, int sig)
* returned, so depending on the signal, the lock might not get
* unlocked. */
this->mutex->unlock(this->mutex);
- DBG1("!!! CANNOT SEND SIGNAL TO CURRENT THREAD !!!");
+ DBG1(DBG_LIB, "!!! CANNOT SEND SIGNAL TO CURRENT THREAD !!!");
return;
}
pthread_kill(this->thread_id, sig);
@@ -209,13 +209,13 @@ static void *join(private_thread_t *this)
if (pthread_equal(this->thread_id, pthread_self()))
{
this->mutex->unlock(this->mutex);
- DBG1("!!! CANNOT JOIN CURRENT THREAD !!!");
+ DBG1(DBG_LIB, "!!! CANNOT JOIN CURRENT THREAD !!!");
return NULL;
}
if (this->detached_or_joined)
{
this->mutex->unlock(this->mutex);
- DBG1("!!! CANNOT JOIN DETACHED THREAD !!!");
+ DBG1(DBG_LIB, "!!! CANNOT JOIN DETACHED THREAD !!!");
return NULL;
}
thread_id = this->thread_id;
@@ -299,7 +299,8 @@ thread_t *thread_create(thread_main_t main, void *arg)
this->arg = arg;
if (pthread_create(&this->thread_id, NULL, (void*)thread_main, this) != 0)
{
- DBG1("failed to create thread!");
+ DBG1(DBG_LIB, "failed to create thread!");
+ this->mutex->lock(this->mutex);
thread_destroy(this);
return NULL;
}
@@ -354,7 +355,7 @@ void thread_cleanup_pop(bool execute)
(void**)&handler) != SUCCESS)
{
this->mutex->unlock(this->mutex);
- DBG1("!!! THREAD CLEANUP ERROR !!!");
+ DBG1(DBG_LIB, "!!! THREAD CLEANUP ERROR !!!");
return;
}
this->mutex->unlock(this->mutex);
@@ -433,6 +434,7 @@ void threads_init()
void threads_deinit()
{
private_thread_t *main_thread = (private_thread_t*)thread_current();
+ main_thread->mutex->lock(main_thread->mutex);
thread_destroy(main_thread);
current_thread->destroy(current_thread);
id_mutex->destroy(id_mutex);
diff --git a/src/libstrongswan/threading/thread.h b/src/libstrongswan/threading/thread.h
index 6bf8fac79..31b9e1b3a 100644
--- a/src/libstrongswan/threading/thread.h
+++ b/src/libstrongswan/threading/thread.h
@@ -24,6 +24,12 @@
typedef struct thread_t thread_t;
#ifdef __APPLE__
+/* thread_create is a syscall used to create Mach kernel threads and although
+ * there are no errors or warnings during compilation or linkage the dynamic
+ * linker does not use our implementation, therefore we rename it here
+ */
+#define thread_create(main, arg) strongswan_thread_create(main, arg)
+
/* on Mac OS X 10.5 several system calls we use are no cancellation points.
* fortunately, select isn't one of them, so we wrap some of the others with
* calls to select(2).
diff --git a/src/libstrongswan/utils.c b/src/libstrongswan/utils.c
index e331ac0d0..63958593d 100644
--- a/src/libstrongswan/utils.c
+++ b/src/libstrongswan/utils.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2009 Tobias Brunner
+ * Copyright (C) 2008-2010 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -25,8 +25,8 @@
#include <dirent.h>
#include <time.h>
-#include <enum.h>
-#include <debug.h>
+#include "enum.h"
+#include "debug.h"
ENUM(status_names, SUCCESS, DESTROY_ME,
"SUCCESS",
@@ -119,9 +119,31 @@ void *memstr(const void *haystack, const char *needle, size_t n)
/**
* Described in header.
*/
+char* translate(char *str, const char *from, const char *to)
+{
+ char *pos = str;
+ if (strlen(from) != strlen(to))
+ {
+ return str;
+ }
+ while (pos && *pos)
+ {
+ char *match;
+ if ((match = strchr(from, *pos)) != NULL)
+ {
+ *pos = to[match - from];
+ }
+ pos++;
+ }
+ return str;
+}
+
+/**
+ * Described in header.
+ */
bool mkdir_p(const char *path, mode_t mode)
{
- size_t len;
+ int len;
char *pos, full[PATH_MAX];
pos = full;
if (!path || *path == '\0')
@@ -131,7 +153,7 @@ bool mkdir_p(const char *path, mode_t mode)
len = snprintf(full, sizeof(full)-1, "%s", path);
if (len < 0 || len >= sizeof(full)-1)
{
- DBG1("path string %s too long", path);
+ DBG1(DBG_LIB, "path string %s too long", path);
return FALSE;
}
/* ensure that the path ends with a '/' */
@@ -152,7 +174,7 @@ bool mkdir_p(const char *path, mode_t mode)
{
if (mkdir(full, mode) < 0)
{
- DBG1("failed to create directory %s", full);
+ DBG1(DBG_LIB, "failed to create directory %s", full);
return FALSE;
}
}
diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h
index 964cbd1d2..04551835e 100644
--- a/src/libstrongswan/utils.h
+++ b/src/libstrongswan/utils.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2009 Tobias Brunner
+ * Copyright (C) 2008-2010 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -29,7 +29,7 @@
#include <arpa/inet.h>
#include <string.h>
-#include <enum.h>
+#include "enum.h"
/**
* strongSwan program return codes
@@ -125,7 +125,7 @@
#define METHOD(iface, name, ret, this, ...) \
static ret name(union {iface *_public; this;} \
__attribute__((transparent_union)), ##__VA_ARGS__); \
- const static typeof(name) *_##name = (const typeof(name)*)name; \
+ static const typeof(name) *_##name = (const typeof(name)*)name; \
static ret name(this, ##__VA_ARGS__)
/**
@@ -134,7 +134,7 @@
#define METHOD2(iface1, iface2, name, ret, this, ...) \
static ret name(union {iface1 *_public1; iface2 *_public2; this;} \
__attribute__((transparent_union)), ##__VA_ARGS__); \
- const static typeof(name) *_##name = (const typeof(name)*)name; \
+ static const typeof(name) *_##name = (const typeof(name)*)name; \
static ret name(this, ##__VA_ARGS__)
/**
@@ -150,7 +150,7 @@
/**
* Ignore result of functions tagged with warn_unused_result attributes
*/
-#define ignore_result(call) { if(call); }
+#define ignore_result(call) { if(call){}; }
/**
* Assign a function as a class method
@@ -311,6 +311,14 @@ void memxor(u_int8_t dest[], u_int8_t src[], size_t n);
void *memstr(const void *haystack, const char *needle, size_t n);
/**
+ * Translates the characters in the given string, searching for characters
+ * in 'from' and mapping them to characters in 'to'.
+ * The two characters sets 'from' and 'to' must contain the same number of
+ * characters.
+ */
+char *translate(char *str, const char *from, const char *to);
+
+/**
* Creates a directory and all required parent directories.
*
* @param path path to the new directory
diff --git a/src/libstrongswan/utils/enumerator.c b/src/libstrongswan/utils/enumerator.c
index 7efdd883e..fb461b448 100644
--- a/src/libstrongswan/utils/enumerator.c
+++ b/src/libstrongswan/utils/enumerator.c
@@ -76,7 +76,8 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative,
char **absolute, struct stat *st)
{
struct dirent *entry = readdir(this->dir);
- size_t len, remaining;
+ size_t remaining;
+ int len;
if (!entry)
{
@@ -96,7 +97,8 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative,
len = snprintf(this->full_end, remaining, "%s", entry->d_name);
if (len < 0 || len >= remaining)
{
- DBG1("buffer too small to enumerate file '%s'", entry->d_name);
+ DBG1(DBG_LIB, "buffer too small to enumerate file '%s'",
+ entry->d_name);
return FALSE;
}
if (absolute)
@@ -107,7 +109,8 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative,
{
if (stat(this->full, st))
{
- DBG1("stat() on '%s' failed: %s", this->full, strerror(errno));
+ DBG1(DBG_LIB, "stat() on '%s' failed: %s", this->full,
+ strerror(errno));
return FALSE;
}
}
@@ -120,7 +123,7 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative,
*/
enumerator_t* enumerator_create_directory(char *path)
{
- size_t len;
+ int len;
dir_enum_t *this = malloc_thing(dir_enum_t);
this->public.enumerate = (void*)enumerate_dir_enum;
this->public.destroy = (void*)destroy_dir_enum;
@@ -132,7 +135,7 @@ enumerator_t* enumerator_create_directory(char *path)
len = snprintf(this->full, sizeof(this->full)-1, "%s", path);
if (len < 0 || len >= sizeof(this->full)-1)
{
- DBG1("path string '%s' too long", path);
+ DBG1(DBG_LIB, "path string '%s' too long", path);
free(this);
return NULL;
}
@@ -147,7 +150,7 @@ enumerator_t* enumerator_create_directory(char *path)
this->dir = opendir(path);
if (this->dir == NULL)
{
- DBG1("opening directory '%s' failed: %s", path, strerror(errno));
+ DBG1(DBG_LIB, "opening directory '%s' failed: %s", path, strerror(errno));
free(this);
return NULL;
}
diff --git a/src/libstrongswan/utils/enumerator.h b/src/libstrongswan/utils/enumerator.h
index 3056498b1..537bf69e1 100644
--- a/src/libstrongswan/utils/enumerator.h
+++ b/src/libstrongswan/utils/enumerator.h
@@ -23,7 +23,7 @@
typedef struct enumerator_t enumerator_t;
-#include <utils.h>
+#include "../utils.h"
/**
* Enumerate is simpler, but more flexible than iterator.
diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c
index a610b3a4d..112d07e5c 100644
--- a/src/libstrongswan/utils/host.c
+++ b/src/libstrongswan/utils/host.c
@@ -482,7 +482,7 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port)
error = getaddrinfo(string, NULL, &hints, &result);
if (error != 0)
{
- DBG1("resolving '%s' failed: %s", string, gai_strerror(error));
+ DBG1(DBG_LIB, "resolving '%s' failed: %s", string, gai_strerror(error));
return NULL;
}
/* result is a linked list, but we use only the first address */
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index b0da340bc..6a3c3936c 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -798,7 +798,7 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
return print_in_hook(dst, len, "%*s", spec->width, buf);
}
-METHOD(identification_t, clone, identification_t*,
+METHOD(identification_t, clone_, identification_t*,
private_identification_t *this)
{
private_identification_t *clone = malloc_thing(private_identification_t);
@@ -830,7 +830,7 @@ static private_identification_t *identification_create(id_type_t type)
.get_encoding = _get_encoding,
.get_type = _get_type,
.create_part_enumerator = _create_part_enumerator,
- .clone = _clone,
+ .clone = _clone_,
.destroy = _destroy,
},
.type = type,
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index 2c2a36af3..2f8a7187c 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -167,6 +167,7 @@ char *whitelist[] = {
"tzset",
"inet_ntoa",
"strerror",
+ "getprotobyname",
"getprotobynumber",
"getservbyport",
"getservbyname",
diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c
index bf528caa0..d8f635c62 100644
--- a/src/libstrongswan/utils/optionsfrom.c
+++ b/src/libstrongswan/utils/optionsfrom.c
@@ -80,14 +80,15 @@ bool from(private_options_t *this, char *filename, int *argcp, char **argvp[],
this->nuses++;
if (this->nuses >= MAX_USES)
{
- DBG1("optionsfrom called %d times by \"%s\" - looping?", this->nuses + 1, (*argvp)[0]);
+ DBG1(DBG_LIB, "optionsfrom called %d times by \"%s\" - looping?",
+ this->nuses + 1, (*argvp)[0]);
return FALSE;
}
fd = fopen(filename, "r");
if (fd == NULL)
{
- DBG1("optionsfrom: unable to open file '%s': %s",
+ DBG1(DBG_LIB, "optionsfrom: unable to open file '%s': %s",
filename, strerror(errno));
return FALSE;
}
@@ -132,7 +133,7 @@ bool from(private_options_t *this, char *filename, int *argcp, char **argvp[],
line.len--;
if (!extract_token(&token, delimiter, &line))
{
- DBG1("optionsfrom: missing terminator at %s:%d",
+ DBG1(DBG_LIB, "optionsfrom: missing terminator at %s:%d",
filename, linepos);
good = FALSE;
break;
diff --git a/src/manager/Makefile.am b/src/manager/Makefile.am
index e6c31e9b4..e67335673 100644
--- a/src/manager/Makefile.am
+++ b/src/manager/Makefile.am
@@ -10,7 +10,8 @@ controller/control_controller.c controller/control_controller.h \
controller/config_controller.c controller/config_controller.h \
controller/gateway_controller.c controller/gateway_controller.h
-manager_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la ${xml_LIBS}
+manager_fcgi_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libfast/libfast.la ${xml_LIBS}
+main.o : $(top_builddir)/config.status
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast ${xml_CFLAGS}
AM_CFLAGS = -rdynamic \
diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in
index 20438acc3..54e2cc11c 100644
--- a/src/manager/Makefile.in
+++ b/src/manager/Makefile.in
@@ -68,8 +68,9 @@ am_manager_fcgi_OBJECTS = main.$(OBJEXT) manager.$(OBJEXT) \
gateway_controller.$(OBJEXT)
manager_fcgi_OBJECTS = $(am_manager_fcgi_OBJECTS)
am__DEPENDENCIES_1 =
-manager_fcgi_DEPENDENCIES = $(top_builddir)/src/libfast/libfast.la \
- $(am__DEPENDENCIES_1)
+manager_fcgi_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libfast/libfast.la $(am__DEPENDENCIES_1)
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -235,6 +236,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -278,7 +280,7 @@ controller/control_controller.c controller/control_controller.h \
controller/config_controller.c controller/config_controller.h \
controller/gateway_controller.c controller/gateway_controller.h
-manager_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la ${xml_LIBS}
+manager_fcgi_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libfast/libfast.la ${xml_LIBS}
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast ${xml_CFLAGS}
AM_CFLAGS = -rdynamic \
-DIPSECDIR=\"${ipsecdir}\" \
@@ -881,6 +883,7 @@ uninstall-am: uninstall-managerPROGRAMS \
uninstall-manager_templates_ikesaDATA \
uninstall-manager_templates_staticDATA
+main.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/manager/main.c b/src/manager/main.c
index 1f5c45113..5c297cf0c 100644
--- a/src/manager/main.c
+++ b/src/manager/main.c
@@ -48,7 +48,8 @@ int main (int arc, char *argv[])
database = lib->settings->get_str(lib->settings, "manager.database", NULL);
if (!database)
{
- DBG1("database URI undefined, set manager.database in strongswan.conf");
+ DBG1(DBG_LIB, "database URI undefined, set manager.database "
+ "in strongswan.conf");
return 1;
}
diff --git a/src/medsrv/Makefile.am b/src/medsrv/Makefile.am
index 9f5c9e2f7..bdec08190 100644
--- a/src/medsrv/Makefile.am
+++ b/src/medsrv/Makefile.am
@@ -7,7 +7,8 @@ main.c filter/auth_filter.c filter/auth_filter.h \
controller/user_controller.c controller/user_controller.h \
controller/peer_controller.c controller/peer_controller.h
-medsrv_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la
+medsrv_fcgi_LDADD = $(top_srcdir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libfast/libfast.la
+main.o : $(top_builddir)/config.status
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast
AM_CFLAGS = -rdynamic \
diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in
index 8f602930d..2f79ca4d4 100644
--- a/src/medsrv/Makefile.in
+++ b/src/medsrv/Makefile.in
@@ -62,7 +62,9 @@ am_medsrv_fcgi_OBJECTS = user.$(OBJEXT) main.$(OBJEXT) \
auth_filter.$(OBJEXT) user_controller.$(OBJEXT) \
peer_controller.$(OBJEXT)
medsrv_fcgi_OBJECTS = $(am_medsrv_fcgi_OBJECTS)
-medsrv_fcgi_DEPENDENCIES = $(top_builddir)/src/libfast/libfast.la
+medsrv_fcgi_DEPENDENCIES = \
+ $(top_srcdir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libfast/libfast.la
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -224,6 +226,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -264,7 +267,7 @@ main.c filter/auth_filter.c filter/auth_filter.h \
controller/user_controller.c controller/user_controller.h \
controller/peer_controller.c controller/peer_controller.h
-medsrv_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la
+medsrv_fcgi_LDADD = $(top_srcdir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libfast/libfast.la
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast
AM_CFLAGS = -rdynamic \
-DIPSECDIR=\"${ipsecdir}\" \
@@ -751,6 +754,7 @@ uninstall-am: uninstall-medsrvPROGRAMS uninstall-medsrv_templatesDATA \
uninstall-medsrv_templates_staticDATA \
uninstall-medsrv_templates_userDATA
+main.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/openac/Makefile.am b/src/openac/Makefile.am
index ca6238258..a278cdd17 100644
--- a/src/openac/Makefile.am
+++ b/src/openac/Makefile.am
@@ -7,4 +7,4 @@ AM_CFLAGS = \
-DIPSEC_CONFDIR=\"${sysconfdir}\" \
-DPLUGINS=\""${libstrongswan_plugins}\""
openac_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
-
+openac.o : $(top_builddir)/config.status
diff --git a/src/openac/Makefile.in b/src/openac/Makefile.in
index 08f621395..9f0f96561 100644
--- a/src/openac/Makefile.in
+++ b/src/openac/Makefile.in
@@ -220,6 +220,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -633,6 +634,7 @@ uninstall-man: uninstall-man8
tags uninstall uninstall-am uninstall-ipsecPROGRAMS \
uninstall-man uninstall-man8
+openac.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/openac/openac.c b/src/openac/openac.c
index 2b9270ff9..a280192c2 100755
--- a/src/openac/openac.c
+++ b/src/openac/openac.c
@@ -105,7 +105,8 @@ static chunk_t read_serial(void)
}
else
{
- DBG1(" file '%s' does not exist yet - serial number set to 01", OPENAC_SERIAL);
+ DBG1(DBG_LIB, " file '%s' does not exist yet - serial number "
+ "set to 01", OPENAC_SERIAL);
}
if (!serial.len)
{
@@ -129,7 +130,7 @@ static void write_serial(chunk_t serial)
{
chunk_t hex_serial;
- DBG1(" serial number is %#B", &serial);
+ DBG1(DBG_LIB, " serial number is %#B", &serial);
hex_serial = chunk_to_hex(serial, NULL, FALSE);
fprintf(fd, "%.*s\n", hex_serial.len, hex_serial.ptr);
fclose(fd);
@@ -137,7 +138,7 @@ static void write_serial(chunk_t serial)
}
else
{
- DBG1(" could not open file '%s' for writing", OPENAC_SERIAL);
+ DBG1(DBG_LIB, " could not open file '%s' for writing", OPENAC_SERIAL);
}
}
@@ -151,7 +152,7 @@ static bool stderr_quiet = FALSE;
/**
* openac dbg function
*/
-static void openac_dbg(int level, char *fmt, ...)
+static void openac_dbg(debug_t group, level_t level, char *fmt, ...)
{
int priority = LOG_INFO;
char buffer[8192];
@@ -431,7 +432,7 @@ int main(int argc, char **argv)
goto end;
}
- DBG1("starting openac (strongSwan Version %s)", VERSION);
+ DBG1(DBG_LIB, "starting openac (strongSwan Version %s)", VERSION);
/* load the signer's RSA private key */
if (keyfile != NULL)
@@ -444,7 +445,7 @@ int main(int argc, char **argv)
{
goto end;
}
- DBG1(" loaded private key file '%s'", keyfile);
+ DBG1(DBG_LIB, " loaded private key file '%s'", keyfile);
}
/* load the signer's X.509 certificate */
diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am
index a471b6477..8eac07afc 100644
--- a/src/pki/Makefile.am
+++ b/src/pki/Makefile.am
@@ -7,9 +7,11 @@ pki_SOURCES = pki.c pki.h command.c command.h \
commands/pub.c \
commands/req.c \
commands/self.c \
- commands/verify.c
+ commands/verify.c
pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+pki.o : $(top_builddir)/config.status
+
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = \
-DPLUGINS=\""${libstrongswan_plugins}\""
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index 1261d7fa8..522b9e887 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -196,6 +196,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -237,7 +238,7 @@ pki_SOURCES = pki.c pki.h command.c command.h \
commands/pub.c \
commands/req.c \
commands/self.c \
- commands/verify.c
+ commands/verify.c
pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
INCLUDES = -I$(top_srcdir)/src/libstrongswan
@@ -667,6 +668,7 @@ uninstall-am: uninstall-ipsecPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags uninstall uninstall-am uninstall-ipsecPROGRAMS
+pki.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c
index 16d8d48d4..b2769da54 100644
--- a/src/pki/commands/gen.c
+++ b/src/pki/commands/gen.c
@@ -47,7 +47,7 @@ static int gen()
return command_usage("invalid key type");
}
continue;
- case 'o':
+ case 'f':
if (!get_form(arg, &form, FALSE))
{
return command_usage("invalid key output format");
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 07ab9066a..fcd758f87 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -161,7 +161,7 @@ static int issue()
}
}
- DBG2("Reading ca certificate:");
+ DBG2(DBG_LIB, "Reading ca certificate:");
ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_FROM_FILE, cacert, BUILD_END);
if (!ca)
@@ -182,7 +182,7 @@ static int issue()
goto end;
}
- DBG2("Reading ca private key:");
+ DBG2(DBG_LIB, "Reading ca private key:");
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
public->get_type(public),
BUILD_FROM_FILE, cakey, BUILD_END);
@@ -212,6 +212,11 @@ static int issue()
goto end;
}
rng->allocate_bytes(rng, 8, &serial);
+ while (*serial.ptr == 0x00)
+ {
+ /* we don't accept a serial number with leading zeroes */
+ rng->get_bytes(rng, 1, serial.ptr);
+ }
rng->destroy(rng);
}
@@ -221,7 +226,7 @@ static int issue()
identification_t *subjectAltName;
pkcs10_t *req;
- DBG2("Reading certificate request");
+ DBG2(DBG_LIB, "Reading certificate request");
if (file)
{
cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
@@ -261,7 +266,7 @@ static int issue()
}
else
{
- DBG2("Reading public key:");
+ DBG2(DBG_LIB, "Reading public key:");
if (file)
{
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 30ae23be5..d283daa6a 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -158,6 +158,11 @@ static int self()
goto end;
}
rng->allocate_bytes(rng, 8, &serial);
+ while (*serial.ptr == 0x00)
+ {
+ /* we don't accept a serial number with leading zeroes */
+ rng->get_bytes(rng, 1, serial.ptr);
+ }
rng->destroy(rng);
}
not_before = time(NULL);
diff --git a/src/pluto/Makefile.am b/src/pluto/Makefile.am
index b83e4be33..a264e642e 100644
--- a/src/pluto/Makefile.am
+++ b/src/pluto/Makefile.am
@@ -46,6 +46,7 @@ state.c state.h \
timer.c timer.h \
vendor.c vendor.h \
virtual.c virtual.h \
+whack_attribute.c whack_attribute.h \
xauth.c xauth.h \
x509.c x509.h \
builder.c builder.h \
@@ -53,13 +54,17 @@ rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h
_pluto_adns_SOURCES = adns.c adns.h
+plutomain.o : $(top_builddir)/config.status
+
LIBSTRONGSWANDIR=$(top_builddir)/src/libstrongswan
LIBFREESWANDIR=$(top_builddir)/src/libfreeswan
+LIBHYDRADIR=$(top_builddir)/src/libhydra
INCLUDES = \
-I${linux_headers} \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libfreeswan \
+-I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/whack
AM_CFLAGS = \
@@ -75,6 +80,7 @@ AM_CFLAGS = \
pluto_LDADD = \
$(LIBSTRONGSWANDIR)/libstrongswan.la \
$(LIBFREESWANDIR)/libfreeswan.a \
+$(LIBHYDRADIR)/libhydra.la \
-lresolv $(PTHREADLIB) $(DLLIB)
_pluto_adns_LDADD = \
diff --git a/src/pluto/Makefile.in b/src/pluto/Makefile.in
index c93756c44..47be9acf7 100644
--- a/src/pluto/Makefile.in
+++ b/src/pluto/Makefile.in
@@ -94,12 +94,13 @@ am_pluto_OBJECTS = ac.$(OBJEXT) alg_info.$(OBJEXT) ca.$(OBJEXT) \
pkcs7.$(OBJEXT) plutomain.$(OBJEXT) rcv_whack.$(OBJEXT) \
server.$(OBJEXT) smartcard.$(OBJEXT) spdb.$(OBJEXT) \
state.$(OBJEXT) timer.$(OBJEXT) vendor.$(OBJEXT) \
- virtual.$(OBJEXT) xauth.$(OBJEXT) x509.$(OBJEXT) \
- builder.$(OBJEXT)
+ virtual.$(OBJEXT) whack_attribute.$(OBJEXT) xauth.$(OBJEXT) \
+ x509.$(OBJEXT) builder.$(OBJEXT)
pluto_OBJECTS = $(am_pluto_OBJECTS)
pluto_DEPENDENCIES = $(LIBSTRONGSWANDIR)/libstrongswan.la \
- $(LIBFREESWANDIR)/libfreeswan.a $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ $(LIBFREESWANDIR)/libfreeswan.a $(LIBHYDRADIR)/libhydra.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -263,6 +264,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -339,6 +341,7 @@ state.c state.h \
timer.c timer.h \
vendor.c vendor.h \
virtual.c virtual.h \
+whack_attribute.c whack_attribute.h \
xauth.c xauth.h \
x509.c x509.h \
builder.c builder.h \
@@ -347,10 +350,12 @@ rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h
_pluto_adns_SOURCES = adns.c adns.h
LIBSTRONGSWANDIR = $(top_builddir)/src/libstrongswan
LIBFREESWANDIR = $(top_builddir)/src/libfreeswan
+LIBHYDRADIR = $(top_builddir)/src/libhydra
INCLUDES = \
-I${linux_headers} \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libfreeswan \
+-I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/whack
AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \
@@ -362,8 +367,8 @@ AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \
$(am__append_1) $(am__append_2) $(am__append_3) \
$(am__append_4) $(am__append_5) $(am__append_7)
pluto_LDADD = $(LIBSTRONGSWANDIR)/libstrongswan.la \
- $(LIBFREESWANDIR)/libfreeswan.a -lresolv $(PTHREADLIB) \
- $(DLLIB) $(am__append_6)
+ $(LIBFREESWANDIR)/libfreeswan.a $(LIBHYDRADIR)/libhydra.la \
+ -lresolv $(PTHREADLIB) $(DLLIB) $(am__append_6)
_pluto_adns_LDADD = \
$(LIBFREESWANDIR)/libfreeswan.a \
-lresolv $(DLLIB)
@@ -501,6 +506,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/timer.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vendor.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virtual.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/whack_attribute.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xauth.Po@am__quote@
@@ -826,6 +832,8 @@ uninstall-man: uninstall-man5 uninstall-man8
uninstall-man8
+plutomain.o : $(top_builddir)/config.status
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff --git a/src/pluto/ac.c b/src/pluto/ac.c
index d8b16112f..3ee05d213 100644
--- a/src/pluto/ac.c
+++ b/src/pluto/ac.c
@@ -88,16 +88,17 @@ bool ac_verify_cert(certificate_t *cert, bool strict)
cert_t *aacert;
time_t notBefore, valid_until;
- DBG1("holder: '%Y'", subject);
- DBG1("issuer: '%Y'", issuer);
+ DBG1(DBG_LIB, "holder: '%Y'", subject);
+ DBG1(DBG_LIB, "issuer: '%Y'", issuer);
if (!cert->get_validity(cert, NULL, NULL, &valid_until))
{
- DBG1("attribute certificate is invalid (valid from %T to %T)",
+ DBG1(DBG_LIB, "attribute certificate is invalid (valid from %T to %T)",
&notBefore, FALSE, &valid_until, FALSE);
return FALSE;
}
- DBG1("attribute certificate is valid until %T", &valid_until, FALSE);
+ DBG1(DBG_LIB, "attribute certificate is valid until %T", &valid_until,
+ FALSE);
lock_authcert_list("verify_x509acert");
aacert = get_authcert(issuer, authKeyID, X509_AA);
@@ -105,17 +106,17 @@ bool ac_verify_cert(certificate_t *cert, bool strict)
if (aacert == NULL)
{
- DBG1("issuer aacert not found");
+ DBG1(DBG_LIB, "issuer aacert not found");
return FALSE;
}
- DBG2("issuer aacert found");
+ DBG2(DBG_LIB, "issuer aacert found");
if (!cert->issued_by(cert, aacert->cert))
{
- DBG1("attribute certificate signature is invalid");
+ DBG1(DBG_LIB, "attribute certificate signature is invalid");
return FALSE;
}
- DBG1("attribute certificate signature is valid");
+ DBG1(DBG_LIB, "attribute certificate signature is valid");
return verify_x509cert(aacert, strict, &valid_until);
}
@@ -175,8 +176,8 @@ bool match_group_membership(ietf_attributes_t *peer_attributes, char *conn,
}
match = conn_attributes->matches(conn_attributes, peer_attributes);
- DBG1("%s: peer with attributes '%s' is %sa member of the groups '%s'",
- conn, peer_attributes->get_string(peer_attributes),
+ DBG1(DBG_LIB, "%s: peer with attributes '%s' is %sa member of the "
+ "groups '%s'", conn, peer_attributes->get_string(peer_attributes),
match ? "" : "not ", conn_attributes->get_string(conn_attributes));
return match;
@@ -191,7 +192,7 @@ void ac_load_certs(void)
struct stat st;
char *file;
- DBG1("loading attribute certificates from '%s'", A_CERT_PATH);
+ DBG1(DBG_LIB, "loading attribute certificates from '%s'", A_CERT_PATH);
enumerator = enumerator_create_directory(A_CERT_PATH);
if (!enumerator)
@@ -212,7 +213,7 @@ void ac_load_certs(void)
BUILD_FROM_FILE, file, BUILD_END);
if (cert)
{
- DBG1(" loaded attribute certificate from '%s'", file);
+ DBG1(DBG_LIB, " loaded attribute certificate from '%s'", file);
ac_add_cert(cert);
}
}
@@ -266,7 +267,7 @@ void ac_list_certs(bool utc)
whack_log(RC_COMMENT, " hserial: %#B", &holderSerial);
}
- groups = ac->get_groups(ac);
+ groups = ac->get_groups(ac);
if (groups)
{
whack_log(RC_COMMENT, " groups: %s", groups->get_string(groups));
diff --git a/src/pluto/alg_info.c b/src/pluto/alg_info.c
index edecf14c6..32fd46ef4 100644
--- a/src/pluto/alg_info.c
+++ b/src/pluto/alg_info.c
@@ -139,6 +139,7 @@ static bool is_authenticated_encryption(int ealg_id)
case ESP_AES_GCM_8:
case ESP_AES_GCM_12:
case ESP_AES_GCM_16:
+ case ESP_AES_GMAC:
return TRUE;
}
return FALSE;
@@ -474,7 +475,7 @@ struct alg_info_ike *alg_info_ike_create_from_str(char *alg_str)
if (alg_info_parse_str((struct alg_info *)alg_info_ike, alg_str) == SUCCESS)
{
- alg_info_ike->ref_cnt = 1;
+ alg_info_ike->ref_cnt = 1;
return alg_info_ike;
}
else
diff --git a/src/pluto/ca.c b/src/pluto/ca.c
index e25e7f6f5..2654774fa 100644
--- a/src/pluto/ca.c
+++ b/src/pluto/ca.c
@@ -293,12 +293,12 @@ void load_authcerts(char *type, char *path, x509_flag_t auth_flags)
struct stat st;
char *file;
- DBG1("loading %s certificates from '%s'", type, path);
+ DBG1(DBG_LIB, "loading %s certificates from '%s'", type, path);
enumerator = enumerator_create_directory(path);
if (!enumerator)
{
- DBG1(" reading directory '%s' failed");
+ DBG1(DBG_LIB, " reading directory '%s' failed", path);
return;
}
diff --git a/src/pluto/connections.c b/src/pluto/connections.c
index fece34eec..dd193042a 100644
--- a/src/pluto/connections.c
+++ b/src/pluto/connections.c
@@ -30,6 +30,7 @@
#include <freeswan.h>
#include "kameipsec.h"
+#include <hydra.h>
#include <credentials/certificates/ac.h>
#include <credentials/keys/private_key.h>
@@ -61,6 +62,7 @@
#include "kernel_alg.h"
#include "nat_traversal.h"
#include "virtual.h"
+#include "whack_attribute.h"
static void flush_pending_by_connection(connection_t *c); /* forward */
@@ -104,7 +106,7 @@ bool his_id_was_instantiated(const connection_t *c)
{
identification_t *host;
bool equal;
-
+
host = identification_create_from_sockaddr((sockaddr_t*)&c->spd.that.host_addr);
equal = host->equals(host, c->spd.that.id);
host->destroy(host);
@@ -113,7 +115,7 @@ bool his_id_was_instantiated(const connection_t *c)
else
{
return TRUE;
- }
+ }
}
/**
@@ -369,11 +371,16 @@ void delete_connection(connection_t *c, bool relations)
host_t *vip;
vip = host_create_from_sockaddr((sockaddr_t*)&c->spd.that.host_srcip);
- lib->attributes->release_address(lib->attributes, c->spd.that.pool,
- vip, c->spd.that.id);
+ hydra->attributes->release_address(hydra->attributes, c->spd.that.pool,
+ vip, c->spd.that.id);
vip->destroy(vip);
}
+ if (c->kind != CK_GOING_AWAY)
+ {
+ whack_attr->del_pool(whack_attr, c->name);
+ }
+
/* free internal data */
#ifdef DEBUG
cur_debugging = old_cur_debugging;
@@ -683,7 +690,7 @@ size_t format_end(char *buf, size_t buf_len, const struct end *this,
}
/* id */
- snprintf(host_id, sizeof(host_id), "[%Y]", this->id);
+ snprintf(host_id, sizeof(host_id), "[%Y]", this->id);
/* [---hop] */
hop[0] = '\0';
@@ -769,7 +776,7 @@ static void load_end_certificate(char *filename, struct end *dst)
cert_t *cert = NULL;
certificate_t *certificate;
bool cached_cert = FALSE;
-
+
/* initialize end certificate */
dst->cert = NULL;
@@ -853,10 +860,11 @@ static void load_end_certificate(char *filename, struct end *dst)
}
static bool extract_end(struct end *dst, const whack_end_t *src,
- const char *which)
+ const char *name, bool is_left)
{
bool same_ca = FALSE;
+ dst->is_left = is_left;
dst->id = identification_create_from_string(src->id);
dst->ca = NULL;
@@ -1117,15 +1125,14 @@ void add_connection(const whack_message_t *wm)
c->tunnel_addr_family = wm->tunnel_addr_family;
c->requested_ca = NULL;
+ same_leftca = extract_end(&c->spd.this, &wm->left, wm->name, TRUE);
+ same_rightca = extract_end(&c->spd.that, &wm->right, wm->name, FALSE);
- same_leftca = extract_end(&c->spd.this, &wm->left, "left");
- same_rightca = extract_end(&c->spd.that, &wm->right, "right");
-
- if (same_rightca)
+ if (same_rightca && c->spd.this.ca)
{
c->spd.that.ca = c->spd.this.ca->clone(c->spd.this.ca);
}
- else if (same_leftca)
+ else if (same_leftca && c->spd.that.ca)
{
c->spd.this.ca = c->spd.that.ca->clone(c->spd.that.ca);
}
@@ -1196,6 +1203,17 @@ void add_connection(const whack_message_t *wm)
(void)orient(c);
+ /* if rightsourceip defines a subnet then create an in-memory pool */
+ if (whack_attr->add_pool(whack_attr, c->name,
+ c->spd.this.is_left ? &wm->right : &wm->left))
+ {
+ c->spd.that.pool = clone_str(c->name);
+ c->spd.that.modecfg = TRUE;
+ c->spd.that.has_client = FALSE;
+ /* reset the host_srcip so that it gets assigned in modecfg */
+ anyaddr(AF_INET, &c->spd.that.host_srcip);
+ }
+
if (c->ikev1)
{
connect_to_host_pair(c);
@@ -1794,7 +1812,7 @@ connection_t *build_outgoing_opportunistic_connection(struct gw_info *gw,
else
{
chunk_t encoding = gw->gw_id->get_encoding(gw->gw_id);
- id_type_t type = gw->gw_id->get_type(gw->gw_id);
+ id_type_t type = gw->gw_id->get_type(gw->gw_id);
ip_address ip_addr;
initaddr(encoding.ptr, encoding.len,
@@ -2758,7 +2776,7 @@ static void initiate_opportunistic_body(struct find_oppo_bundle *b,
addrtot(&b->peer_client, 0, pcb, sizeof(pcb));
loglog(RC_OPPOFAILURE,
"no suitable connection for opportunism "
- "between %s and %s with %Y as peer",
+ "between %s and %s with %Y as peer",
ocb, pcb, ac->gateways_from_dns->gw_id);
#ifdef KLIPS
@@ -3379,7 +3397,7 @@ connection_t *refine_host_connection(const struct state *st,
id_match_t match_level = peer_id->matches(peer_id, d->spd.that.id);
bool matching_id = match_level > ID_MATCH_NONE;
-
+
bool matching_auth = (d->policy & auth_policy) != LEMPTY;
bool matching_trust = trusted_ca(peer_ca
@@ -3580,7 +3598,7 @@ static connection_t *fc_try(const connection_t *c, struct host_pair *hp,
policy_prio_t best_prio = BOTTOM_PRIO;
id_match_t match_level;
int pathlen;
-
+
const bool peer_net_is_host = subnetisaddr(peer_net, &c->spd.that.host_addr);
@@ -3675,7 +3693,8 @@ static connection_t *fc_try(const connection_t *c, struct host_pair *hp,
}
else
{
- if (!peer_net_is_host)
+ if (!peer_net_is_host && !(sr->that.modecfg && c->spd.that.modecfg &&
+ subnetisaddr(peer_net, &c->spd.that.host_srcip)))
{
continue;
}
@@ -3843,7 +3862,7 @@ void get_peer_ca_and_groups(connection_t *c,
if (cert && ac_verify_cert(cert, strict_crl_policy))
{
ac_t *ac = (ac_t*)cert;
-
+
*peer_attributes = ac->get_groups(ac);
}
else
diff --git a/src/pluto/connections.h b/src/pluto/connections.h
index ee2e00da6..66aea1541 100644
--- a/src/pluto/connections.h
+++ b/src/pluto/connections.h
@@ -137,6 +137,7 @@ struct end {
host_srcip;
ip_subnet client;
+ bool is_left;
bool key_from_DNS_on_demand;
bool has_client;
bool has_client_wildcard;
diff --git a/src/pluto/constants.c b/src/pluto/constants.c
index 6f991fd69..63a37009b 100644
--- a/src/pluto/constants.c
+++ b/src/pluto/constants.c
@@ -392,7 +392,8 @@ static const char *const esp_transform_name[] = {
"AES_GCM_12",
"AES_GCM_16",
"SEED_CBC",
- "CAMELLIA_CBC"
+ "CAMELLIA_CBC",
+ "AES_GMAC"
};
static const char *const esp_transform_name_high[] = {
@@ -404,7 +405,7 @@ enum_names esp_transform_names_high =
{ ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
enum_names esp_transform_names =
- { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transform_names_high };
+ { ESP_DES_IV64, ESP_AES_GMAC, esp_transform_name, &esp_transform_names_high };
/* IPCOMP transform values */
@@ -919,12 +920,15 @@ static const char *const oakley_group_name_rfc4753[] = {
};
static const char *const oakley_group_name_rfc5114[] = {
+ "MODP_1024_160",
+ "MODP_2048_224",
+ "MODP_2048_256",
"ECP_192",
"ECP_224"
};
enum_names oakley_group_names_rfc5114 =
- { ECP_192_BIT, ECP_224_BIT,
+ { MODP_1024_160, ECP_224_BIT,
oakley_group_name_rfc5114, NULL };
enum_names oakley_group_names_rfc4753 =
diff --git a/src/pluto/constants.h b/src/pluto/constants.h
index 8c574ebc5..e9567c07a 100644
--- a/src/pluto/constants.h
+++ b/src/pluto/constants.h
@@ -125,10 +125,10 @@ extern const char sparse_end[];
#define MAX_DIGEST_LEN HASH_SIZE_SHA512
/* RFC 2404 "HMAC-SHA-1-96" section 3 */
-#define HMAC_SHA1_KEY_LEN HASH_SIZE_SHA1
+#define HMAC_SHA1_KEY_LEN HASH_SIZE_SHA1
/* RFC 2403 "HMAC-MD5-96" section 3 */
-#define HMAC_MD5_KEY_LEN HASH_SIZE_MD5
+#define HMAC_MD5_KEY_LEN HASH_SIZE_MD5
#define IKE_UDP_PORT 500
@@ -150,7 +150,7 @@ enum ipsec_authentication_algo {
AH_AES_128_GMAC = 11,
AH_AES_192_GMAC = 12,
AH_AES_256_GMAC = 13,
- AH_SHA2_256_96 = 252
+ AH_SHA2_256_96 = 252
};
extern enum_names ah_transform_names;
@@ -184,6 +184,7 @@ enum ipsec_cipher_algo {
ESP_AES_GCM_16 = 20,
ESP_SEED_CBC = 21,
ESP_CAMELLIA = 22,
+ ESP_AES_GMAC = 23,
ESP_SERPENT = 252,
ESP_TWOFISH = 253
};
diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c
index 2113cecbc..a62e7632d 100644
--- a/src/pluto/crypto.c
+++ b/src/pluto/crypto.c
@@ -237,6 +237,27 @@ static struct dh_desc dh_desc_ecp_521 = {
ke_size: 2*528 / BITS_PER_BYTE
};
+static struct dh_desc dh_desc_modp_1024_160 = {
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_1024_160,
+ algo_next: NULL,
+ ke_size: 1024 / BITS_PER_BYTE
+};
+
+static struct dh_desc dh_desc_modp_2048_224 = {
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_2048_224,
+ algo_next: NULL,
+ ke_size: 2048 / BITS_PER_BYTE
+};
+
+static struct dh_desc dh_desc_modp_2048_256 = {
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_2048_256,
+ algo_next: NULL,
+ ke_size: 2048 / BITS_PER_BYTE
+};
+
static struct dh_desc dh_desc_ecp_192 = {
algo_type: IKE_ALG_DH_GROUP,
algo_id: ECP_192_BIT,
@@ -370,6 +391,15 @@ bool init_crypto(void)
case ECP_521_BIT:
desc = &dh_desc_ecp_521;
break;
+ case MODP_1024_160:
+ desc = &dh_desc_modp_1024_160;
+ break;
+ case MODP_2048_224:
+ desc = &dh_desc_modp_2048_224;
+ break;
+ case MODP_2048_256:
+ desc = &dh_desc_modp_2048_256;
+ break;
case ECP_192_BIT:
desc = &dh_desc_ecp_192;
break;
@@ -580,9 +610,11 @@ int esp_from_encryption_algorithm(encryption_algorithm_t alg)
return ESP_AES_GCM_16;
case ENCR_CAMELLIA_CBC:
return ESP_CAMELLIA;
+ case ENCR_NULL_AUTH_AES_GMAC:
+ return ESP_AES_GMAC;
case ENCR_SERPENT_CBC:
return ESP_SERPENT;
- case ENCR_TWOFISH_CBC:
+ case ENCR_TWOFISH_CBC:
return ESP_TWOFISH;
default:
return 0;
diff --git a/src/pluto/demux.h b/src/pluto/demux.h
index 4faf6e532..2161bbd02 100644
--- a/src/pluto/demux.h
+++ b/src/pluto/demux.h
@@ -61,6 +61,7 @@ struct msg_digest {
notification_t note; /* reason for failure */
bool dpd; /* peer supports RFC 3706 DPD */
bool openpgp; /* peer supports OpenPGP certificates */
+ bool ms_nt5; /* peer is a windows 2000+ host */
# define PAYLIMIT 40
struct payload_digest
diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c
index 6172165bd..1d2d13371 100644
--- a/src/pluto/fetch.c
+++ b/src/pluto/fetch.c
@@ -266,10 +266,10 @@ x509crl_t* fetch_crl(char *url)
x509crl_t *crl;
chunk_t blob;
- DBG1(" fetching crl from '%s' ...", url);
+ DBG1(DBG_LIB, " fetching crl from '%s' ...", url);
if (lib->fetcher->fetch(lib->fetcher, url, &blob, FETCH_END) != SUCCESS)
{
- DBG1("crl fetching failed");
+ DBG1(DBG_LIB, "crl fetching failed");
return FALSE;
}
crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL,
@@ -277,7 +277,8 @@ x509crl_t* fetch_crl(char *url)
free(blob.ptr);
if (!crl)
{
- DBG1("crl fetched successfully but data coded in unknown format");
+ DBG1(DBG_LIB, "crl fetched successfully but data coded in unknown "
+ "format");
}
return crl;
}
@@ -395,7 +396,7 @@ static void fetch_ocsp_status(ocsp_location_t* location)
chunk_t request = build_ocsp_request(location);
chunk_t response = chunk_empty;
- DBG1(" requesting ocsp status from '%s' ...", location->uri);
+ DBG1(DBG_LIB, " requesting ocsp status from '%s' ...", location->uri);
if (lib->fetcher->fetch(lib->fetcher, location->uri, &response,
FETCH_REQUEST_DATA, request,
FETCH_REQUEST_TYPE, "application/ocsp-request",
@@ -405,7 +406,7 @@ static void fetch_ocsp_status(ocsp_location_t* location)
}
else
{
- DBG1("ocsp request to %s failed", location->uri);
+ DBG1(DBG_LIB, "ocsp request to %s failed", location->uri);
}
free(request.ptr);
diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c
index 1f8917d79..34c42e294 100644
--- a/src/pluto/ipsec_doi.c
+++ b/src/pluto/ipsec_doi.c
@@ -702,6 +702,8 @@ void accept_delete(struct state *st, struct msg_digest *md,
struct payload_digest *p)
{
struct isakmp_delete *d = &(p->payload.delete);
+ identification_t *this_id, *that_id;
+ ip_address peer_addr;
size_t sizespi;
int i;
@@ -759,6 +761,15 @@ void accept_delete(struct state *st, struct msg_digest *md,
return;
}
+ if (d->isad_protoid == PROTO_ISAKMP)
+ {
+ struct end *this = &st->st_connection->spd.this;
+ struct end *that = &st->st_connection->spd.that;
+ this_id = this->id->clone(this->id);
+ that_id = that->id->clone(that->id);
+ peer_addr = st->st_connection->spd.that.host_addr;
+ }
+
for (i = 0; i < d->isad_nospi; i++)
{
u_char *spi = p->pbs.cur + (i * sizespi);
@@ -770,7 +781,7 @@ void accept_delete(struct state *st, struct msg_digest *md,
*/
struct state *dst = find_state(spi /*iCookie*/
, spi+COOKIE_SIZE /*rCookie*/
- , &st->st_connection->spd.that.host_addr
+ , &peer_addr
, MAINMODE_MSGID);
if (dst == NULL)
@@ -778,7 +789,8 @@ void accept_delete(struct state *st, struct msg_digest *md,
loglog(RC_LOG_SERIOUS, "ignoring Delete SA payload: "
"ISAKMP SA not found (maybe expired)");
}
- else if (!same_peer_ids(st->st_connection, dst->st_connection, NULL))
+ else if (! this_id->equals(this_id, dst->st_connection->spd.this.id) ||
+ ! that_id->equals(that_id, dst->st_connection->spd.that.id))
{
/* we've not authenticated the relevant identities */
loglog(RC_LOG_SERIOUS, "ignoring Delete SA payload: "
@@ -876,6 +888,12 @@ void accept_delete(struct state *st, struct msg_digest *md,
}
}
}
+
+ if (d->isad_protoid == PROTO_ISAKMP)
+ {
+ this_id->destroy(this_id);
+ that_id->destroy(that_id);
+ }
}
/* The whole message must be a multiple of 4 octets.
@@ -2753,6 +2771,7 @@ static void compute_proto_keymat(struct state *st, u_int8_t protoid,
case ESP_AES_GCM_12:
case ESP_AES_GCM_16:
case ESP_AES_CTR:
+ case ESP_AES_GMAC:
needed_len += 4;
break;
default:
@@ -3620,7 +3639,7 @@ stf_status main_inR2_outI3(struct msg_digest *md)
if (send_cert)
{
bool success;
- chunk_t cert_encoding;
+ chunk_t cert_encoding;
pb_stream cert_pbs;
struct isakmp_cert cert_hd;
@@ -3634,7 +3653,7 @@ stf_status main_inR2_outI3(struct msg_digest *md)
cert_encoding = mycert->cert->get_encoding(mycert->cert);
success = out_chunk(cert_encoding, &cert_pbs, "CERT");
free(cert_encoding.ptr);
- if (!success)
+ if (!success)
{
return STF_INTERNAL_ERROR;
}
@@ -4076,7 +4095,7 @@ main_inI3_outR3_tail(struct msg_digest *md
success = out_chunk(cert_encoding, &cert_pbs, "CERT");
free(cert_encoding.ptr);
if (!success)
- {
+ {
return STF_INTERNAL_ERROR;
}
close_output_pbs(&cert_pbs);
@@ -4871,6 +4890,21 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b,
*/
p = rw_instantiate(p, &c->spd.that.host_addr, md->sender_port
, his_net, c->spd.that.id);
+
+ /* inherit any virtual IP assigned by a Mode Config exchange */
+ if (p->spd.that.modecfg && c->spd.that.modecfg &&
+ subnetisaddr(his_net, &c->spd.that.host_srcip))
+ {
+ char srcip[ADDRTOT_BUF];
+
+ DBG(DBG_CONTROL,
+ addrtot(&c->spd.that.host_srcip, 0, srcip, sizeof(srcip));
+ DBG_log("inheriting virtual IP source address %s from ModeCfg", srcip)
+ )
+ p->spd.that.host_srcip = c->spd.that.host_srcip;
+ p->spd.that.client = c->spd.that.client;
+ p->spd.that.has_client = TRUE;
+ }
}
}
#ifdef DEBUG
diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c
index fe4655d3f..ee22fb55e 100644
--- a/src/pluto/kernel.c
+++ b/src/pluto/kernel.c
@@ -1993,6 +1993,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
case ESP_AES_GCM_12:
case ESP_AES_GCM_16:
case ESP_AES_CTR:
+ case ESP_AES_GMAC:
key_len += 4;
break;
default:
diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c
index bf67315e6..7c2855edc 100644
--- a/src/pluto/kernel_alg.c
+++ b/src/pluto/kernel_alg.c
@@ -395,6 +395,10 @@ void kernel_alg_register_pfkey(const struct sadb_msg *msg_buf, int buflen)
kernel_alg_add(satype, supp_exttype, &alg);
}
}
+
+ /* also register AES_GMAC */
+ alg.sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC;
+ kernel_alg_add(satype, supp_exttype, &alg);
}
/* if SHA2_256 is registered then also register SHA2_256_96 */
if (satype == SADB_SATYPE_ESP &&
diff --git a/src/pluto/kernel_netlink.c b/src/pluto/kernel_netlink.c
index 289714b50..75d0c98d3 100644
--- a/src/pluto/kernel_netlink.c
+++ b/src/pluto/kernel_netlink.c
@@ -112,6 +112,7 @@ static sparse_names ealg_list = {
{ SADB_X_EALG_AES_GCM_ICV8, "rfc4106(gcm(aes))" },
{ SADB_X_EALG_AES_GCM_ICV12, "rfc4106(gcm(aes))" },
{ SADB_X_EALG_AES_GCM_ICV16, "rfc4106(gcm(aes))" },
+ { SADB_X_EALG_NULL_AES_GMAC, "rfc4543(gcm(aes))" },
{ SADB_X_EALG_CAMELLIACBC, "cbc(camellia)" },
{ SADB_X_EALG_SERPENTCBC, "serpent" },
{ SADB_X_EALG_TWOFISHCBC, "twofish" },
@@ -687,6 +688,7 @@ static bool netlink_add_sa(const struct kernel_sa *sa, bool replace)
break;
case SADB_X_EALG_AES_CCM_ICV16:
case SADB_X_EALG_AES_GCM_ICV16:
+ case SADB_X_EALG_NULL_AES_GMAC:
icv_size += 32;
/* FALL */
case SADB_X_EALG_AES_CCM_ICV12:
diff --git a/src/pluto/lex.c b/src/pluto/lex.c
index f48d24a54..d5ebdaba9 100644
--- a/src/pluto/lex.c
+++ b/src/pluto/lex.c
@@ -205,7 +205,7 @@ flushline(const char *m)
{
if (m != NULL)
loglog(RC_LOG_SERIOUS, "\"%s\" line %d: %s", flp->filename, flp->lino, m);
- do ; while (shift());
+ do {} while (shift());
return FALSE;
}
}
diff --git a/src/pluto/log.c b/src/pluto/log.c
index 2f3536ff3..444ac2220 100644
--- a/src/pluto/log.c
+++ b/src/pluto/log.c
@@ -40,7 +40,8 @@
#include "connections.h"
#include "myid.h"
#include "kernel.h"
-#include "whack.h" /* needs connections.h */
+#include "whack.h"
+#include "whack_attribute.h"
#include "timer.h"
/* close one per-peer log */
@@ -85,7 +86,7 @@ u_int16_t cur_from_port; /* host order */
/**
* pluto dbg function for libstrongswan
*/
-static void pluto_dbg(int level, char *fmt, ...)
+static void pluto_dbg(debug_t group, level_t level, char *fmt, ...)
{
int priority = LOG_INFO;
int debug_level;
@@ -856,6 +857,7 @@ void show_status(bool all, const char *name)
show_myid_status();
show_loaded_plugins();
show_debug_status();
+ show_pools(name);
whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
}
show_connections_status(all, name);
diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c
index 03ec7f41f..0c4f2bd6b 100644
--- a/src/pluto/modecfg.c
+++ b/src/pluto/modecfg.c
@@ -26,6 +26,7 @@
#include <freeswan.h>
#include <library.h>
+#include <hydra.h>
#include <attributes/attributes.h>
#include <crypto/prfs/prf.h>
@@ -119,7 +120,7 @@ static void init_internal_addr(internal_addr_t *ia)
static void get_internal_addr(connection_t *c, host_t *requested_vip,
internal_addr_t *ia)
{
- int i, dns_idx = 0, nbns_idx = 0;
+ int dns_idx = 0, nbns_idx = 0;
enumerator_t *enumerator;
configuration_attribute_type_t type;
chunk_t value;
@@ -129,13 +130,13 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip,
{
if (c->spd.that.pool)
{
- vip = lib->attributes->acquire_address(lib->attributes,
+ vip = hydra->attributes->acquire_address(hydra->attributes,
c->spd.that.pool, c->spd.that.id,
requested_vip);
if (vip)
{
chunk_t addr = vip->get_address(vip);
-
+
plog("assigning virtual IP %H to peer", vip);
initaddr(addr.ptr, addr.len, vip->get_family(vip), &ia->ipaddr);
@@ -150,7 +151,7 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip,
{
ia->ipaddr = c->spd.that.host_srcip;
vip = host_create_from_sockaddr((sockaddr_t*)&ia->ipaddr);
- plog("assigning virtual IP %H to peer", vip);
+ plog("assigning virtual IP %H to peer", vip);
}
if (!isanyaddr(&ia->ipaddr)) /* We got an IP address, send it */
@@ -164,67 +165,15 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip,
| LELEM(INTERNAL_IP4_NETMASK);
}
- /* assign DNS servers from strongswan.conf */
- for (i = 1; i <= DNS_SERVER_MAX; i++)
- {
- char dns_key[16], *dns_str;
-
- snprintf(dns_key, sizeof(dns_key), "pluto.dns%d", i);
- dns_str = lib->settings->get_str(lib->settings, dns_key, NULL);
- if (dns_str)
- {
- err_t ugh;
- sa_family_t family = strchr(dns_str, ':') ? AF_INET6 : AF_INET;
-
- ugh = ttoaddr(dns_str, 0, family, &ia->dns[dns_idx]);
- if (ugh)
- {
- plog("error in DNS server address: %s", ugh);
- continue;
- }
- plog("assigning DNS server %s to peer", dns_str);
-
- /* differentiate between IP4 and IP6 in modecfg_build_msg() */
- ia->attr_set |= LELEM(INTERNAL_IP4_DNS);
- dns_idx++;
- }
- }
-
- /* assign NBNS servers from strongswan.conf */
- for (i = 1; i <= NBNS_SERVER_MAX; i++)
- {
- char nbns_key[16], *nbns_str;
-
- snprintf(nbns_key, sizeof(nbns_key), "pluto.nbns%d", i);
- nbns_str = lib->settings->get_str(lib->settings, nbns_key, NULL);
- if (nbns_str)
- {
- err_t ugh;
- sa_family_t family = strchr(nbns_str, ':') ? AF_INET6 : AF_INET;
-
- ugh = ttoaddr(nbns_str, 0, family, &ia->nbns[nbns_idx]);
- if (ugh)
- {
- plog("error in NBNS server address: %s", ugh);
- continue;
- }
- plog("assigning NBNS server %s to peer", nbns_str);
-
- /* differentiate between IP4 and IP6 in modecfg_build_msg() */
- ia->attr_set |= LELEM(INTERNAL_IP4_NBNS);
- nbns_idx++;
- }
- }
-
/* assign attributes from registered providers */
- enumerator = lib->attributes->create_responder_enumerator(lib->attributes,
+ enumerator = hydra->attributes->create_responder_enumerator(hydra->attributes,
c->spd.that.id, vip);
while (enumerator->enumerate(enumerator, &type, &value))
{
err_t ugh;
host_t *server;
sa_family_t family = AF_INET;
-
+
switch (type)
{
case INTERNAL_IP6_DNS:
@@ -257,7 +206,7 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip,
/* fallthrough */
case INTERNAL_IP4_NBNS:
if (nbns_idx >= NBNS_SERVER_MAX)
- {
+ {
plog("exceeded the maximum number of %d NBNS servers",
NBNS_SERVER_MAX);
break;
@@ -279,7 +228,7 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip,
default:
break;
- }
+ }
}
enumerator->destroy(enumerator);
DESTROY_IF(vip);
diff --git a/src/pluto/pkcs7.c b/src/pluto/pkcs7.c
index 733dd2623..b24ef1a8c 100644
--- a/src/pluto/pkcs7.c
+++ b/src/pluto/pkcs7.c
@@ -146,7 +146,7 @@ bool pkcs7_parse_contentInfo(chunk_t blob, u_int level0, contentInfo_t *cInfo)
if (cInfo->type < OID_PKCS7_DATA
|| cInfo->type > OID_PKCS7_ENCRYPTED_DATA)
{
- DBG1("unknown pkcs7 content type");
+ DBG1(DBG_LIB, "unknown pkcs7 content type");
goto end;
}
}
@@ -187,7 +187,7 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data,
}
if (cInfo.type != OID_PKCS7_SIGNED_DATA)
{
- DBG1("pkcs7 content type is not signedData");
+ DBG1(DBG_LIB, "pkcs7 content type is not signedData");
return FALSE;
}
@@ -202,7 +202,7 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data,
{
case PKCS7_SIGNED_VERSION:
version = object.len ? (int)*object.ptr : 0;
- DBG2(" v%d", version);
+ DBG2(DBG_LIB, " v%d", version);
break;
case PKCS7_DIGEST_ALG:
digest_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
@@ -217,7 +217,7 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data,
{
certificate_t *cert;
- DBG2(" parsing pkcs7-wrapped certificate");
+ DBG2(DBG_LIB, " parsing pkcs7-wrapped certificate");
cert = lib->creds->create(lib->creds,
CRED_CERTIFICATE, CERT_X509,
BUILD_BLOB_ASN1_DER, object,
@@ -230,17 +230,17 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data,
break;
case PKCS7_SIGNER_INFO:
signerInfos++;
- DBG2(" signer #%d", signerInfos);
+ DBG2(DBG_LIB, " signer #%d", signerInfos);
break;
case PKCS7_SIGNER_INFO_VERSION:
version = object.len ? (int)*object.ptr : 0;
- DBG2(" v%d", version);
+ DBG2(DBG_LIB, " v%d", version);
break;
case PKCS7_SIGNED_ISSUER:
{
identification_t *issuer = identification_create_from_encoding(
ID_DER_ASN1_DN, object);
- DBG2(" \"%Y\"", issuer);
+ DBG2(DBG_LIB, " \"%Y\"", issuer);
issuer->destroy(issuer);
break;
}
@@ -277,27 +277,27 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data,
scheme = signature_scheme_from_oid(digest_alg);
if (scheme == SIGN_UNKNOWN)
{
- DBG1("unsupported signature scheme");
+ DBG1(DBG_LIB, "unsupported signature scheme");
return FALSE;
}
if (signerInfos == 0)
{
- DBG1("no signerInfo object found");
+ DBG1(DBG_LIB, "no signerInfo object found");
return FALSE;
}
else if (signerInfos > 1)
{
- DBG1("more than one signerInfo object found");
+ DBG1(DBG_LIB, "more than one signerInfo object found");
return FALSE;
}
if (attributes->ptr == NULL)
{
- DBG1("no authenticatedAttributes object found");
+ DBG1(DBG_LIB, "no authenticatedAttributes object found");
return FALSE;
}
if (enc_alg != OID_RSA_ENCRYPTION)
{
- DBG1("only RSA digest encryption supported");
+ DBG1(DBG_LIB, "only RSA digest encryption supported");
return FALSE;
}
@@ -305,16 +305,16 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data,
key = cacert->get_public_key(cacert);
if (key == NULL)
{
- DBG1("no public key found in CA certificate");
+ DBG1(DBG_LIB, "no public key found in CA certificate");
return FALSE;
}
if (key->verify(key, scheme, *attributes, encrypted_digest))
{
- DBG2("signature is valid");
+ DBG2(DBG_LIB, "signature is valid");
}
else
{
- DBG1("invalid signature");
+ DBG1(DBG_LIB, "invalid signature");
success = FALSE;
}
key->destroy(key);
@@ -352,7 +352,7 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
}
if (cInfo.type != OID_PKCS7_ENVELOPED_DATA)
{
- DBG1("pkcs7 content type is not envelopedData");
+ DBG1(DBG_LIB, "pkcs7 content type is not envelopedData");
goto failed;
}
@@ -367,19 +367,19 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
{
case PKCS7_ENVELOPED_VERSION:
version = object.len ? (int)*object.ptr : 0;
- DBG2(" v%d", version);
+ DBG2(DBG_LIB, " v%d", version);
if (version != 0)
{
- DBG1("envelopedData version is not 0");
+ DBG1(DBG_LIB, "envelopedData version is not 0");
goto end;
}
break;
case PKCS7_RECIPIENT_INFO_VERSION:
version = object.len ? (int)*object.ptr : 0;
- DBG2(" v%d", version);
+ DBG2(DBG_LIB, " v%d", version);
if (version != 0)
{
- DBG1("recipient info version is not 0");
+ DBG1(DBG_LIB, "recipient info version is not 0");
goto end;
}
break;
@@ -387,14 +387,14 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
{
identification_t *issuer = identification_create_from_encoding(
ID_DER_ASN1_DN, object);
- DBG2(" \"%Y\"", issuer);
+ DBG2(DBG_LIB, " \"%Y\"", issuer);
issuer->destroy(issuer);
break;
}
case PKCS7_SERIAL_NUMBER:
if (!chunk_equals(serialNumber, object))
{
- DBG1("serial numbers do not match");
+ DBG1(DBG_LIB, "serial numbers do not match");
goto end;
}
break;
@@ -402,22 +402,22 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
enc_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
if (enc_alg != OID_RSA_ENCRYPTION)
{
- DBG1("only rsa encryption supported");
+ DBG1(DBG_LIB, "only rsa encryption supported");
goto end;
}
break;
case PKCS7_ENCRYPTED_KEY:
if (!key->decrypt(key, object, &symmetric_key))
{
- DBG1("symmetric key could not be decrypted with rsa");
+ DBG1(DBG_LIB, "symmetric key could not be decrypted with rsa");
goto end;
}
- DBG4("symmetric key %B", &symmetric_key);
+ DBG4(DBG_LIB, "symmetric key %B", &symmetric_key);
break;
case PKCS7_CONTENT_TYPE:
if (asn1_known_oid(object) != OID_PKCS7_DATA)
{
- DBG1("encrypted content not of type pkcs7 data");
+ DBG1(DBG_LIB, "encrypted content not of type pkcs7 data");
goto end;
}
break;
@@ -426,12 +426,12 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
if (content_enc_alg == OID_UNKNOWN)
{
- DBG1("unknown content encryption algorithm");
+ DBG1(DBG_LIB, "unknown content encryption algorithm");
goto end;
}
if (!asn1_parse_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV"))
{
- DBG1("IV could not be parsed");
+ DBG1(DBG_LIB, "IV could not be parsed");
goto end;
}
break;
@@ -459,28 +459,28 @@ end:
alg = encryption_algorithm_from_oid(content_enc_alg, &key_size);
if (alg == ENCR_UNDEFINED)
{
- DBG1("unsupported content encryption algorithm");
+ DBG1(DBG_LIB, "unsupported content encryption algorithm");
goto failed;
}
crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size);
if (crypter == NULL)
{
- DBG1("crypter %N not available", encryption_algorithm_names, alg);
+ DBG1(DBG_LIB, "crypter %N not available", encryption_algorithm_names, alg);
goto failed;
}
if (symmetric_key.len != crypter->get_key_size(crypter))
{
- DBG1("symmetric key length %d is wrong", symmetric_key.len);
+ DBG1(DBG_LIB, "symmetric key length %d is wrong", symmetric_key.len);
goto failed;
}
if (iv.len != crypter->get_block_size(crypter))
{
- DBG1("IV length %d is wrong", iv.len);
+ DBG1(DBG_LIB, "IV length %d is wrong", iv.len);
goto failed;
}
crypter->set_key(crypter, symmetric_key);
crypter->decrypt(crypter, encrypted_content, iv, data);
- DBG4("decrypted content with padding: %B", data);
+ DBG4(DBG_LIB, "decrypted content with padding: %B", data);
}
/* remove the padding */
@@ -491,7 +491,7 @@ end:
if (padding > data->len)
{
- DBG1("padding greater than data length");
+ DBG1(DBG_LIB, "padding greater than data length");
goto failed;
}
data->len -= padding;
@@ -500,7 +500,7 @@ end:
{
if (*pos-- != pattern)
{
- DBG1("wrong padding pattern");
+ DBG1(DBG_LIB, "wrong padding pattern");
goto failed;
}
}
@@ -631,7 +631,7 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes,
, asn1_wrap(ASN1_SET, "m", signerInfo));
cInfo = pkcs7_build_contentInfo(&signedData);
- DBG3("signedData %B", &cInfo);
+ DBG3(DBG_LIB, "signedData %B", &cInfo);
free(pkcs7Data.content.ptr);
free(signedData.content.ptr);
@@ -653,7 +653,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg
alg_key_size/BITS_PER_BYTE);
if (crypter == NULL)
{
- DBG1("crypter for %N not available", encryption_algorithm_names, alg);
+ DBG1(DBG_LIB, "crypter for %N not available", encryption_algorithm_names, alg);
return chunk_empty;
}
@@ -663,12 +663,12 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg
rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
rng->allocate_bytes(rng, crypter->get_key_size(crypter), &symmetricKey);
- DBG4("symmetric encryption key %B", &symmetricKey);
+ DBG4(DBG_LIB, "symmetric encryption key %B", &symmetricKey);
rng->destroy(rng);
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
rng->allocate_bytes(rng, crypter->get_block_size(crypter), &iv);
- DBG4("initialization vector: %B", &iv);
+ DBG4(DBG_LIB, "initialization vector: %B", &iv);
rng->destroy(rng);
}
@@ -680,7 +680,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg
in.len = data.len + padding;
in.ptr = malloc(in.len);
- DBG2("padding %u bytes of data to multiple block size of %u bytes",
+ DBG2(DBG_LIB, "padding %u bytes of data to multiple block size of %u bytes",
data.len, in.len);
/* copy data */
@@ -688,14 +688,14 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg
/* append padding */
memset(in.ptr + data.len, padding, padding);
}
- DBG3("padded unencrypted data %B", &in);
+ DBG3(DBG_LIB, "padded unencrypted data %B", &in);
/* symmetric encryption of data object */
crypter->set_key(crypter, symmetricKey);
crypter->encrypt(crypter, in, iv, &out);
crypter->destroy(crypter);
chunk_clear(&in);
- DBG3("encrypted data %B", &out);
+ DBG3(DBG_LIB, "encrypted data %B", &out);
/* protect symmetric key by public key encryption */
{
@@ -703,7 +703,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg
if (key == NULL)
{
- DBG1("public key not found in encryption certificate");
+ DBG1(DBG_LIB, "public key not found in encryption certificate");
chunk_clear(&symmetricKey);
chunk_free(&iv);
chunk_free(&out);
@@ -744,7 +744,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg
, encryptedContentInfo);
cInfo = pkcs7_build_contentInfo(&envelopedData);
- DBG3("envelopedData %B", &cInfo);
+ DBG3(DBG_LIB, "envelopedData %B", &cInfo);
chunk_free(&envelopedData.content);
chunk_free(&iv);
diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c
index 8b922df8c..aa04594bc 100644
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@@ -38,6 +38,7 @@
#include <freeswan.h>
+#include <hydra.h>
#include <library.h>
#include <debug.h>
#include <utils/enumerator.h>
@@ -74,6 +75,7 @@
#include "timer.h"
#include "vendor.h"
#include "builder.h"
+#include "whack_attribute.h"
static void usage(const char *mess)
{
@@ -242,7 +244,7 @@ static void print_plugins()
len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin);
}
enumerator->destroy(enumerator);
- DBG1("loaded plugins: %s", buf);
+ DBG1(DBG_DMN, "loaded plugins: %s", buf);
}
int main(int argc, char **argv)
@@ -273,6 +275,12 @@ int main(int argc, char **argv)
library_deinit();
exit(SS_RC_DAEMON_INTEGRITY);
}
+ if (!libhydra_init("pluto"))
+ {
+ libhydra_deinit();
+ library_deinit();
+ exit(SS_RC_INITIALIZATION_FAILED);
+ }
options = options_create();
/* handle arguments */
@@ -648,6 +656,7 @@ int main(int argc, char **argv)
{
plog("integrity tests enabled:");
plog("lib 'libstrongswan': passed file and segment integrity tests");
+ plog("lib 'libhydra': passed file and segment integrity tests");
plog("daemon 'pluto': passed file integrity test");
}
@@ -676,6 +685,7 @@ int main(int argc, char **argv)
init_myid();
fetch_initialize();
ac_initialize();
+ whack_attribute_initialize();
/* drop unneeded capabilities and change UID/GID */
prctl(PR_SET_KEEPCAPS, 1);
@@ -750,6 +760,7 @@ void exit_pluto(int status)
free_preshared_secrets();
free_remembered_public_keys();
delete_every_connection();
+ whack_attribute_finalize(); /* free in-memory pools */
fetch_finalize(); /* stop fetching thread */
free_crl_fetch(); /* free chain of crl fetch requests */
free_ocsp_fetch(); /* free chain of ocsp fetch requests */
@@ -770,6 +781,8 @@ void exit_pluto(int status)
free_builder();
delete_lock();
options->destroy(options);
+ lib->plugins->unload(lib->plugins);
+ libhydra_deinit();
library_deinit();
close_log();
exit(status);
diff --git a/src/pluto/rcv_whack.c b/src/pluto/rcv_whack.c
index 826a1aa6e..bf5ccb10c 100644
--- a/src/pluto/rcv_whack.c
+++ b/src/pluto/rcv_whack.c
@@ -57,6 +57,7 @@
#include "myid.h"
#include "kernel_alg.h"
#include "ike_alg.h"
+#include "whack_attribute.h"
/* helper variables and function to decode strings from whack message */
@@ -326,6 +327,8 @@ void whack_handle(int whackctlfd)
|| !unpack_str(&msg.ike) /* string 24 */
|| !unpack_str(&msg.esp) /* string 25 */
|| !unpack_str(&msg.sc_data) /* string 26 */
+ || !unpack_str(&msg.whack_lease_ip) /* string 27 */
+ || !unpack_str(&msg.whack_lease_id) /* string 28 */
|| str_roof - next_str != (ptrdiff_t)msg.keyval.len) /* check chunk */
{
ugh = "message from whack contains bad string";
@@ -376,7 +379,9 @@ void whack_handle(int whackctlfd)
}
if (msg.whack_myid)
+ {
set_myid(MYID_SPECIFIED, msg.myid);
+ }
/* Deleting combined with adding a connection works as replace.
* To make this more useful, in only this combination,
@@ -385,9 +390,13 @@ void whack_handle(int whackctlfd)
if (msg.whack_delete)
{
if (msg.whack_ca)
+ {
find_ca_info_by_name(msg.name, TRUE);
+ }
else
+ {
delete_connections_by_name(msg.name, !msg.whack_connection);
+ }
}
if (msg.whack_deletestate)
@@ -406,13 +415,19 @@ void whack_handle(int whackctlfd)
}
if (msg.whack_crash)
+ {
delete_states_by_peer(&msg.whack_crash_peer);
+ }
if (msg.whack_connection)
+ {
add_connection(&msg);
+ }
if (msg.whack_ca && msg.cacert != NULL)
+ {
add_ca_info(&msg);
+ }
/* process "listen" before any operation that could require it */
if (msg.whack_listen)
@@ -469,7 +484,12 @@ void whack_handle(int whackctlfd)
free_ocsp_cache();
}
- if (msg.whack_list & LIST_PUBKEYS)
+ if (msg.whack_leases)
+ {
+ list_leases(msg.name, msg.whack_lease_ip, msg.whack_lease_id);
+ }
+
+ if (msg.whack_list & LIST_PUBKEYS)
{
list_public_keys(msg.whack_utc);
}
@@ -552,12 +572,18 @@ void whack_handle(int whackctlfd)
{
set_cur_connection(c);
if (!oriented(*c))
+ {
whack_log(RC_ORIENT
, "we have no ipsecN interface for either end of this connection");
+ }
else if (c->policy & POLICY_GROUP)
+ {
route_group(c);
+ }
else if (!trap_connection(c))
+ {
whack_log(RC_ROUTE, "could not route");
+ }
reset_cur_connection();
}
}
@@ -584,14 +610,22 @@ void whack_handle(int whackctlfd)
for (sr = &c->spd; sr != NULL; sr = sr->next)
{
if (sr->routing >= RT_ROUTED_TUNNEL)
+ {
fail++;
+ }
}
if (fail > 0)
+ {
whack_log(RC_RTBUSY, "cannot unroute: route busy");
+ }
else if (c->policy & POLICY_GROUP)
+ {
unroute_group(c);
+ }
else
+ {
unroute_connection(c);
+ }
reset_cur_connection();
}
}
@@ -618,11 +652,15 @@ void whack_handle(int whackctlfd)
if (msg.whack_oppo_initiate)
{
if (!listening)
+ {
whack_log(RC_DEAF, "need --listen before opportunistic initiation");
+ }
else
+ {
initiate_opportunistic(&msg.oppo_my_client, &msg.oppo_peer_client, 0
, FALSE
, msg.whack_async? NULL_FD : dup_any(whackfd));
+ }
}
if (msg.whack_terminate)
@@ -639,7 +677,9 @@ void whack_handle(int whackctlfd)
}
if (msg.whack_status)
+ {
show_status(msg.whack_statusall, msg.name);
+ }
if (msg.whack_shutdown)
{
@@ -650,10 +690,14 @@ void whack_handle(int whackctlfd)
if (msg.whack_sc_op != SC_OP_NONE)
{
if (pkcs11_proxy)
+ {
scx_op_via_whack(msg.sc_data, msg.inbase, msg.outbase
, msg.whack_sc_op, msg.keyid, whackfd);
+ }
else
+ {
plog("pkcs11 access to smartcard not allowed (set pkcs11proxy=yes)");
+ }
}
whack_log_fd = NULL_FD;
diff --git a/src/pluto/timer.c b/src/pluto/timer.c
index 74806a40c..b112d67f6 100644
--- a/src/pluto/timer.c
+++ b/src/pluto/timer.c
@@ -48,7 +48,7 @@ time_t now(void)
{
static time_t delta = 0
, last_time = 0;
- time_t n = time((time_t)NULL);
+ time_t n = time(NULL);
passert(n != (time_t)-1);
if (last_time > n)
diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c
index 7d3c96c87..99cfc5734 100644
--- a/src/pluto/vendor.c
+++ b/src/pluto/vendor.c
@@ -198,6 +198,7 @@ static struct vid_struct _vid_tab[] = {
* strongSwan
*/
DEC_MD5_VID(STRONGSWAN, "strongSwan")
+
DEC_MD5_VID(STRONGSWAN_4_3_5, "strongSwan 4.3.5")
DEC_MD5_VID(STRONGSWAN_4_3_4, "strongSwan 4.3.4")
DEC_MD5_VID(STRONGSWAN_4_3_3, "strongSwan 4.3.3")
@@ -234,14 +235,6 @@ static struct vid_struct _vid_tab[] = {
DEC_MD5_VID(STRONGSWAN_4_1_2, "strongSwan 4.1.2")
DEC_MD5_VID(STRONGSWAN_4_1_1, "strongSwan 4.1.1")
DEC_MD5_VID(STRONGSWAN_4_1_0, "strongSwan 4.1.0")
- DEC_MD5_VID(STRONGSWAN_4_0_7, "strongSwan 4.0.7")
- DEC_MD5_VID(STRONGSWAN_4_0_6, "strongSwan 4.0.6")
- DEC_MD5_VID(STRONGSWAN_4_0_5, "strongSwan 4.0.5")
- DEC_MD5_VID(STRONGSWAN_4_0_4, "strongSwan 4.0.4")
- DEC_MD5_VID(STRONGSWAN_4_0_3, "strongSwan 4.0.3")
- DEC_MD5_VID(STRONGSWAN_4_0_2, "strongSwan 4.0.2")
- DEC_MD5_VID(STRONGSWAN_4_0_1, "strongSwan 4.0.1")
- DEC_MD5_VID(STRONGSWAN_4_0_0, "strongSwan 4.0.0")
DEC_MD5_VID(STRONGSWAN_2_8_11,"strongSwan 2.8.11")
DEC_MD5_VID(STRONGSWAN_2_8_10,"strongSwan 2.8.10")
@@ -255,34 +248,6 @@ static struct vid_struct _vid_tab[] = {
DEC_MD5_VID(STRONGSWAN_2_8_2, "strongSwan 2.8.2")
DEC_MD5_VID(STRONGSWAN_2_8_1, "strongSwan 2.8.1")
DEC_MD5_VID(STRONGSWAN_2_8_0, "strongSwan 2.8.0")
- DEC_MD5_VID(STRONGSWAN_2_7_3, "strongSwan 2.7.3")
- DEC_MD5_VID(STRONGSWAN_2_7_2, "strongSwan 2.7.2")
- DEC_MD5_VID(STRONGSWAN_2_7_1, "strongSwan 2.7.1")
- DEC_MD5_VID(STRONGSWAN_2_7_0, "strongSwan 2.7.0")
- DEC_MD5_VID(STRONGSWAN_2_6_4, "strongSwan 2.6.4")
- DEC_MD5_VID(STRONGSWAN_2_6_3, "strongSwan 2.6.3")
- DEC_MD5_VID(STRONGSWAN_2_6_2, "strongSwan 2.6.2")
- DEC_MD5_VID(STRONGSWAN_2_6_1, "strongSwan 2.6.1")
- DEC_MD5_VID(STRONGSWAN_2_6_0, "strongSwan 2.6.0")
- DEC_MD5_VID(STRONGSWAN_2_5_7, "strongSwan 2.5.7")
- DEC_MD5_VID(STRONGSWAN_2_5_6, "strongSwan 2.5.6")
- DEC_MD5_VID(STRONGSWAN_2_5_5, "strongSwan 2.5.5")
- DEC_MD5_VID(STRONGSWAN_2_5_4, "strongSwan 2.5.4")
- DEC_MD5_VID(STRONGSWAN_2_5_3, "strongSwan 2.5.3")
- DEC_MD5_VID(STRONGSWAN_2_5_2, "strongSwan 2.5.2")
- DEC_MD5_VID(STRONGSWAN_2_5_1, "strongSwan 2.5.1")
- DEC_MD5_VID(STRONGSWAN_2_5_0, "strongSwan 2.5.0")
- DEC_MD5_VID(STRONGSWAN_2_4_4, "strongSwan 2.4.4")
- DEC_MD5_VID(STRONGSWAN_2_4_3, "strongSwan 2.4.3")
- DEC_MD5_VID(STRONGSWAN_2_4_2, "strongSwan 2.4.2")
- DEC_MD5_VID(STRONGSWAN_2_4_1, "strongSwan 2.4.1")
- DEC_MD5_VID(STRONGSWAN_2_4_0, "strongSwan 2.4.0")
- DEC_MD5_VID(STRONGSWAN_2_3_2, "strongSwan 2.3.2")
- DEC_MD5_VID(STRONGSWAN_2_3_1, "strongSwan 2.3.1")
- DEC_MD5_VID(STRONGSWAN_2_3_0, "strongSwan 2.3.0")
- DEC_MD5_VID(STRONGSWAN_2_2_2, "strongSwan 2.2.2")
- DEC_MD5_VID(STRONGSWAN_2_2_1, "strongSwan 2.2.1")
- DEC_MD5_VID(STRONGSWAN_2_2_0, "strongSwan 2.2.0")
/* NAT-Traversal */
@@ -375,51 +340,63 @@ static void handle_known_vendorid (struct msg_digest *md, const char *vidstr,
bool vid_useful = FALSE;
size_t i, j;
- switch (vid->id) {
- /* Remote side supports OpenPGP certificates */
- case VID_OPENPGP:
- md->openpgp = TRUE;
- vid_useful = TRUE;
- break;
+ switch (vid->id)
+ {
+ /* Remote side is a strongSwan host */
+ case VID_STRONGSWAN:
+ vid_useful = TRUE;
+ break;
+
+ /* Remote side supports OpenPGP certificates */
+ case VID_OPENPGP:
+ md->openpgp = TRUE;
+ vid_useful = TRUE;
+ break;
- /*
- * Use most recent supported NAT-Traversal method and ignore the
- * other ones (implementations will send all supported methods but
- * only one will be used)
- *
- * Note: most recent == higher id in vendor.h
- */
- case VID_NATT_IETF_00:
- if (!nat_traversal_support_non_ike)
+ /* Remote side is a Windows 2000+ host */
+ case VID_MS_NT5:
+ md->ms_nt5 = TRUE;
+ vid_useful = TRUE;
break;
- if ((nat_traversal_enabled) && (!md->nat_traversal_vid))
- {
- md->nat_traversal_vid = vid->id;
+
+ /*
+ * Use most recent supported NAT-Traversal method and ignore the
+ * other ones (implementations will send all supported methods but
+ * only one will be used)
+ *
+ * Note: most recent == higher id in vendor.h
+ */
+ case VID_NATT_IETF_00:
+ if (!nat_traversal_support_non_ike)
+ break;
+ if ((nat_traversal_enabled) && (!md->nat_traversal_vid))
+ {
+ md->nat_traversal_vid = vid->id;
+ vid_useful = TRUE;
+ }
+ break;
+ case VID_NATT_IETF_02:
+ case VID_NATT_IETF_02_N:
+ case VID_NATT_IETF_03:
+ case VID_NATT_RFC:
+ if (nat_traversal_support_port_floating
+ && md->nat_traversal_vid < vid->id)
+ {
+ md->nat_traversal_vid = vid->id;
+ vid_useful = TRUE;
+ }
+ break;
+
+ /* Remote side would like to do DPD with us on this connection */
+ case VID_MISC_DPD:
+ md->dpd = TRUE;
vid_useful = TRUE;
- }
- break;
- case VID_NATT_IETF_02:
- case VID_NATT_IETF_02_N:
- case VID_NATT_IETF_03:
- case VID_NATT_RFC:
- if (nat_traversal_support_port_floating
- && md->nat_traversal_vid < vid->id)
- {
- md->nat_traversal_vid = vid->id;
+ break;
+ case VID_MISC_XAUTH:
vid_useful = TRUE;
- }
- break;
-
- /* Remote side would like to do DPD with us on this connection */
- case VID_MISC_DPD:
- md->dpd = TRUE;
- vid_useful = TRUE;
- break;
- case VID_MISC_XAUTH:
- vid_useful = TRUE;
- break;
- default:
- break;
+ break;
+ default:
+ break;
}
if (vid->flags & VID_SUBSTRING_DUMPHEXA)
diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h
index 3df1a8196..ac6b0d420 100644
--- a/src/pluto/vendor.h
+++ b/src/pluto/vendor.h
@@ -53,56 +53,21 @@ enum known_vendorid {
VID_VISTA_AUTHIP2 = 34,
VID_VISTA_AUTHIP3 = 35,
- VID_STRONGSWAN = 37,
- VID_STRONGSWAN_2_2_0 = 38,
- VID_STRONGSWAN_2_2_1 = 39,
- VID_STRONGSWAN_2_2_2 = 40,
- VID_STRONGSWAN_2_3_0 = 41,
- VID_STRONGSWAN_2_3_1 = 42,
- VID_STRONGSWAN_2_3_2 = 43,
- VID_STRONGSWAN_2_4_0 = 44,
- VID_STRONGSWAN_2_4_1 = 45,
- VID_STRONGSWAN_2_4_2 = 46,
- VID_STRONGSWAN_2_4_3 = 47,
- VID_STRONGSWAN_2_4_4 = 48,
- VID_STRONGSWAN_2_5_0 = 49,
- VID_STRONGSWAN_2_5_1 = 50,
- VID_STRONGSWAN_2_5_2 = 51,
- VID_STRONGSWAN_2_5_3 = 52,
- VID_STRONGSWAN_2_5_4 = 53,
- VID_STRONGSWAN_2_5_5 = 54,
- VID_STRONGSWAN_2_5_6 = 55,
- VID_STRONGSWAN_2_5_7 = 56,
- VID_STRONGSWAN_2_6_0 = 57,
- VID_STRONGSWAN_2_6_1 = 58,
- VID_STRONGSWAN_2_6_2 = 59,
- VID_STRONGSWAN_2_6_3 = 60,
- VID_STRONGSWAN_2_6_4 = 61,
- VID_STRONGSWAN_2_7_0 = 62,
- VID_STRONGSWAN_2_7_1 = 63,
- VID_STRONGSWAN_2_7_2 = 64,
- VID_STRONGSWAN_2_7_3 = 65,
- VID_STRONGSWAN_2_8_0 = 66,
- VID_STRONGSWAN_2_8_1 = 67,
- VID_STRONGSWAN_2_8_2 = 68,
- VID_STRONGSWAN_2_8_3 = 69,
- VID_STRONGSWAN_2_8_4 = 70,
- VID_STRONGSWAN_2_8_5 = 71,
- VID_STRONGSWAN_2_8_6 = 72,
- VID_STRONGSWAN_2_8_7 = 73,
- VID_STRONGSWAN_2_8_8 = 74,
- VID_STRONGSWAN_2_8_9 = 75,
- VID_STRONGSWAN_2_8_10 = 76,
- VID_STRONGSWAN_2_8_11 = 77,
+ VID_STRONGSWAN = 36,
+
+ VID_STRONGSWAN_2_8_0 = 37,
+ VID_STRONGSWAN_2_8_1 = 38,
+ VID_STRONGSWAN_2_8_2 = 39,
+ VID_STRONGSWAN_2_8_3 = 40,
+ VID_STRONGSWAN_2_8_4 = 41,
+ VID_STRONGSWAN_2_8_5 = 42,
+ VID_STRONGSWAN_2_8_6 = 43,
+ VID_STRONGSWAN_2_8_7 = 44,
+ VID_STRONGSWAN_2_8_8 = 45,
+ VID_STRONGSWAN_2_8_9 = 46,
+ VID_STRONGSWAN_2_8_10 = 47,
+ VID_STRONGSWAN_2_8_11 = 48,
- VID_STRONGSWAN_4_0_0 = 80,
- VID_STRONGSWAN_4_0_1 = 81,
- VID_STRONGSWAN_4_0_2 = 82,
- VID_STRONGSWAN_4_0_3 = 83,
- VID_STRONGSWAN_4_0_4 = 84,
- VID_STRONGSWAN_4_0_5 = 85,
- VID_STRONGSWAN_4_0_6 = 86,
- VID_STRONGSWAN_4_0_7 = 87,
VID_STRONGSWAN_4_1_0 = 88,
VID_STRONGSWAN_4_1_1 = 89,
VID_STRONGSWAN_4_1_2 = 90,
@@ -115,7 +80,6 @@ enum known_vendorid {
VID_STRONGSWAN_4_1_9 = 97,
VID_STRONGSWAN_4_1_10 = 98,
VID_STRONGSWAN_4_1_11 = 99,
-
VID_STRONGSWAN_4_2_0 =100,
VID_STRONGSWAN_4_2_1 =101,
VID_STRONGSWAN_4_2_2 =102,
diff --git a/src/pluto/whack_attribute.c b/src/pluto/whack_attribute.c
new file mode 100644
index 000000000..6a12f0c09
--- /dev/null
+++ b/src/pluto/whack_attribute.c
@@ -0,0 +1,365 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "whack_attribute.h"
+
+#include "log.h"
+
+/* these are defined as constants in constant.h but redefined as enum values in
+ * attributes/attributes.h */
+#undef INTERNAL_IP4_SERVER
+#undef INTERNAL_IP6_SERVER
+
+#include <hydra.h>
+#include <attributes/mem_pool.h>
+#include <utils/linked_list.h>
+#include <threading/rwlock.h>
+
+typedef struct private_whack_attribute_t private_whack_attribute_t;
+
+/**
+ * private data of whack_attribute
+ */
+struct private_whack_attribute_t {
+
+ /**
+ * public functions
+ */
+ whack_attribute_t public;
+
+ /**
+ * list of pools, contains mem_pool_t
+ */
+ linked_list_t *pools;
+
+ /**
+ * rwlock to lock access to pools
+ */
+ rwlock_t *lock;
+};
+
+/**
+ * global object
+ */
+whack_attribute_t *whack_attr;
+
+/**
+ * compare pools by name
+ */
+static bool pool_match(mem_pool_t *current, char *name)
+{
+ return name && streq(name, current->get_name(current));
+}
+
+/**
+ * find a pool by name
+ */
+static mem_pool_t *find_pool(private_whack_attribute_t *this, char *name)
+{
+ mem_pool_t *found;
+ if (this->pools->find_first(this->pools, (linked_list_match_t)pool_match,
+ (void**)&found, name) == SUCCESS)
+ {
+ return found;
+ }
+ return NULL;
+}
+
+METHOD(attribute_provider_t, acquire_address, host_t*,
+ private_whack_attribute_t *this, char *name, identification_t *id,
+ host_t *requested)
+{
+ mem_pool_t *pool;
+ host_t *addr = NULL;
+ this->lock->read_lock(this->lock);
+ pool = find_pool(this, name);
+ if (pool)
+ {
+ addr = pool->acquire_address(pool, id, requested);
+ }
+ this->lock->unlock(this->lock);
+ return addr;
+}
+
+METHOD(attribute_provider_t, release_address, bool,
+ private_whack_attribute_t *this, char *name, host_t *address,
+ identification_t *id)
+{
+ mem_pool_t *pool;
+ bool found = FALSE;
+ this->lock->read_lock(this->lock);
+ pool = find_pool(this, name);
+ if (pool)
+ {
+ found = pool->release_address(pool, address, id);
+ }
+ this->lock->unlock(this->lock);
+ return found;
+}
+
+METHOD(whack_attribute_t, add_pool, bool,
+ private_whack_attribute_t *this, const char *name,
+ const whack_end_t *right)
+{
+ mem_pool_t *pool;
+ host_t *base = NULL;
+ u_int32_t bits = 0;
+
+ /* named pool */
+ if (right->sourceip_mask <= 0)
+ {
+ return FALSE;
+ }
+
+ /* if %config, add an empty pool, otherwise */
+ if (right->sourceip)
+ {
+ DBG(DBG_CONTROL,
+ DBG_log("adding virtual IP address pool '%s': %s/%d",
+ name, right->sourceip, right->sourceip_mask);
+ );
+ base = host_create_from_string(right->sourceip, 0);
+ if (!base)
+ {
+ loglog(RC_LOG_SERIOUS, "virtual IP address invalid, discarded");
+ return FALSE;
+ }
+ bits = right->sourceip_mask;
+ }
+ pool = mem_pool_create((char*)name, base, bits);
+ DESTROY_IF(base);
+
+ this->lock->write_lock(this->lock);
+ this->pools->insert_last(this->pools, pool);
+ this->lock->unlock(this->lock);
+ return TRUE;
+}
+
+METHOD(whack_attribute_t, del_pool, void,
+ private_whack_attribute_t *this, char *name)
+{
+ enumerator_t *enumerator;
+ mem_pool_t *pool;
+
+ this->lock->write_lock(this->lock);
+ enumerator = this->pools->create_enumerator(this->pools);
+ while (enumerator->enumerate(enumerator, &pool))
+ {
+ if (streq(name, pool->get_name(pool)))
+ {
+ DBG(DBG_CONTROL,
+ DBG_log("deleting virtual IP address pool '%s'", name)
+ );
+ this->pools->remove_at(this->pools, enumerator);
+ pool->destroy(pool);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+}
+
+/**
+ * Pool enumerator filter function, converts pool_t to name, size, ...
+ */
+static bool pool_filter(void *lock, mem_pool_t **poolp, const char **name,
+ void *d1, u_int *size, void *d2, u_int *online,
+ void *d3, u_int *offline)
+{
+ mem_pool_t *pool = *poolp;
+ *name = pool->get_name(pool);
+ *size = pool->get_size(pool);
+ *online = pool->get_online(pool);
+ *offline = pool->get_offline(pool);
+ return TRUE;
+}
+
+METHOD(whack_attribute_t, create_pool_enumerator, enumerator_t*,
+ private_whack_attribute_t *this)
+{
+ this->lock->read_lock(this->lock);
+ return enumerator_create_filter(this->pools->create_enumerator(this->pools),
+ (void*)pool_filter,
+ this->lock, (void*)this->lock->unlock);
+}
+
+METHOD(whack_attribute_t, create_lease_enumerator, enumerator_t*,
+ private_whack_attribute_t *this, char *name)
+{
+ mem_pool_t *pool;
+ this->lock->read_lock(this->lock);
+ pool = find_pool(this, name);
+ if (!pool)
+ {
+ this->lock->unlock(this->lock);
+ return NULL;
+ }
+ return enumerator_create_cleaner(pool->create_lease_enumerator(pool),
+ (void*)this->lock->unlock, this->lock);
+}
+
+/**
+ * see header file
+ */
+void whack_attribute_finalize()
+{
+ private_whack_attribute_t *this;
+
+ if (whack_attr)
+ {
+ this = (private_whack_attribute_t*)whack_attr;
+ hydra->attributes->remove_provider(hydra->attributes,
+ &this->public.provider);
+ this->lock->destroy(this->lock);
+ this->pools->destroy_offset(this->pools, offsetof(mem_pool_t, destroy));
+ free(this);
+ }
+}
+
+/**
+ * see header file
+ */
+void whack_attribute_initialize()
+{
+ private_whack_attribute_t *this;
+
+ INIT(this,
+ .public = {
+ .provider = {
+ .acquire_address = _acquire_address,
+ .release_address = _release_address,
+ .create_attribute_enumerator = enumerator_create_empty,
+ },
+ .add_pool = _add_pool,
+ .del_pool = _del_pool,
+ .create_pool_enumerator = _create_pool_enumerator,
+ .create_lease_enumerator = _create_lease_enumerator,
+ },
+ .pools = linked_list_create(),
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
+
+ hydra->attributes->add_provider(hydra->attributes, &this->public.provider);
+
+ whack_attr = &this->public;
+}
+
+/**
+ * list leases of a single pool
+ */
+static void pool_leases(char *pool, host_t *address,
+ identification_t *identification,
+ u_int size, u_int online, u_int offline)
+{
+
+ enumerator_t *enumerator;
+ identification_t *id;
+ host_t *lease;
+ bool on, found = FALSE;
+
+ whack_log(RC_COMMENT, "Leases in pool '%s', usage: %lu/%lu, %lu online",
+ pool, online + offline, size, online);
+ enumerator = whack_attr->create_lease_enumerator(whack_attr, pool);
+ while (enumerator && enumerator->enumerate(enumerator, &id, &lease, &on))
+ {
+ if ((!address && !identification) ||
+ (address && address->ip_equals(address, lease)) ||
+ (identification && identification->equals(identification, id)))
+ {
+ whack_log(RC_COMMENT, " %15H %s '%Y'",
+ lease, on ? "online" : "offline", id);
+ found = TRUE;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!found)
+ {
+ whack_log(RC_COMMENT, " no matching leases found");
+ }
+}
+
+/**
+ * see header file
+ */
+void list_leases(char *name, char *addr, char *id)
+{
+ identification_t *identification = NULL;
+ host_t *address = NULL;
+ bool found = FALSE;
+ enumerator_t *enumerator;
+ u_int size, online, offline;
+ char *pool;
+
+ if (addr)
+ {
+ address = host_create_from_string(addr, 0);
+ }
+ if (id)
+ {
+ identification = identification_create_from_string(id);
+ }
+
+ enumerator = whack_attr->create_pool_enumerator(whack_attr);
+ while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline))
+ {
+ if (!name || streq(name, pool))
+ {
+ pool_leases(pool, address, identification, size, online, offline);
+ found = TRUE;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!found)
+ {
+ if (name)
+ {
+ whack_log(RC_COMMENT, "pool '%s' not found", name);
+ }
+ else
+ {
+ whack_log(RC_COMMENT, "no pools found");
+ }
+ }
+ DESTROY_IF(identification);
+ DESTROY_IF(address);
+}
+
+/**
+ * see header file
+ */
+void show_pools(const char *name)
+{
+ enumerator_t *enumerator;
+ u_int size, online, offline;
+ char *pool;
+ bool first = TRUE;
+
+ enumerator = whack_attr->create_pool_enumerator(whack_attr);
+ while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline))
+ {
+ if (name && !streq(name, pool))
+ {
+ continue;
+ }
+ if (first)
+ {
+ first = FALSE;
+ whack_log(RC_COMMENT, "Virtual IP pools (size/online/offline):");
+ }
+ whack_log(RC_COMMENT, "\"%s\": %u/%u/%u", pool, size, online, offline);
+ }
+ enumerator->destroy(enumerator);
+}
diff --git a/src/pluto/whack_attribute.h b/src/pluto/whack_attribute.h
new file mode 100644
index 000000000..58441b973
--- /dev/null
+++ b/src/pluto/whack_attribute.h
@@ -0,0 +1,111 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup whack_attribute
+ * @{ @ingroup pluto
+ */
+
+#ifndef WHACK_ATTRIBUTE_H_
+#define WHACK_ATTRIBUTE_H_
+
+#include <whack.h>
+#include <attributes/attribute_provider.h>
+
+typedef struct whack_attribute_t whack_attribute_t;
+
+/**
+ * Whack attribute provider (basically an in-memory IP address pool)
+ */
+struct whack_attribute_t {
+
+ /**
+ * Implements attribute provider interface
+ */
+ attribute_provider_t provider;
+
+ /**
+ * Add a virtual IP address pool.
+ *
+ * @param name name of the pool
+ * @param right "right" end of whack message
+ * @return TRUE, if the pool was successfully added
+ */
+ bool (*add_pool)(whack_attribute_t *this, const char *name,
+ const whack_end_t *right);
+
+ /**
+ * Remove a virtual IP address pool.
+ *
+ * @param name name of the pool
+ */
+ void (*del_pool)(whack_attribute_t *this, char *name);
+
+ /**
+ * Create an enumerator over installed pools.
+ *
+ * Enumerator enumerates over
+ * char *pool, u_int size, u_int offline, u_int online.
+ *
+ * @return enumerator
+ */
+ enumerator_t* (*create_pool_enumerator)(whack_attribute_t *this);
+
+ /**
+ * Create an enumerator over the leases of a pool.
+ *
+ * Enumerator enumerates over
+ * identification_t *id, host_t *address, bool online
+ *
+ * @param name name of the pool to enumerate
+ * @return enumerator, NULL if pool not found
+ */
+ enumerator_t* (*create_lease_enumerator)(whack_attribute_t *this,
+ char *name);
+};
+
+/**
+ * Global object to manage pools. Set between calls to
+ * whack_attribute_initialize() and whack_attribute_finalize().
+ */
+extern whack_attribute_t *whack_attr;
+
+/**
+ * Initialize the whack attribute provider
+ */
+void whack_attribute_initialize();
+
+/**
+ * Finalize the whack attribute provider
+ */
+void whack_attribute_finalize();
+
+/**
+ * List the leases matching the given parameters.
+ *
+ * @param name name of the pool, NULL for all pools
+ * @param addr ip address of the lease to list, NULL to ignore
+ * @param id id of the lease to list, NULL to ignore
+ */
+void list_leases(char *name, char *addr, char *id);
+
+/**
+ * List either all pools or the pool with a given name
+ *
+ * @param name name of the pool, NULL for all pools
+ */
+void show_pools(const char *name);
+
+#endif /** WHACK_ATTRIBUTE_H_ @}*/
diff --git a/src/pluto/x509.c b/src/pluto/x509.c
index d8e887955..0a29830ea 100644
--- a/src/pluto/x509.c
+++ b/src/pluto/x509.c
@@ -419,11 +419,11 @@ void list_x509cert_chain(const char *caption, cert_t* cert,
check_expiry(notAfter, CA_CERT_WARNING_INTERVAL, TRUE));
key = certificate->get_public_key(certificate);
- if (key);
+ if (key)
{
whack_log(RC_COMMENT, " pubkey: %N %4d bits%s",
key_type_names, key->get_type(key),
- key->get_keysize(key) * BITS_PER_BYTE,
+ key->get_keysize(key) * BITS_PER_BYTE,
cert->smartcard ? ", on smartcard" :
(has_private_key(cert)? ", has private key" : ""));
diff --git a/src/scepclient/Makefile.am b/src/scepclient/Makefile.am
index 3693b7532..dd4a4a63d 100644
--- a/src/scepclient/Makefile.am
+++ b/src/scepclient/Makefile.am
@@ -1,16 +1,20 @@
ipsec_PROGRAMS = scepclient
scepclient_SOURCES = scepclient.c scep.c scep.h loglite.c
+scepclient.o : $(top_builddir)/config.status
+
PLUTODIR=$(top_srcdir)/src/pluto
OPENACDIR=$(top_srcdir)/src/openac
WHACKDIR=$(top_srcdir)/src/whack
LIBFREESWANDIR=$(top_srcdir)/src/libfreeswan
LIBSTRONGSWANDIR=$(top_srcdir)/src/libstrongswan
+LIBHYDRADIR=$(top_srcdir)/src/libhydra
LIBCRYPTODIR=$(top_srcdir)/src/libcrypto
INCLUDES = \
-I$(LIBFREESWANDIR) \
-I$(LIBSTRONGSWANDIR) \
+-I$(LIBHYDRADIR) \
-I$(PLUTODIR) \
-I$(LIBCRYPTODIR) \
-I$(WHACKDIR)
diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in
index 8438b81f9..db930756a 100644
--- a/src/scepclient/Makefile.in
+++ b/src/scepclient/Makefile.in
@@ -228,6 +228,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -268,10 +269,12 @@ OPENACDIR = $(top_srcdir)/src/openac
WHACKDIR = $(top_srcdir)/src/whack
LIBFREESWANDIR = $(top_srcdir)/src/libfreeswan
LIBSTRONGSWANDIR = $(top_srcdir)/src/libstrongswan
+LIBHYDRADIR = $(top_srcdir)/src/libhydra
LIBCRYPTODIR = $(top_srcdir)/src/libcrypto
INCLUDES = \
-I$(LIBFREESWANDIR) \
-I$(LIBSTRONGSWANDIR) \
+-I$(LIBHYDRADIR) \
-I$(PLUTODIR) \
-I$(LIBCRYPTODIR) \
-I$(WHACKDIR)
@@ -659,6 +662,8 @@ uninstall-man: uninstall-man8
uninstall-man uninstall-man8
+scepclient.o : $(top_builddir)/config.status
+
constants.o : $(PLUTODIR)/constants.c $(PLUTODIR)/constants.h
$(COMPILE) $(INCLUDES) -c -o $@ $<
diff --git a/src/scepclient/loglite.c b/src/scepclient/loglite.c
index 539bb5f72..96dc54390 100644
--- a/src/scepclient/loglite.c
+++ b/src/scepclient/loglite.c
@@ -41,7 +41,7 @@ bool
/**
* @brief scepclient dbg function
*/
-static void scepclient_dbg(int level, char *fmt, ...)
+static void scepclient_dbg(debug_t group, level_t level, char *fmt, ...)
{
int priority = LOG_INFO;
int debug_level;
diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c
index 576ce1dc5..385f6f328 100644
--- a/src/scepclient/scepclient.c
+++ b/src/scepclient/scepclient.c
@@ -289,7 +289,7 @@ static void print_plugins()
len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin);
}
enumerator->destroy(enumerator);
- DBG1(" loaded plugins: %s", buf);
+ DBG1(DBG_LIB, " loaded plugins: %s", buf);
}
/**
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index 7524b5f26..a235013f2 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -38,7 +38,7 @@ if USE_CHARON
AM_CFLAGS += -DSTART_CHARON
endif
-lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h
+lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h y.tab.h
$(LEX) $(srcdir)/parser.l
y.tab.c: $(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 79ea9de32..11449f465 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -232,6 +232,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -718,7 +719,7 @@ uninstall-man: uninstall-man5 uninstall-man8
uninstall-man8
-lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h
+lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h y.tab.h
$(LEX) $(srcdir)/parser.l
y.tab.c: $(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h
diff --git a/src/starter/args.c b/src/starter/args.c
index ebbd42cc8..512f2f46f 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -248,11 +248,12 @@ static const token_info_t token_info[] =
/* end keywords */
{ ARG_MISC, 0, NULL /* KW_HOST */ },
+ { ARG_UINT, offsetof(starter_end_t, ikeport), NULL },
{ ARG_MISC, 0, NULL /* KW_NEXTHOP */ },
{ ARG_STR, offsetof(starter_end_t, subnet), NULL },
{ ARG_MISC, 0, NULL /* KW_SUBNETWITHIN */ },
{ ARG_MISC, 0, NULL /* KW_PROTOPORT */ },
- { ARG_MISC, 0, NULL /* KW_SOURCEIP */ },
+ { ARG_STR, offsetof(starter_end_t, sourceip), NULL },
{ ARG_MISC, 0, NULL /* KW_NATIP */ },
{ ARG_ENUM, offsetof(starter_end_t, firewall), LST_bool },
{ ARG_ENUM, offsetof(starter_end_t, hostaccess), LST_bool },
diff --git a/src/starter/cmp.c b/src/starter/cmp.c
index 8462a4819..33a057b44 100644
--- a/src/starter/cmp.c
+++ b/src/starter/cmp.c
@@ -43,6 +43,7 @@ starter_cmp_end(starter_end_t *c1, starter_end_t *c2)
{
ADDCMP(addr);
}
+ VARCMP(ikeport);
ADDCMP(nexthop);
VARCMP(has_client);
VARCMP(has_client_wildcard);
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 07cc11503..e9b9028d5 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -96,6 +96,8 @@ static void default_values(starter_config_t *cfg)
anyaddr(AF_INET, &cfg->conn_default.left.nexthop);
anyaddr(AF_INET, &cfg->conn_default.right.addr);
anyaddr(AF_INET, &cfg->conn_default.right.nexthop);
+ cfg->conn_default.left.ikeport = 500;
+ cfg->conn_default.right.ikeport = 500;
cfg->ca_default.seen = LEMPTY;
}
@@ -105,8 +107,7 @@ static void default_values(starter_config_t *cfg)
else if (streq(kw->value, sn)) { conn->policy &= ~fl; } \
else { plog("# bad policy value: %s=%s", kw->entry->name, kw->value); cfg->err++; }
-static void
-load_setup(starter_config_t *cfg, config_parsed_t *cfgp)
+static void load_setup(starter_config_t *cfg, config_parsed_t *cfgp)
{
kw_list_t *kw;
@@ -193,11 +194,13 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
streq(value, "%config") || streq(value, "%cfg"))
{
/* request ip via config payload */
+ free(end->sourceip);
end->sourceip = NULL;
end->sourceip_mask = 1;
}
else
{ /* %poolname, strip %, serve ip requests */
+ free(end->sourceip);
end->sourceip = clone_str(value+1);
end->sourceip_mask = 0;
}
@@ -221,6 +224,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
goto err;
}
*pos = '\0';
+ free(end->sourceip);
end->sourceip = clone_str(value);
end->sourceip_mask = atoi(pos + 1);
}
@@ -232,7 +236,6 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
plog("# bad addr: %s=%s [%s]", name, value, ugh);
goto err;
}
- end->sourceip = clone_str(value);
end->sourceip_mask = (conn->tunnel_addr_family == AF_INET) ?
32 : 128;
}
@@ -419,8 +422,8 @@ err:
/*
* handles left|right=<FQDN> DNS resolution failure
*/
-static void
-handle_dns_failure( const char *label, starter_end_t *end, starter_config_t *cfg)
+static void handle_dns_failure(const char *label, starter_end_t *end,
+ starter_config_t *cfg)
{
if (end->dns_failed)
{
@@ -440,8 +443,8 @@ handle_dns_failure( const char *label, starter_end_t *end, starter_config_t *cfg
/*
* handles left|rightfirewall and left|rightupdown parameters
*/
-static void
-handle_firewall( const char *label, starter_end_t *end, starter_config_t *cfg)
+static void handle_firewall(const char *label, starter_end_t *end,
+ starter_config_t *cfg)
{
if (end->firewall && (end->seen & LELEM(KW_FIREWALL - KW_END_FIRST)))
{
@@ -461,8 +464,7 @@ handle_firewall( const char *label, starter_end_t *end, starter_config_t *cfg)
/*
* parse a conn section
*/
-static void
-load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
+static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
{
char *conn_name = (conn->name == NULL)? "%default":conn->name;
@@ -718,8 +720,7 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
/*
* initialize a conn object with the default conn
*/
-static void
-conn_default(char *name, starter_conn_t *conn, starter_conn_t *def)
+static void conn_default(char *name, starter_conn_t *conn, starter_conn_t *def)
{
memcpy(conn, def, sizeof(starter_conn_t));
conn->name = clone_str(name);
@@ -732,8 +733,7 @@ conn_default(char *name, starter_conn_t *conn, starter_conn_t *def)
/*
* parse a ca section
*/
-static void
-load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg)
+static void load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg)
{
char *ca_name = (ca->name == NULL)? "%default":ca->name;
@@ -786,8 +786,7 @@ load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg)
/*
* initialize a ca object with the default ca
*/
-static void
-ca_default(char *name, starter_ca_t *ca, starter_ca_t *def)
+static void ca_default(char *name, starter_ca_t *ca, starter_ca_t *def)
{
memcpy(ca, def, sizeof(starter_ca_t));
ca->name = clone_str(name);
@@ -795,11 +794,11 @@ ca_default(char *name, starter_ca_t *ca, starter_ca_t *def)
clone_args(KW_CA_FIRST, KW_CA_LAST, (char *)ca, (char *)def);
}
-static kw_list_t*
-find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg);
+static kw_list_t* find_also_conn(const char* name, starter_conn_t *conn,
+ starter_config_t *cfg);
-static void
-load_also_conns(starter_conn_t *conn, also_t *also, starter_config_t *cfg)
+static void load_also_conns(starter_conn_t *conn, also_t *also,
+ starter_config_t *cfg)
{
while (also != NULL)
{
@@ -825,8 +824,8 @@ load_also_conns(starter_conn_t *conn, also_t *also, starter_config_t *cfg)
/*
* find a conn included by also
*/
-static kw_list_t*
-find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg)
+static kw_list_t* find_also_conn(const char* name, starter_conn_t *conn,
+ starter_config_t *cfg)
{
starter_conn_t *c = cfg->conn_first;
@@ -852,11 +851,10 @@ find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg)
return NULL;
}
-static kw_list_t*
-find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg);
+static kw_list_t* find_also_ca(const char* name, starter_ca_t *ca,
+ starter_config_t *cfg);
-static void
-load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg)
+static void load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg)
{
while (also != NULL)
{
@@ -882,8 +880,8 @@ load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg)
/*
* find a ca included by also
*/
-static kw_list_t*
-find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg)
+static kw_list_t* find_also_ca(const char* name, starter_ca_t *ca,
+ starter_config_t *cfg)
{
starter_ca_t *c = cfg->ca_first;
@@ -912,8 +910,7 @@ find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg)
/*
* free the memory used by also_t objects
*/
-static void
-free_also(also_t *head)
+static void free_also(also_t *head)
{
while (head != NULL)
{
@@ -928,8 +925,7 @@ free_also(also_t *head)
/*
* free the memory used by a starter_conn_t object
*/
-static void
-confread_free_conn(starter_conn_t *conn)
+static void confread_free_conn(starter_conn_t *conn)
{
free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left);
free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->right);
@@ -950,8 +946,7 @@ confread_free_ca(starter_ca_t *ca)
/*
* free the memory used by a starter_config_t object
*/
-void
-confread_free(starter_config_t *cfg)
+void confread_free(starter_config_t *cfg)
{
starter_conn_t *conn = cfg->conn_first;
starter_ca_t *ca = cfg->ca_first;
@@ -986,8 +981,7 @@ confread_free(starter_config_t *cfg)
/*
* load and parse an IPsec configuration file
*/
-starter_config_t *
-confread_load(const char *file)
+starter_config_t* confread_load(const char *file)
{
starter_config_t *cfg = NULL;
config_parsed_t *cfgp;
diff --git a/src/starter/confread.h b/src/starter/confread.h
index 7f3211628..199fab642 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -66,6 +66,7 @@ struct starter_end {
char *groups;
char *iface;
ip_address addr;
+ u_int ikeport;
ip_address nexthop;
char *subnet;
bool has_client;
diff --git a/src/starter/ipsec.conf.5 b/src/starter/ipsec.conf.5
index d4dd7238f..4cb1cb0fc 100644
--- a/src/starter/ipsec.conf.5
+++ b/src/starter/ipsec.conf.5
@@ -604,6 +604,13 @@ identity to use for a second authentication for the left participant
(IKEv2 only); defaults to
.BR leftid .
.TP
+.B leftikeport
+UDP port the left participant uses for IKE communication. Currently supported in
+IKEv2 connections only. If unspecified, port 500 is used with port floating to
+4500 if NAT is detected or MOBIKE enabled. Specifying a local IKE port
+different from the default additionally requires a socket implementation that
+listens to this port.
+.TP
.B leftnexthop
this parameter is not needed any more because the NETKEY IPsec stack does
not require explicit routing entries for the traffic to be tunneled.
diff --git a/src/starter/keywords.c b/src/starter/keywords.c
index e379f78e9..df39f0dc7 100644
--- a/src/starter/keywords.c
+++ b/src/starter/keywords.c
@@ -54,12 +54,12 @@ struct kw_entry {
kw_token_t token;
};
-#define TOTAL_KEYWORDS 119
+#define TOTAL_KEYWORDS 121
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 17
-#define MIN_HASH_VALUE 17
-#define MAX_HASH_VALUE 215
-/* maximum key range = 199, duplicates = 0 */
+#define MIN_HASH_VALUE 11
+#define MAX_HASH_VALUE 230
+/* maximum key range = 220, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -75,32 +75,32 @@ hash (str, len)
{
static const unsigned char asso_values[] =
{
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 12,
- 78, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 4, 216, 20, 216, 45,
- 55, 4, 77, 14, 78, 4, 216, 119, 4, 89,
- 46, 34, 29, 216, 6, 12, 5, 56, 34, 216,
- 4, 20, 5, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 26,
+ 75, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 2, 231, 25, 231, 40,
+ 61, 2, 114, 24, 3, 2, 231, 101, 2, 96,
+ 48, 35, 23, 231, 4, 10, 3, 69, 25, 231,
+ 2, 18, 16, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231
};
register int hval = len;
@@ -128,119 +128,121 @@ static const struct kw_entry wordlist[] =
{"right", KW_RIGHT},
{"lifetime", KW_KEYLIFE},
{"leftcert", KW_LEFTCERT,},
+ {"reauth", KW_REAUTH},
{"leftfirewall", KW_LEFTFIREWALL},
{"leftsendcert", KW_LEFTSENDCERT},
+ {"rightikeport", KW_RIGHTIKEPORT},
{"leftprotoport", KW_LEFTPROTOPORT},
{"type", KW_TYPE},
- {"rekey", KW_REKEY},
{"leftgroups", KW_LEFTGROUPS},
+ {"rekey", KW_REKEY},
{"rightsubnet", KW_RIGHTSUBNET},
{"rightsendcert", KW_RIGHTSENDCERT},
+ {"righthostaccess", KW_RIGHTHOSTACCESS},
+ {"xauth", KW_XAUTH},
{"leftallowany", KW_LEFTALLOWANY},
- {"rightgroups", KW_RIGHTGROUPS},
{"esp", KW_ESP},
+ {"leftnexthop", KW_LEFTNEXTHOP},
{"lifebytes", KW_LIFEBYTES},
{"rightrsasigkey", KW_RIGHTRSASIGKEY},
- {"lifepackets", KW_LIFEPACKETS},
- {"leftnexthop", KW_LEFTNEXTHOP},
+ {"rightauth", KW_RIGHTAUTH},
{"leftrsasigkey", KW_LEFTRSASIGKEY},
- {"leftca", KW_LEFTCA},
- {"eap", KW_EAP},
- {"strictcrlpolicy", KW_STRICTCRLPOLICY},
{"rightprotoport", KW_RIGHTPROTOPORT},
{"plutostart", KW_PLUTOSTART},
- {"also", KW_ALSO},
- {"rightallowany", KW_RIGHTALLOWANY},
+ {"strictcrlpolicy", KW_STRICTCRLPOLICY},
+ {"lifepackets", KW_LIFEPACKETS},
+ {"rightgroups", KW_RIGHTGROUPS},
{"rightsourceip", KW_RIGHTSOURCEIP},
+ {"eap", KW_EAP},
{"crluri", KW_CRLURI},
- {"leftnatip", KW_LEFTNATIP},
- {"lefthostaccess", KW_LEFTHOSTACCESS},
+ {"hidetos", KW_HIDETOS},
{"rightcert", KW_RIGHTCERT},
{"certuribase", KW_CERTURIBASE},
+ {"leftca", KW_LEFTCA},
+ {"leftnatip", KW_LEFTNATIP},
+ {"rightallowany", KW_RIGHTALLOWANY},
+ {"lefthostaccess", KW_LEFTHOSTACCESS},
+ {"crlcheckinterval", KW_CRLCHECKINTERVAL},
+ {"also", KW_ALSO},
{"packetdefault", KW_PACKETDEFAULT},
+ {"virtual_private", KW_VIRTUAL_PRIVATE},
{"plutostderrlog", KW_PLUTOSTDERRLOG},
- {"crluri1", KW_CRLURI},
- {"crlcheckinterval", KW_CRLCHECKINTERVAL},
+ {"leftsourceip", KW_LEFTSOURCEIP},
{"rightid", KW_RIGHTID},
- {"virtual_private", KW_VIRTUAL_PRIVATE},
- {"leftsubnet", KW_LEFTSUBNET},
{"cacert", KW_CACERT},
{"rightca", KW_RIGHTCA},
- {"leftsourceip", KW_LEFTSOURCEIP},
+ {"crluri1", KW_CRLURI},
{"inactivity", KW_INACTIVITY},
{"rightsubnetwithin", KW_RIGHTSUBNETWITHIN},
{"installpolicy", KW_INSTALLPOLICY},
- {"nat_traversal", KW_NAT_TRAVERSAL},
- {"ldapbase", KW_LDAPBASE},
+ {"leftauth", KW_LEFTAUTH},
{"leftupdown", KW_LEFTUPDOWN},
+ {"leftsubnet", KW_LEFTSUBNET},
{"rightnatip", KW_RIGHTNATIP},
{"ocspuri", KW_OCSPURI},
{"rightnexthop", KW_RIGHTNEXTHOP},
{"leftcert2", KW_LEFTCERT2,},
{"rightid2", KW_RIGHTID2},
- {"rekeyfuzz", KW_REKEYFUZZ},
+ {"nat_traversal", KW_NAT_TRAVERSAL},
{"compress", KW_COMPRESS},
- {"rightfirewall", KW_RIGHTFIREWALL},
- {"ocspuri1", KW_OCSPURI},
- {"ldaphost", KW_LDAPHOST},
- {"xauth", KW_XAUTH},
+ {"ldapbase", KW_LDAPBASE},
+ {"auth", KW_AUTH},
{"postpluto", KW_POSTPLUTO},
- {"eap_identity", KW_EAP_IDENTITY},
- {"plutodebug", KW_PLUTODEBUG},
+ {"charonstart", KW_CHARONSTART},
+ {"ike", KW_IKE},
+ {"ldaphost", KW_LDAPHOST},
{"leftca2", KW_LEFTCA2},
- {"auto", KW_AUTO},
- {"righthostaccess", KW_RIGHTHOSTACCESS},
{"dpddelay", KW_DPDDELAY},
- {"rightauth", KW_RIGHTAUTH},
+ {"ocspuri1", KW_OCSPURI},
{"rightauth2", KW_RIGHTAUTH2},
- {"pfs", KW_PFS},
- {"authby", KW_AUTHBY},
- {"rightupdown", KW_RIGHTUPDOWN},
+ {"eap_identity", KW_EAP_IDENTITY},
+ {"leftikeport", KW_LEFTIKEPORT},
+ {"plutodebug", KW_PLUTODEBUG},
+ {"cachecrls", KW_CACHECRLS},
+ {"charondebug", KW_CHARONDEBUG},
+ {"crluri2", KW_CRLURI2},
+ {"rightca2", KW_RIGHTCA2},
+ {"mediated_by", KW_MEDIATED_BY},
+ {"rightcert2", KW_RIGHTCERT2},
{"leftid", KW_LEFTID},
+ {"auto", KW_AUTO},
+ {"rightupdown", KW_RIGHTUPDOWN},
+ {"rightfirewall", KW_RIGHTFIREWALL},
+ {"authby", KW_AUTHBY},
{"leftsubnetwithin", KW_LEFTSUBNETWITHIN},
{"uniqueids", KW_UNIQUEIDS},
- {"dumpdir", KW_DUMPDIR},
- {"mediated_by", KW_MEDIATED_BY},
- {"ike", KW_IKE},
- {"cachecrls", KW_CACHECRLS},
{"prepluto", KW_PREPLUTO},
- {"force_keepalive", KW_FORCE_KEEPALIVE},
- {"hidetos", KW_HIDETOS},
+ {"keep_alive", KW_KEEP_ALIVE},
{"mobike", KW_MOBIKE},
- {"forceencaps", KW_FORCEENCAPS},
{"overridemtu", KW_OVERRIDEMTU},
- {"crluri2", KW_CRLURI2},
- {"rightca2", KW_RIGHTCA2},
- {"rightcert2", KW_RIGHTCERT2},
+ {"dumpdir", KW_DUMPDIR},
{"dpdaction", KW_DPDACTION},
- {"nocrsend", KW_NOCRSEND},
+ {"rekeyfuzz", KW_REKEYFUZZ},
{"leftid2", KW_LEFTID2},
- {"interfaces", KW_INTERFACES},
- {"leftauth", KW_LEFTAUTH},
+ {"keyingtries", KW_KEYINGTRIES},
+ {"pfs", KW_PFS},
+ {"nocrsend", KW_NOCRSEND},
+ {"keyexchange", KW_KEYEXCHANGE},
{"leftauth2", KW_LEFTAUTH2},
{"mediation", KW_MEDIATION},
{"rekeymargin", KW_REKEYMARGIN},
- {"keep_alive", KW_KEEP_ALIVE},
- {"auth", KW_AUTH},
- {"keyingtries", KW_KEYINGTRIES},
- {"me_peerid", KW_ME_PEERID},
- {"fragicmp", KW_FRAGICMP},
- {"margintime", KW_REKEYMARGIN},
{"ocspuri2", KW_OCSPURI2},
- {"reauth", KW_REAUTH},
{"pkcs11module", KW_PKCS11MODULE},
- {"pfsgroup", KW_PFSGROUP},
- {"marginbytes", KW_MARGINBYTES},
{"pkcs11keepstate", KW_PKCS11KEEPSTATE},
- {"marginpackets", KW_MARGINPACKETS},
- {"modeconfig", KW_MODECONFIG},
- {"keyexchange", KW_KEYEXCHANGE},
- {"charonstart", KW_CHARONSTART},
+ {"force_keepalive", KW_FORCE_KEEPALIVE},
+ {"me_peerid", KW_ME_PEERID},
+ {"forceencaps", KW_FORCEENCAPS},
{"pkcs11initargs", KW_PKCS11INITARGS},
- {"dpdtimeout", KW_DPDTIMEOUT},
{"pkcs11proxy", KW_PKCS11PROXY},
- {"charondebug", KW_CHARONDEBUG},
+ {"margintime", KW_REKEYMARGIN},
+ {"interfaces", KW_INTERFACES},
+ {"fragicmp", KW_FRAGICMP},
+ {"marginbytes", KW_MARGINBYTES},
+ {"marginpackets", KW_MARGINPACKETS},
+ {"dpdtimeout", KW_DPDTIMEOUT},
{"klipsdebug", KW_KLIPSDEBUG},
+ {"modeconfig", KW_MODECONFIG},
+ {"pfsgroup", KW_PFSGROUP},
{"keylife", KW_KEYLIFE},
{"ikelifetime", KW_IKELIFETIME}
};
@@ -248,27 +250,29 @@ static const struct kw_entry wordlist[] =
static const short lookup[] =
{
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, 0, -1, -1,
- 1, -1, -1, -1, 2, 3, -1, -1, 4, 5,
- -1, -1, 6, 7, -1, 8, 9, -1, 10, -1,
- 11, -1, -1, -1, 12, -1, -1, 13, 14, 15,
- 16, 17, 18, 19, 20, -1, 21, 22, 23, -1,
- 24, -1, 25, 26, 27, 28, 29, -1, 30, 31,
- 32, -1, 33, 34, 35, 36, 37, 38, -1, 39,
- -1, 40, 41, 42, 43, 44, -1, 45, -1, 46,
- -1, 47, -1, 48, -1, 49, 50, 51, -1, 52,
- 53, 54, -1, 55, 56, 57, 58, 59, -1, -1,
- 60, 61, 62, 63, 64, 65, 66, 67, 68, -1,
- -1, 69, 70, 71, 72, -1, 73, 74, 75, 76,
- 77, 78, -1, 79, 80, 81, -1, 82, 83, 84,
- 85, 86, -1, 87, 88, -1, -1, 89, 90, 91,
- 92, 93, -1, 94, -1, -1, 95, 96, 97, -1,
- 98, 99, -1, -1, -1, 100, -1, -1, -1, 101,
- -1, 102, 103, -1, -1, -1, 104, 105, 106, 107,
- 108, 109, -1, 110, -1, 111, 112, -1, 113, -1,
- -1, 114, -1, -1, 115, -1, -1, -1, -1, -1,
- -1, -1, 116, -1, -1, -1, -1, -1, -1, -1,
- -1, 117, -1, -1, -1, 118
+ -1, 0, -1, -1, 1, -1, 2, 3, 4, -1,
+ 5, 6, -1, 7, 8, -1, -1, 9, 10, 11,
+ 12, -1, 13, -1, 14, 15, 16, -1, 17, -1,
+ 18, 19, 20, 21, -1, 22, 23, -1, 24, 25,
+ 26, 27, 28, 29, 30, -1, -1, 31, 32, 33,
+ 34, 35, 36, 37, 38, -1, 39, 40, -1, 41,
+ -1, -1, -1, 42, 43, -1, 44, 45, 46, 47,
+ 48, 49, -1, 50, 51, 52, 53, 54, 55, 56,
+ 57, 58, 59, -1, -1, 60, -1, -1, 61, -1,
+ -1, 62, -1, -1, 63, 64, -1, -1, 65, 66,
+ -1, 67, 68, 69, -1, -1, 70, -1, 71, 72,
+ 73, -1, -1, -1, 74, -1, 75, -1, 76, 77,
+ 78, 79, 80, 81, 82, 83, 84, 85, 86, 87,
+ 88, 89, 90, 91, 92, 93, -1, 94, 95, -1,
+ 96, -1, -1, -1, 97, -1, 98, 99, 100, -1,
+ -1, 101, 102, -1, 103, -1, -1, 104, 105, -1,
+ 106, -1, 107, -1, 108, -1, -1, -1, -1, 109,
+ -1, 110, -1, -1, 111, -1, -1, -1, -1, 112,
+ 113, -1, 114, 115, -1, -1, -1, -1, 116, -1,
+ 117, -1, -1, 118, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, 119, -1, -1, -1,
+ 120
};
#ifdef __GNUC__
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 8be31d148..6c3907a6a 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -118,6 +118,7 @@ typedef enum {
/* end keywords */
KW_HOST,
KW_NEXTHOP,
+ KW_IKEPORT,
KW_SUBNET,
KW_SUBNETWITHIN,
KW_PROTOPORT,
@@ -145,6 +146,7 @@ typedef enum {
/* left end keywords */
KW_LEFT,
+ KW_LEFTIKEPORT,
KW_LEFTNEXTHOP,
KW_LEFTSUBNET,
KW_LEFTSUBNETWITHIN,
@@ -172,6 +174,7 @@ typedef enum {
/* right end keywords */
KW_RIGHT,
+ KW_RIGHTIKEPORT,
KW_RIGHTNEXTHOP,
KW_RIGHTSUBNET,
KW_RIGHTSUBNETWITHIN,
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index adf3069bf..12037a685 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -98,6 +98,7 @@ ocspuri1, KW_OCSPURI
ocspuri2, KW_OCSPURI2
certuribase, KW_CERTURIBASE
left, KW_LEFT
+leftikeport, KW_LEFTIKEPORT
leftnexthop, KW_LEFTNEXTHOP
leftsubnet, KW_LEFTSUBNET
leftsubnetwithin, KW_LEFTSUBNETWITHIN
@@ -120,6 +121,7 @@ leftca, KW_LEFTCA
leftca2, KW_LEFTCA2
leftgroups, KW_LEFTGROUPS
right, KW_RIGHT
+rightikeport, KW_RIGHTIKEPORT
rightnexthop, KW_RIGHTNEXTHOP
rightsubnet, KW_RIGHTSUBNET
rightsubnetwithin, KW_RIGHTSUBNETWITHIN
diff --git a/src/starter/lex.yy.c b/src/starter/lex.yy.c
index 4596c0cc3..13bf87f0b 100644
--- a/src/starter/lex.yy.c
+++ b/src/starter/lex.yy.c
@@ -513,7 +513,8 @@ char *yytext;
#define MAX_INCLUDE_DEPTH 20
extern void yyerror(const char *);
-extern int yylex (void);
+extern int yylex(void);
+extern int yylex_destroy(void);
static struct {
int stack_ptr;
@@ -557,6 +558,7 @@ void _parser_y_fini (void)
fclose(__parser_y_private.file[i]);
}
memset(&__parser_y_private, 0, sizeof(__parser_y_private));
+ yylex_destroy();
}
int _parser_y_include (const char *filename)
@@ -617,7 +619,7 @@ int _parser_y_include (const char *filename)
return 0;
}
-#line 621 "lex.yy.c"
+#line 623 "lex.yy.c"
#define INITIAL 0
@@ -805,10 +807,10 @@ YY_DECL
register char *yy_cp, *yy_bp;
register int yy_act;
-#line 133 "./parser.l"
+#line 135 "./parser.l"
-#line 812 "lex.yy.c"
+#line 814 "lex.yy.c"
if ( !(yy_init) )
{
@@ -893,7 +895,7 @@ do_action: /* This label is used only to access EOF actions. */
goto yy_find_action;
case YY_STATE_EOF(INITIAL):
-#line 135 "./parser.l"
+#line 137 "./parser.l"
{
if (__parser_y_private.filename[__parser_y_private.stack_ptr]) {
free(__parser_y_private.filename[__parser_y_private.stack_ptr]);
@@ -913,23 +915,23 @@ case YY_STATE_EOF(INITIAL):
YY_BREAK
case 1:
YY_RULE_SETUP
-#line 152 "./parser.l"
+#line 154 "./parser.l"
return FIRST_SPACES;
YY_BREAK
case 2:
YY_RULE_SETUP
-#line 154 "./parser.l"
+#line 156 "./parser.l"
/* ignore spaces in line */ ;
YY_BREAK
case 3:
YY_RULE_SETUP
-#line 156 "./parser.l"
+#line 158 "./parser.l"
return EQUAL;
YY_BREAK
case 4:
/* rule 4 can match eol */
YY_RULE_SETUP
-#line 158 "./parser.l"
+#line 160 "./parser.l"
{
__parser_y_private.line[__parser_y_private.stack_ptr]++;
return EOL;
@@ -937,37 +939,37 @@ YY_RULE_SETUP
YY_BREAK
case 5:
YY_RULE_SETUP
-#line 163 "./parser.l"
+#line 165 "./parser.l"
return CONFIG;
YY_BREAK
case 6:
YY_RULE_SETUP
-#line 164 "./parser.l"
+#line 166 "./parser.l"
return SETUP;
YY_BREAK
case 7:
YY_RULE_SETUP
-#line 165 "./parser.l"
+#line 167 "./parser.l"
return CONN;
YY_BREAK
case 8:
YY_RULE_SETUP
-#line 166 "./parser.l"
+#line 168 "./parser.l"
return CA;
YY_BREAK
case 9:
YY_RULE_SETUP
-#line 167 "./parser.l"
+#line 169 "./parser.l"
return INCLUDE;
YY_BREAK
case 10:
YY_RULE_SETUP
-#line 168 "./parser.l"
+#line 170 "./parser.l"
return FILE_VERSION;
YY_BREAK
case 11:
YY_RULE_SETUP
-#line 170 "./parser.l"
+#line 172 "./parser.l"
{
yylval.s = strdup(yytext);
return STRING;
@@ -975,7 +977,7 @@ YY_RULE_SETUP
YY_BREAK
case 12:
YY_RULE_SETUP
-#line 175 "./parser.l"
+#line 177 "./parser.l"
{
yylval.s = strdup(yytext+1);
if (yylval.s) yylval.s[strlen(yylval.s)-1]='\0';
@@ -984,15 +986,15 @@ YY_RULE_SETUP
YY_BREAK
case 13:
YY_RULE_SETUP
-#line 181 "./parser.l"
+#line 183 "./parser.l"
yyerror(yytext);
YY_BREAK
case 14:
YY_RULE_SETUP
-#line 183 "./parser.l"
+#line 185 "./parser.l"
ECHO;
YY_BREAK
-#line 996 "lex.yy.c"
+#line 998 "lex.yy.c"
case YY_END_OF_BUFFER:
{
@@ -1954,7 +1956,7 @@ void yyfree (void * ptr )
#define YYTABLES_NAME "yytables"
-#line 183 "./parser.l"
+#line 185 "./parser.l"
diff --git a/src/starter/parser.l b/src/starter/parser.l
index 5857c0815..c45847c5c 100644
--- a/src/starter/parser.l
+++ b/src/starter/parser.l
@@ -24,7 +24,8 @@
#define MAX_INCLUDE_DEPTH 20
extern void yyerror(const char *);
-extern int yylex (void);
+extern int yylex(void);
+extern int yylex_destroy(void);
static struct {
int stack_ptr;
@@ -68,6 +69,7 @@ void _parser_y_fini (void)
fclose(__parser_y_private.file[i]);
}
memset(&__parser_y_private, 0, sizeof(__parser_y_private));
+ yylex_destroy();
}
int _parser_y_include (const char *filename)
diff --git a/src/starter/parser.y b/src/starter/parser.y
index 4533228c2..b0b1f6f21 100644
--- a/src/starter/parser.y
+++ b/src/starter/parser.y
@@ -156,21 +156,20 @@ statement_kw:
%%
-void
-yyerror(const char *s)
+void yyerror(const char *s)
{
if (_save_errors_)
_parser_y_error(parser_errstring, ERRSTRING_LEN, s);
}
-config_parsed_t *
-parser_load_conf(const char *file)
+config_parsed_t *parser_load_conf(const char *file)
{
config_parsed_t *cfg = NULL;
int err = 0;
FILE *f;
- extern void _parser_y_init (const char *f);
+ extern void _parser_y_init(const char *f);
+ extern void _parser_y_fini(void);
extern FILE *yyin;
memset(parser_errstring, 0, ERRSTRING_LEN+1);
@@ -231,11 +230,11 @@ parser_load_conf(const char *file)
cfg = NULL;
}
+ _parser_y_fini();
return cfg;
}
-static void
-parser_free_kwlist(kw_list_t *list)
+static void parser_free_kwlist(kw_list_t *list)
{
kw_list_t *elt;
@@ -248,8 +247,7 @@ parser_free_kwlist(kw_list_t *list)
}
}
-void
-parser_free_conf(config_parsed_t *cfg)
+void parser_free_conf(config_parsed_t *cfg)
{
section_list_t *sec;
if (cfg)
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 0aab76d43..50ef9c07b 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -28,6 +28,7 @@
#include <grp.h>
#include <freeswan.h>
+#include <library.h>
#include "../pluto/constants.h"
#include "../pluto/defs.h"
@@ -245,6 +246,9 @@ int main (int argc, char **argv)
log_to_stderr = TRUE;
base_debugging = DBG_NONE;
+ library_init(NULL);
+ atexit(library_deinit);
+
/* parse command line */
for (i = 1; i < argc; i++)
{
@@ -358,6 +362,7 @@ int main (int argc, char **argv)
if (stat(STARTER_PID_FILE, &stb) == 0)
{
plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE);
+ confread_free(cfg);
exit(LSB_RC_SUCCESS);
}
@@ -388,6 +393,7 @@ int main (int argc, char **argv)
plog("can't fork: %s", strerror(errno));
break;
default:
+ confread_free(cfg);
exit(LSB_RC_SUCCESS);
}
}
@@ -422,11 +428,8 @@ int main (int argc, char **argv)
confread_free(cfg);
unlink(STARTER_PID_FILE);
unlink(INFO_FILE);
-#ifdef LEAK_DETECTIVE
- report_leaks();
-#endif /* LEAK_DETECTIVE */
- close_log();
plog("ipsec starter stopped");
+ close_log();
exit(LSB_RC_SUCCESS);
}
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 665350c00..d877661ec 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -186,6 +186,7 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
msg_end->updown = push_string(msg, conn_end->updown);
ip_address2string(&conn_end->addr, buffer, sizeof(buffer));
msg_end->address = push_string(msg, buffer);
+ msg_end->ikeport = conn_end->ikeport;
msg_end->subnets = push_string(msg, conn_end->subnet);
msg_end->sourceip = push_string(msg, conn_end->sourceip);
msg_end->sourceip_mask = conn_end->sourceip_mask;
diff --git a/src/starter/starterwhack.c b/src/starter/starterwhack.c
index 67916395f..527142a4e 100644
--- a/src/starter/starterwhack.c
+++ b/src/starter/starterwhack.c
@@ -91,6 +91,8 @@ static int send_whack_msg (whack_message_t *msg)
|| !pack_str(&msg->ike, &str_next, &str_roof)
|| !pack_str(&msg->esp, &str_next, &str_roof)
|| !pack_str(&msg->sc_data, &str_next, &str_roof)
+ || !pack_str(&msg->whack_lease_ip, &str_next, &str_roof)
+ || !pack_str(&msg->whack_lease_id, &str_next, &str_roof)
|| (str_roof - str_next < msg->keyval.len))
{
plog("send_wack_msg(): can't pack strings");
@@ -138,14 +140,12 @@ static void init_whack_msg(whack_message_t *msg)
msg->magic = WHACK_MAGIC;
}
-static char *connection_name(starter_conn_t *conn)
+static char *connection_name(starter_conn_t *conn, char *buf, size_t size)
{
/* if connection name is '%auto', create a new name like conn_xxxxx */
- static char buf[32];
-
if (streq(conn->name, "%auto"))
{
- sprintf(buf, "conn_%ld", conn->id);
+ snprintf(buf, size, "conn_%ld", conn->id);
return buf;
}
return conn->name;
@@ -161,7 +161,7 @@ static void set_whack_end(whack_end_t *w, starter_end_t *end, sa_family_t family
w->has_client = end->has_client;
w->sourceip = end->sourceip;
w->sourceip_mask = end->sourceip_mask;
-
+
if (end->sourceip && end->sourceip_mask > 0)
{
ttoaddr(end->sourceip, 0, ip_version(end->sourceip), &w->host_srcip);
@@ -226,10 +226,11 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end
{
const char *err;
static char keyspace[1024 + 4];
- char buf[ADDRTOT_BUF];
+ char buf[ADDRTOT_BUF], name[32];
whack_message_t msg;
init_whack_msg(&msg);
+ connection_name(conn, name, sizeof(name));
msg.whack_key = TRUE;
msg.pubkey_alg = PUBKEY_ALG_RSA;
@@ -246,7 +247,7 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end
err = atobytes(end->rsakey, 0, keyspace, sizeof(keyspace), &msg.keyval.len);
if (err)
{
- plog("conn %s/%s: rsakey malformed [%s]", connection_name(conn), lr, err);
+ plog("conn %s/%s: rsakey malformed [%s]", name, lr, err);
return 1;
}
if (end->id)
@@ -266,13 +267,14 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end
int starter_whack_add_conn(starter_conn_t *conn)
{
+ char esp_buf[256], name[32];
whack_message_t msg;
int r;
init_whack_msg(&msg);
msg.whack_connection = TRUE;
- msg.name = connection_name(conn);
+ msg.name = connection_name(conn, name, sizeof(name));
msg.ikev1 = conn->keyexchange != KEY_EXCHANGE_IKEV2;
msg.addr_family = conn->addr_family;
@@ -302,8 +304,6 @@ int starter_whack_add_conn(starter_conn_t *conn)
/* taken from pluto/whack.c */
if (msg.pfsgroup)
{
- char esp_buf[256];
-
snprintf(esp_buf, sizeof (esp_buf), "%s;%s"
, msg.esp ? msg.esp : ""
, msg.pfsgroup ? msg.pfsgroup : "");
@@ -331,32 +331,35 @@ int starter_whack_add_conn(starter_conn_t *conn)
int starter_whack_del_conn(starter_conn_t *conn)
{
+ char name[32];
whack_message_t msg;
init_whack_msg(&msg);
msg.whack_delete = TRUE;
- msg.name = connection_name(conn);
+ msg.name = connection_name(conn, name, sizeof(name));
return send_whack_msg(&msg);
}
int starter_whack_route_conn(starter_conn_t *conn)
{
+ char name[32];
whack_message_t msg;
init_whack_msg(&msg);
msg.whack_route = TRUE;
- msg.name = connection_name(conn);
+ msg.name = connection_name(conn, name, sizeof(name));
return send_whack_msg(&msg);
}
int starter_whack_initiate_conn(starter_conn_t *conn)
{
+ char name[32];
whack_message_t msg;
init_whack_msg(&msg);
msg.whack_initiate = TRUE;
msg.whack_async = TRUE;
- msg.name = connection_name(conn);
+ msg.name = connection_name(conn, name, sizeof(name));
return send_whack_msg(&msg);
}
diff --git a/src/starter/y.tab.c b/src/starter/y.tab.c
index b78c1b1f9..504b5589e 100644
--- a/src/starter/y.tab.c
+++ b/src/starter/y.tab.c
@@ -1,24 +1,23 @@
-/* A Bison parser, made by GNU Bison 2.3. */
-/* Skeleton implementation for Bison's Yacc-like parsers in C
+/* A Bison parser, made by GNU Bison 2.4.1. */
- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+/* Skeleton implementation for Bison's Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
Free Software Foundation, Inc.
-
- This program is free software; you can redistribute it and/or modify
+
+ This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA. */
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
@@ -29,7 +28,7 @@
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
-
+
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
@@ -47,7 +46,7 @@
#define YYBISON 1
/* Bison version. */
-#define YYBISON_VERSION "2.3"
+#define YYBISON_VERSION "2.4.1"
/* Skeleton name. */
#define YYSKELETON_NAME "yacc.c"
@@ -55,45 +54,20 @@
/* Pure parsers. */
#define YYPURE 0
-/* Using locations. */
-#define YYLSP_NEEDED 0
-
+/* Push parsers. */
+#define YYPUSH 0
+/* Pull parsers. */
+#define YYPULL 1
-/* Tokens. */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
- /* Put the tokens into the symbol table, so that GDB and other debuggers
- know about them. */
- enum yytokentype {
- EQUAL = 258,
- FIRST_SPACES = 259,
- EOL = 260,
- CONFIG = 261,
- SETUP = 262,
- CONN = 263,
- CA = 264,
- INCLUDE = 265,
- FILE_VERSION = 266,
- STRING = 267
- };
-#endif
-/* Tokens. */
-#define EQUAL 258
-#define FIRST_SPACES 259
-#define EOL 260
-#define CONFIG 261
-#define SETUP 262
-#define CONN 263
-#define CA 264
-#define INCLUDE 265
-#define FILE_VERSION 266
-#define STRING 267
-
+/* Using locations. */
+#define YYLSP_NEEDED 0
/* Copy the first part of user declarations. */
+
+/* Line 189 of yacc.c */
#line 1 "./parser.y"
/* strongSwan config file parser (parser.y)
@@ -148,6 +122,9 @@ extern kw_entry_t *in_word_set (char *str, unsigned int len);
+/* Line 189 of yacc.c */
+#line 127 "y.tab.c"
+
/* Enabling traces. */
#ifndef YYDEBUG
# define YYDEBUG 0
@@ -166,25 +143,63 @@ extern kw_entry_t *in_word_set (char *str, unsigned int len);
# define YYTOKEN_TABLE 0
#endif
+
+/* Tokens. */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+ /* Put the tokens into the symbol table, so that GDB and other debuggers
+ know about them. */
+ enum yytokentype {
+ EQUAL = 258,
+ FIRST_SPACES = 259,
+ EOL = 260,
+ CONFIG = 261,
+ SETUP = 262,
+ CONN = 263,
+ CA = 264,
+ INCLUDE = 265,
+ FILE_VERSION = 266,
+ STRING = 267
+ };
+#endif
+/* Tokens. */
+#define EQUAL 258
+#define FIRST_SPACES 259
+#define EOL 260
+#define CONFIG 261
+#define SETUP 262
+#define CONN 263
+#define CA 264
+#define INCLUDE 265
+#define FILE_VERSION 266
+#define STRING 267
+
+
+
+
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
+{
+
+/* Line 214 of yacc.c */
#line 54 "./parser.y"
-{ char *s; }
-/* Line 187 of yacc.c. */
-#line 175 "y.tab.c"
- YYSTYPE;
+ char *s;
+
+
+/* Line 214 of yacc.c */
+#line 191 "y.tab.c"
+} YYSTYPE;
+# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
#endif
-
/* Copy the second part of user declarations. */
-/* Line 216 of yacc.c. */
-#line 188 "y.tab.c"
+/* Line 264 of yacc.c */
+#line 203 "y.tab.c"
#ifdef short
# undef short
@@ -259,14 +274,14 @@ typedef short int yytype_int16;
#if (defined __STDC__ || defined __C99__FUNC__ \
|| defined __cplusplus || defined _MSC_VER)
static int
-YYID (int i)
+YYID (int yyi)
#else
static int
-YYID (i)
- int i;
+YYID (yyi)
+ int yyi;
#endif
{
- return i;
+ return yyi;
}
#endif
@@ -347,9 +362,9 @@ void free (void *); /* INFRINGES ON USER NAME SPACE */
/* A type that is properly aligned for any stack member. */
union yyalloc
{
- yytype_int16 yyss;
- YYSTYPE yyvs;
- };
+ yytype_int16 yyss_alloc;
+ YYSTYPE yyvs_alloc;
+};
/* The size of the maximum gap between one aligned stack and the next. */
# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
@@ -383,12 +398,12 @@ union yyalloc
elements in the stack, and YYPTR gives the new location of the
stack. Advance YYPTR to a properly aligned location for the next
stack. */
-# define YYSTACK_RELOCATE(Stack) \
+# define YYSTACK_RELOCATE(Stack_alloc, Stack) \
do \
{ \
YYSIZE_T yynewbytes; \
- YYCOPY (&yyptr->Stack, Stack, yysize); \
- Stack = &yyptr->Stack; \
+ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \
+ Stack = &yyptr->Stack_alloc; \
yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
yyptr += yynewbytes / sizeof (*yyptr); \
} \
@@ -484,7 +499,7 @@ static const char *const yytname[] =
{
"$end", "error", "$undefined", "EQUAL", "FIRST_SPACES", "EOL", "CONFIG",
"SETUP", "CONN", "CA", "INCLUDE", "FILE_VERSION", "STRING", "$accept",
- "config_file", "section_or_include", "@1", "@2", "@3", "@4",
+ "config_file", "section_or_include", "$@1", "$@2", "$@3", "$@4",
"kw_section", "statement_kw", 0
};
#endif
@@ -758,17 +773,20 @@ yy_symbol_print (yyoutput, yytype, yyvaluep)
#if (defined __STDC__ || defined __C99__FUNC__ \
|| defined __cplusplus || defined _MSC_VER)
static void
-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
+yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop)
#else
static void
-yy_stack_print (bottom, top)
- yytype_int16 *bottom;
- yytype_int16 *top;
+yy_stack_print (yybottom, yytop)
+ yytype_int16 *yybottom;
+ yytype_int16 *yytop;
#endif
{
YYFPRINTF (stderr, "Stack now");
- for (; bottom <= top; ++bottom)
- YYFPRINTF (stderr, " %d", *bottom);
+ for (; yybottom <= yytop; yybottom++)
+ {
+ int yybot = *yybottom;
+ YYFPRINTF (stderr, " %d", yybot);
+ }
YYFPRINTF (stderr, "\n");
}
@@ -802,11 +820,11 @@ yy_reduce_print (yyvsp, yyrule)
/* The symbols being reduced. */
for (yyi = 0; yyi < yynrhs; yyi++)
{
- fprintf (stderr, " $%d = ", yyi + 1);
+ YYFPRINTF (stderr, " $%d = ", yyi + 1);
yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
&(yyvsp[(yyi + 1) - (yynrhs)])
);
- fprintf (stderr, "\n");
+ YYFPRINTF (stderr, "\n");
}
}
@@ -1086,10 +1104,8 @@ yydestruct (yymsg, yytype, yyvaluep)
break;
}
}
-
/* Prevent warnings from -Wmissing-prototypes. */
-
#ifdef YYPARSE_PARAM
#if defined __STDC__ || defined __cplusplus
int yyparse (void *YYPARSE_PARAM);
@@ -1105,11 +1121,10 @@ int yyparse ();
#endif /* ! YYPARSE_PARAM */
-
-/* The look-ahead symbol. */
+/* The lookahead symbol. */
int yychar;
-/* The semantic value of the look-ahead symbol. */
+/* The semantic value of the lookahead symbol. */
YYSTYPE yylval;
/* Number of syntax errors so far. */
@@ -1117,9 +1132,9 @@ int yynerrs;
-/*----------.
-| yyparse. |
-`----------*/
+/*-------------------------.
+| yyparse or yypush_parse. |
+`-------------------------*/
#ifdef YYPARSE_PARAM
#if (defined __STDC__ || defined __C99__FUNC__ \
@@ -1143,66 +1158,68 @@ yyparse ()
#endif
#endif
{
-
- int yystate;
- int yyn;
- int yyresult;
- /* Number of tokens to shift before error messages enabled. */
- int yyerrstatus;
- /* Look-ahead token as an internal (translated) token number. */
- int yytoken = 0;
-#if YYERROR_VERBOSE
- /* Buffer for error messages, and its allocated size. */
- char yymsgbuf[128];
- char *yymsg = yymsgbuf;
- YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
-#endif
- /* Three stacks and their tools:
- `yyss': related to states,
- `yyvs': related to semantic values,
- `yyls': related to locations.
- Refer to the stacks thru separate pointers, to allow yyoverflow
- to reallocate them elsewhere. */
+ int yystate;
+ /* Number of tokens to shift before error messages enabled. */
+ int yyerrstatus;
- /* The state stack. */
- yytype_int16 yyssa[YYINITDEPTH];
- yytype_int16 *yyss = yyssa;
- yytype_int16 *yyssp;
+ /* The stacks and their tools:
+ `yyss': related to states.
+ `yyvs': related to semantic values.
- /* The semantic value stack. */
- YYSTYPE yyvsa[YYINITDEPTH];
- YYSTYPE *yyvs = yyvsa;
- YYSTYPE *yyvsp;
+ Refer to the stacks thru separate pointers, to allow yyoverflow
+ to reallocate them elsewhere. */
+ /* The state stack. */
+ yytype_int16 yyssa[YYINITDEPTH];
+ yytype_int16 *yyss;
+ yytype_int16 *yyssp;
+ /* The semantic value stack. */
+ YYSTYPE yyvsa[YYINITDEPTH];
+ YYSTYPE *yyvs;
+ YYSTYPE *yyvsp;
-#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
-
- YYSIZE_T yystacksize = YYINITDEPTH;
+ YYSIZE_T yystacksize;
+ int yyn;
+ int yyresult;
+ /* Lookahead token as an internal (translated) token number. */
+ int yytoken;
/* The variables used to return semantic value and location from the
action routines. */
YYSTYPE yyval;
+#if YYERROR_VERBOSE
+ /* Buffer for error messages, and its allocated size. */
+ char yymsgbuf[128];
+ char *yymsg = yymsgbuf;
+ YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+#endif
+
+#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
/* The number of symbols on the RHS of the reduced rule.
Keep to zero when no symbol should be popped. */
int yylen = 0;
+ yytoken = 0;
+ yyss = yyssa;
+ yyvs = yyvsa;
+ yystacksize = YYINITDEPTH;
+
YYDPRINTF ((stderr, "Starting parse\n"));
yystate = 0;
yyerrstatus = 0;
yynerrs = 0;
- yychar = YYEMPTY; /* Cause a token to be read. */
+ yychar = YYEMPTY; /* Cause a token to be read. */
/* Initialize stack pointers.
Waste one element of value and location stack
so that they stay on the same level as the state stack.
The wasted elements are never initialized. */
-
yyssp = yyss;
yyvsp = yyvs;
@@ -1232,7 +1249,6 @@ yyparse ()
YYSTYPE *yyvs1 = yyvs;
yytype_int16 *yyss1 = yyss;
-
/* Each stack pointer address is followed by the size of the
data in use in that stack, in bytes. This used to be a
conditional around just the two extra args, but that might
@@ -1240,7 +1256,6 @@ yyparse ()
yyoverflow (YY_("memory exhausted"),
&yyss1, yysize * sizeof (*yyssp),
&yyvs1, yysize * sizeof (*yyvsp),
-
&yystacksize);
yyss = yyss1;
@@ -1263,9 +1278,8 @@ yyparse ()
(union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
if (! yyptr)
goto yyexhaustedlab;
- YYSTACK_RELOCATE (yyss);
- YYSTACK_RELOCATE (yyvs);
-
+ YYSTACK_RELOCATE (yyss_alloc, yyss);
+ YYSTACK_RELOCATE (yyvs_alloc, yyvs);
# undef YYSTACK_RELOCATE
if (yyss1 != yyssa)
YYSTACK_FREE (yyss1);
@@ -1276,7 +1290,6 @@ yyparse ()
yyssp = yyss + yysize - 1;
yyvsp = yyvs + yysize - 1;
-
YYDPRINTF ((stderr, "Stack size increased to %lu\n",
(unsigned long int) yystacksize));
@@ -1286,6 +1299,9 @@ yyparse ()
YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+ if (yystate == YYFINAL)
+ YYACCEPT;
+
goto yybackup;
/*-----------.
@@ -1294,16 +1310,16 @@ yyparse ()
yybackup:
/* Do appropriate processing given the current state. Read a
- look-ahead token if we need one and don't already have one. */
+ lookahead token if we need one and don't already have one. */
- /* First try to decide what to do without reference to look-ahead token. */
+ /* First try to decide what to do without reference to lookahead token. */
yyn = yypact[yystate];
if (yyn == YYPACT_NINF)
goto yydefault;
- /* Not known => get a look-ahead token if don't already have one. */
+ /* Not known => get a lookahead token if don't already have one. */
- /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */
+ /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */
if (yychar == YYEMPTY)
{
YYDPRINTF ((stderr, "Reading a token: "));
@@ -1335,20 +1351,16 @@ yybackup:
goto yyreduce;
}
- if (yyn == YYFINAL)
- YYACCEPT;
-
/* Count tokens shifted since error; after three, turn off error
status. */
if (yyerrstatus)
yyerrstatus--;
- /* Shift the look-ahead token. */
+ /* Shift the lookahead token. */
YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
- /* Discard the shifted token unless it is eof. */
- if (yychar != YYEOF)
- yychar = YYEMPTY;
+ /* Discard the shifted token. */
+ yychar = YYEMPTY;
yystate = yyn;
*++yyvsp = yylval;
@@ -1388,6 +1400,8 @@ yyreduce:
switch (yyn)
{
case 4:
+
+/* Line 1455 of yacc.c */
#line 71 "./parser.y"
{
free((yyvsp[(2) - (3)].s));
@@ -1395,6 +1409,8 @@ yyreduce:
break;
case 5:
+
+/* Line 1455 of yacc.c */
#line 75 "./parser.y"
{
_parser_kw = &(_parser_cfg->config_setup);
@@ -1403,6 +1419,8 @@ yyreduce:
break;
case 7:
+
+/* Line 1455 of yacc.c */
#line 80 "./parser.y"
{
section_list_t *section = malloc_thing(section_list_t);
@@ -1422,6 +1440,8 @@ yyreduce:
break;
case 9:
+
+/* Line 1455 of yacc.c */
#line 96 "./parser.y"
{
section_list_t *section = malloc_thing(section_list_t);
@@ -1440,6 +1460,8 @@ yyreduce:
break;
case 11:
+
+/* Line 1455 of yacc.c */
#line 111 "./parser.y"
{
extern void _parser_y_include (const char *f);
@@ -1449,6 +1471,8 @@ yyreduce:
break;
case 16:
+
+/* Line 1455 of yacc.c */
#line 126 "./parser.y"
{
kw_list_t *new;
@@ -1477,6 +1501,8 @@ yyreduce:
break;
case 17:
+
+/* Line 1455 of yacc.c */
#line 151 "./parser.y"
{
free((yyvsp[(1) - (2)].s));
@@ -1484,8 +1510,9 @@ yyreduce:
break;
-/* Line 1267 of yacc.c. */
-#line 1489 "y.tab.c"
+
+/* Line 1455 of yacc.c */
+#line 1516 "y.tab.c"
default: break;
}
YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
@@ -1496,7 +1523,6 @@ yyreduce:
*++yyvsp = yyval;
-
/* Now `shift' the result of the reduction. Determine what state
that goes to, based on the state we popped back to and the rule
number reduced by. */
@@ -1561,7 +1587,7 @@ yyerrlab:
if (yyerrstatus == 3)
{
- /* If just tried and failed to reuse look-ahead token after an
+ /* If just tried and failed to reuse lookahead token after an
error, discard it. */
if (yychar <= YYEOF)
@@ -1578,7 +1604,7 @@ yyerrlab:
}
}
- /* Else will try to reuse look-ahead token after shifting the error
+ /* Else will try to reuse lookahead token after shifting the error
token. */
goto yyerrlab1;
@@ -1635,9 +1661,6 @@ yyerrlab1:
YY_STACK_PRINT (yyss, yyssp);
}
- if (yyn == YYFINAL)
- YYACCEPT;
-
*++yyvsp = yylval;
@@ -1662,7 +1685,7 @@ yyabortlab:
yyresult = 1;
goto yyreturn;
-#ifndef yyoverflow
+#if !defined(yyoverflow) || YYERROR_VERBOSE
/*-------------------------------------------------.
| yyexhaustedlab -- memory exhaustion comes here. |
`-------------------------------------------------*/
@@ -1673,7 +1696,7 @@ yyexhaustedlab:
#endif
yyreturn:
- if (yychar != YYEOF && yychar != YYEMPTY)
+ if (yychar != YYEMPTY)
yydestruct ("Cleanup: discarding lookahead",
yytoken, &yylval);
/* Do not reclaim the symbols of the rule which action triggered
@@ -1699,24 +1722,25 @@ yyreturn:
}
+
+/* Line 1675 of yacc.c */
#line 157 "./parser.y"
-void
-yyerror(const char *s)
+void yyerror(const char *s)
{
if (_save_errors_)
_parser_y_error(parser_errstring, ERRSTRING_LEN, s);
}
-config_parsed_t *
-parser_load_conf(const char *file)
+config_parsed_t *parser_load_conf(const char *file)
{
config_parsed_t *cfg = NULL;
int err = 0;
FILE *f;
- extern void _parser_y_init (const char *f);
+ extern void _parser_y_init(const char *f);
+ extern void _parser_y_fini(void);
extern FILE *yyin;
memset(parser_errstring, 0, ERRSTRING_LEN+1);
@@ -1777,11 +1801,11 @@ parser_load_conf(const char *file)
cfg = NULL;
}
+ _parser_y_fini();
return cfg;
}
-static void
-parser_free_kwlist(kw_list_t *list)
+static void parser_free_kwlist(kw_list_t *list)
{
kw_list_t *elt;
@@ -1794,8 +1818,7 @@ parser_free_kwlist(kw_list_t *list)
}
}
-void
-parser_free_conf(config_parsed_t *cfg)
+void parser_free_conf(config_parsed_t *cfg)
{
section_list_t *sec;
if (cfg)
diff --git a/src/starter/y.tab.h b/src/starter/y.tab.h
index 871de1e97..caf6ea172 100644
--- a/src/starter/y.tab.h
+++ b/src/starter/y.tab.h
@@ -1,24 +1,23 @@
-/* A Bison parser, made by GNU Bison 2.3. */
-/* Skeleton interface for Bison's Yacc-like parsers in C
+/* A Bison parser, made by GNU Bison 2.4.1. */
- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+/* Skeleton interface for Bison's Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
Free Software Foundation, Inc.
-
- This program is free software; you can redistribute it and/or modify
+
+ This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA. */
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
@@ -29,10 +28,11 @@
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
-
+
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
+
/* Tokens. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
@@ -68,15 +68,21 @@
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
+{
+
+/* Line 1676 of yacc.c */
#line 54 "./parser.y"
-{ char *s; }
-/* Line 1489 of yacc.c. */
-#line 75 "y.tab.h"
- YYSTYPE;
+ char *s;
+
+
+/* Line 1676 of yacc.c */
+#line 80 "y.tab.h"
+} YYSTYPE;
+# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
#endif
extern YYSTYPE yylval;
+
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index 82f2be13d..4353928b5 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -197,6 +197,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index 955e49535..4fa0f76a8 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -27,6 +27,8 @@
#include <stddef.h>
#include <string.h>
+#include <library.h>
+
#include "stroke_msg.h"
#include "stroke_keywords.h"
@@ -96,7 +98,7 @@ static int send_stroke_msg (stroke_msg_t *msg)
{
if (fgets(buffer, sizeof(buffer), stdin))
{
- if (write(sock, buffer, strlen(buffer)));
+ ignore_result(write(sock, buffer, strlen(buffer)));
}
}
}
@@ -129,11 +131,13 @@ static int add_connection(char *name,
msg.add_conn.me.id = push_string(&msg, my_id);
msg.add_conn.me.address = push_string(&msg, my_addr);
+ msg.add_conn.me.ikeport = 500;
msg.add_conn.me.subnets = push_string(&msg, my_nets);
msg.add_conn.me.sendcert = 1;
msg.add_conn.other.id = push_string(&msg, other_id);
msg.add_conn.other.address = push_string(&msg, other_addr);
+ msg.add_conn.other.ikeport = 500;
msg.add_conn.other.subnets = push_string(&msg, other_nets);
msg.add_conn.other.sendcert = 1;
@@ -355,6 +359,9 @@ int main(int argc, char *argv[])
const stroke_token_t *token;
int res = 0;
+ library_init(NULL);
+ atexit(library_deinit);
+
if (argc < 2)
{
exit_usage(NULL);
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index 56a7a158f..ffc67039e 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -137,6 +137,7 @@ struct stroke_end_t {
char *groups;
char *updown;
char *address;
+ u_int16_t ikeport;
char *sourceip;
int sourceip_mask;
char *subnets;
diff --git a/src/whack/Makefile.in b/src/whack/Makefile.in
index eb6238d80..098e5110e 100644
--- a/src/whack/Makefile.in
+++ b/src/whack/Makefile.in
@@ -196,6 +196,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
diff --git a/src/whack/whack.c b/src/whack/whack.c
index c458d6760..5f986108b 100644
--- a/src/whack/whack.c
+++ b/src/whack/whack.c
@@ -185,6 +185,10 @@ static void help(void)
" [--debug-private]"
"\n\n"
#endif
+ "leases: whack --leases"
+ " [--name <connection_name>]"
+ " [--lease-addr <ip-address> | --lease-id <identity>]"
+ "\n\n"
"listen: whack"
" (--listen | --unlisten)"
"\n\n"
@@ -322,6 +326,10 @@ enum {
OPT_LISTEN,
OPT_UNLISTEN,
+ OPT_LEASES,
+ OPT_LEASEADDR,
+ OPT_LEASEID,
+
OPT_PURGEOCSP,
OPT_REREADSECRETS,
@@ -519,6 +527,10 @@ static const struct option long_opts[] = {
{ "listen", no_argument, NULL, OPT_LISTEN + OO },
{ "unlisten", no_argument, NULL, OPT_UNLISTEN + OO },
+ { "leases", no_argument, NULL, OPT_LEASES + OO },
+ { "lease-addr", required_argument, NULL, OPT_LEASEADDR + OO },
+ { "lease-id", required_argument, NULL, OPT_LEASEID + OO },
+
{ "purgeocsp", no_argument, NULL, OPT_PURGEOCSP + OO },
{ "rereadsecrets", no_argument, NULL, OPT_REREADSECRETS + OO },
@@ -1103,6 +1115,18 @@ int main(int argc, char **argv)
diagq("0.0.0.0 or 0::0 isn't a valid client address", optarg);
continue;
+ case OPT_LEASES: /* --leases */
+ msg.whack_leases = TRUE;
+ continue;
+
+ case OPT_LEASEADDR: /* --lease-addr <ip-address> */
+ msg.whack_lease_ip = optarg; /* decoded by Pluto */
+ continue;
+
+ case OPT_LEASEID: /* --lease-id <identity> */
+ msg.whack_lease_id = optarg; /* decoded by Pluto */
+ continue;
+
case OPT_LISTEN: /* --listen */
msg.whack_listen = TRUE;
continue;
@@ -1618,6 +1642,12 @@ int main(int argc, char **argv)
break;
}
+ /* check leases */
+ if (LHAS(opts_seen, OPT_LEASEADDR) && LHAS(opts_seen, OPT_LEASEID))
+ {
+ diag("--lease-addr and --lease-id cannot be used together");
+ }
+
/* check connection description */
if (LHAS(opts_seen, OPT_CD))
{
@@ -1682,7 +1712,7 @@ int main(int argc, char **argv)
if (!LHAS(opts_seen, OPT_NAME) && !msg.whack_ca)
diag("missing --name <connection_name>");
}
- else if (!msg.whack_options && !msg.whack_status)
+ else if (!msg.whack_options && !msg.whack_status && !msg.whack_leases)
{
if (LHAS(opts_seen, OPT_NAME))
diag("no reason for --name");
@@ -1698,9 +1728,10 @@ int main(int argc, char **argv)
|| msg.whack_delete || msg.whack_deletestate
|| msg.whack_initiate || msg.whack_oppo_initiate || msg.whack_terminate
|| msg.whack_route || msg.whack_unroute || msg.whack_listen
- || msg.whack_unlisten || msg.whack_list || msg.whack_purgeocsp || msg.whack_reread
- || msg.whack_ca || msg.whack_status || msg.whack_options || msg.whack_shutdown
- || msg.whack_sc_op))
+ || msg.whack_unlisten || msg.whack_list || msg.whack_purgeocsp
+ || msg.whack_reread || msg.whack_ca || msg.whack_status
+ || msg.whack_options || msg.whack_shutdown || msg.whack_sc_op
+ || msg.whack_leases))
{
diag("no action specified; try --help for hints");
}
@@ -1771,6 +1802,8 @@ int main(int argc, char **argv)
|| !pack_str(&msg.ike) /* string 24 */
|| !pack_str(&msg.esp) /* string 25 */
|| !pack_str(&msg.sc_data) /* string 26 */
+ || !pack_str(&msg.whack_lease_ip) /* string 27 */
+ || !pack_str(&msg.whack_lease_id) /* string 28 */
|| str_roof - next_str < (ptrdiff_t)msg.keyval.len)
diag("too many bytes of strings to fit in message to pluto");
diff --git a/src/whack/whack.h b/src/whack/whack.h
index 3f66a7b4f..b495d3489 100644
--- a/src/whack/whack.h
+++ b/src/whack/whack.h
@@ -65,7 +65,7 @@ struct whack_end {
int sourceip_mask;
ip_address host_addr;
ip_address host_nexthop;
- ip_address host_srcip;
+ ip_address host_srcip;
ip_subnet client;
bool key_from_DNS_on_demand;
bool has_client;
@@ -177,6 +177,10 @@ struct whack_message {
bool whack_deletestate;
so_serial_t whack_deletestateno;
+ /* for WHACK_LEASES: */
+ bool whack_leases;
+ char *whack_lease_ip, *whack_lease_id;
+
/* for WHACK_LISTEN: */
bool whack_listen, whack_unlisten;
diff --git a/testing/Makefile.in b/testing/Makefile.in
index 6a5fd31f2..c60f9b2ea 100644
--- a/testing/Makefile.in
+++ b/testing/Makefile.in
@@ -175,6 +175,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
diff --git a/testing/do-tests.in b/testing/do-tests.in
index 7dbb5487a..2a869515d 100755
--- a/testing/do-tests.in
+++ b/testing/do-tests.in
@@ -348,7 +348,7 @@ do
do
host=`echo $host_iface | awk -F ":" '{print $1}'`
iface=`echo $host_iface | awk -F ":" '{if ($2 != "") { print $2 } else { printf("eth0") }}'`
- tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &"
+ tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain > /tmp/tcpdump.log 2>&1 &"
echo "${host}# $tcpdump_cmd" >> $CONSOLE_LOG
ssh root@`eval echo \\\$ipv4_$host '$tcpdump_cmd'`
eval TDUP_${host}="true"
diff --git a/testing/hosts/default/etc/hosts b/testing/hosts/default/etc/hosts
index 7d343d857..fb07a2f6e 100644
--- a/testing/hosts/default/etc/hosts
+++ b/testing/hosts/default/etc/hosts
@@ -14,6 +14,10 @@
10.1.0.10 alice.strongswan.org alice
10.1.0.20 venus.strongswan.org venus
+10.1.0.30 carol2.strongswan.org carol2
+10.1.0.40 dave2.strongswan.org dave2
+10.1.0.50 carol3.strongswan.org carol3
+10.1.0.51 dave3.strongswan.org dave3
10.1.0.1 moon1.strongswan.org moon1
192.168.0.1 moon.strongswan.org moon
192.168.0.50 alice1.strongswan.org alice1
diff --git a/testing/hosts/default/etc/ipsec.d/tables.sql b/testing/hosts/default/etc/ipsec.d/tables.sql
index a7c5f1d81..0e880826d 100644
--- a/testing/hosts/default/etc/ipsec.d/tables.sql
+++ b/testing/hosts/default/etc/ipsec.d/tables.sql
@@ -197,9 +197,9 @@ CREATE TABLE ike_sas (
id INTEGER NOT NULL,
initiator INTEGER NOT NULL,
local_id_type INTEGER NOT NULL,
- local_id_data BLOB NOT NULL,
+ local_id_data BLOB DEFAULT NULL,
remote_id_type INTEGER NOT NULL,
- remote_id_data BLOB NOT NULL,
+ remote_id_data BLOB DEFAULT NULL,
host_family INTEGER NOT NULL,
local_host_data BLOB NOT NULL,
remote_host_data BLOB NOT NULL,
diff --git a/testing/hosts/winnetou/etc/openssl/index.txt b/testing/hosts/winnetou/etc/openssl/index.txt
index abdbb857b..58a88a3cb 100644
--- a/testing/hosts/winnetou/etc/openssl/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/index.txt
@@ -8,11 +8,11 @@ R 090909112548Z 041226135423Z,keyCompromise 07 unknown /C=CH/O=Linux strongSwan/
R 090909112651Z 090827094754Z,superseded 08 unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org
R 091118162928Z 091124124946Z,superseded 09 unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org
R 091231214318Z 090827113123Z,superseded 0A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
-V 100216084430Z 0B unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
+R 100216084430Z 100227205840Z,superseded 0B unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
R 140321062536Z 050621195214Z,CACompromise 0C unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
-V 140321062916Z 0D unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
+R 140321062916Z 100406094423Z,superseded 0D unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
R 100607191714Z 070427213122Z,superseded 0E unknown /C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org
-V 100620195806Z 0F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
+R 100620195806Z 100406093001Z,superseded 0F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
V 111007105811Z 10 unknown /C=CH/O=Linux strongSwan/OU=SHA-256/CN=moon.strongswan.org
V 111007121250Z 11 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org
V 111007122112Z 12 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org
@@ -28,3 +28,6 @@ R 140826103106Z 090827103405Z,keyCompromise 1B unknown /C=CH/O=Linux strongSwan/
V 140826103739Z 1C unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org
V 140826104451Z 1D unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
V 141123125153Z 1E unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org
+V 150226210530Z 1F unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
+V 190404095350Z 20 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
+V 190404095433Z 21 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
diff --git a/testing/hosts/winnetou/etc/openssl/index.txt.old b/testing/hosts/winnetou/etc/openssl/index.txt.old
index 67a737e0e..5fd137735 100644
--- a/testing/hosts/winnetou/etc/openssl/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/index.txt.old
@@ -8,11 +8,11 @@ R 090909112548Z 041226135423Z,keyCompromise 07 unknown /C=CH/O=Linux strongSwan/
R 090909112651Z 090827094754Z,superseded 08 unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org
R 091118162928Z 091124124946Z,superseded 09 unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org
R 091231214318Z 090827113123Z,superseded 0A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
-V 100216084430Z 0B unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
+R 100216084430Z 100227205840Z,superseded 0B unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
R 140321062536Z 050621195214Z,CACompromise 0C unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
-V 140321062916Z 0D unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
+R 140321062916Z 100406094423Z,superseded 0D unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
R 100607191714Z 070427213122Z,superseded 0E unknown /C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org
-V 100620195806Z 0F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
+R 100620195806Z 100406093001Z,superseded 0F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
V 111007105811Z 10 unknown /C=CH/O=Linux strongSwan/OU=SHA-256/CN=moon.strongswan.org
V 111007121250Z 11 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org
V 111007122112Z 12 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org
@@ -27,3 +27,6 @@ V 140826100818Z 1A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob@strongsw
R 140826103106Z 090827103405Z,keyCompromise 1B unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
V 140826103739Z 1C unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org
V 140826104451Z 1D unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
+V 141123125153Z 1E unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org
+V 150226210530Z 1F unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
+V 190404095350Z 20 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/1F.pem b/testing/hosts/winnetou/etc/openssl/newcerts/1F.pem
new file mode 100644
index 000000000..61d1c34e2
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/1F.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDIyNzIxMDUzMFoXDTE1MDIyNjIxMDUzMFowZjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xIDAeBgNVBAsTF0F1dGhv
+cml6YXRpb24gQXV0aG9yaXR5MRowGAYDVQQDFBFhYUBzdHJvbmdzd2FuLm9yZzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKw0NWg8FpkrWoItNzexEiaS
+dESF+blw2+2y51vVmbDk9edfJcjkzBNIEvY/0GXODmcthjExiTNgmNuCdQwapCHx
+p39HaD902rzmvflI40dZTmlFcn0Pp41wNbvjVaOpn7f6Mov68YmsoLQr47+OU6sn
+d3c8rx+BXO4g6YyRB0xpwB2kfO34FZh7FwOe4sVAJu5E7urK0hij2W1+adZNFg7K
+SP2i7llfooxWpS+6Vi6ZjuJ/dcGyvXpXnr0H2x58sZeaB5n8Ay+mhPDX72xXfwEm
+s7fztkhqmmix2TVEH96dR99ouCENF1Cm8OCbR1kkhWReL6P0tCbirbwFbZxKtOUC
+AwEAAaOCAQIwgf8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFEvO
+LmT1B7kU0IJsJtK+0nZMwxXgMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDq
+Lk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
+bjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEAMBwGA1UdEQQVMBOBEWFh
+QHN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ry
+b25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBAI2K
+atqWeSWcxmcylrBJXkXDOsZtFZAE/kGWD5+T/lDFzE5D0GeDWfHehojtooWGpnL3
+u7xo3h3+qVliYcCFy1zKtPE0lwkBWKFPSw4UNfOmaF4De6Tp1V6FSQE9JPNpcTL/
+aPWFkX69Py8elR8OIsXPlFtOfTbtjZxoGuLNn7BX1XjctG5iIhKs/3TVMdzcyjVL
+wKiDE1xq8/Es2pPTgvF8jk7VcNyIGhrlj1IYq35h0RKTSXTCRlczf+lzoPo6Duov
+G0r/8VLpI4bBmKN4cIvaRCa4zew8SWpJzg/06zm2QT8eEJVVB499usVf9OVS3Qa5
+8mcNXcKmqcyP2Tlnvbo=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/20.pem b/testing/hosts/winnetou/etc/openssl/newcerts/20.pem
new file mode 100644
index 000000000..d51918e89
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/20.pem
@@ -0,0 +1,84 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 32 (0x20)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=CH, O=Linux strongSwan, CN=strongSwan Root CA
+ Validity
+ Not Before: Apr 6 09:53:50 2010 GMT
+ Not After : Apr 4 09:53:50 2019 GMT
+ Subject: C=CH, O=Linux strongSwan, OU=Research, CN=Research CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:b6:39:b2:3a:a6:e0:07:5b:58:a7:3f:4f:b2:5a:
+ 85:6a:72:f7:1b:5d:3d:b1:e7:80:13:7a:95:b9:e9:
+ 61:a1:df:af:19:c6:b2:f9:83:14:21:59:1c:27:7b:
+ 7a:04:6a:43:f0:2e:24:71:dc:12:fd:c3:51:d7:c9:
+ 59:60:32:a5:59:d4:bd:d9:5c:a7:9f:21:06:3a:71:
+ 7d:33:d7:3f:d2:03:07:1c:d0:69:0c:94:ce:c1:31:
+ 20:65:8e:55:46:36:7b:bc:49:e4:12:81:9d:75:64:
+ a2:4d:e1:b5:8e:07:af:51:9d:a8:d8:7e:dc:b1:26:
+ 6d:e8:09:06:78:13:45:24:71:e0:f2:89:e7:81:4e:
+ fd:be:fc:2d:4c:c1:fa:b3:31:af:3c:70:fe:59:c8:
+ f2:31:26:02:d2:a5:ba:04:3b:73:d6:ae:31:e1:42:
+ cf:e3:66:95:27:e7:4a:85:a1:1c:de:6a:9b:ed:22:
+ 34:ac:b4:0b:ed:b9:22:e1:3c:36:af:a2:de:3b:41:
+ 88:8f:01:c0:1a:87:63:7b:b6:22:e7:e5:52:1f:4d:
+ 73:d7:7f:47:ab:c6:b1:13:cc:1e:cd:f4:5f:51:da:
+ fe:6d:14:83:8f:78:fb:0c:2a:c1:f1:01:65:18:f3:
+ c4:c9:8c:17:fd:52:1b:82:35:13:74:c3:38:9d:ec:
+ ae:39
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage:
+ Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+ E7:75:F0:A0:F2:AD:20:CD:CD:60:23:CC:C7:C8:0F:29:F3:DD:54:20
+ X509v3 Authority Key Identifier:
+ keyid:5D:A7:DD:70:06:51:32:7E:E7:B6:6D:B3:B5:E5:E0:60:EA:2E:4D:EF
+ DirName:/C=CH/O=Linux strongSwan/CN=strongSwan Root CA
+ serial:00
+
+ Signature Algorithm: sha256WithRSAEncryption
+ 8d:6d:a1:6d:1b:2d:cc:81:5c:0a:32:15:e2:ca:1b:2e:12:89:
+ b7:0d:05:9b:3f:ae:80:a1:73:05:1a:bf:47:e8:c8:b7:42:60:
+ c6:05:28:47:87:38:bb:c8:b1:32:23:89:fa:58:e0:c3:f2:dd:
+ 20:60:43:95:e9:72:ce:6f:38:5c:16:f7:b8:cc:e9:87:c1:ca:
+ a8:f1:e3:ee:ea:4c:1a:8e:68:b3:17:05:b7:89:dc:b2:30:43:
+ 22:62:ae:9a:87:67:39:6c:3a:c7:1c:87:10:a3:70:c0:0c:3c:
+ e0:46:99:68:e9:74:ea:94:2e:82:e5:c1:7f:44:16:10:40:da:
+ b1:19:07:58:9a:9a:06:d4:27:93:39:79:13:44:b9:b9:bc:c5:
+ 1e:81:6b:0f:f4:39:1c:ff:b6:df:ad:c4:2f:63:c5:c8:c7:a0:
+ 99:ce:15:5d:2c:b3:b5:ec:dd:dd:f6:3e:a8:6f:28:68:01:c6:
+ 35:4b:67:2a:b7:cc:3f:eb:30:6d:b1:5d:5c:8a:3d:4e:3a:cd:
+ e9:4c:08:fd:54:76:c3:3a:da:d2:f5:73:00:22:e2:ca:24:6b:
+ 4d:86:42:b3:ff:af:00:61:1e:dd:b6:6c:93:0d:e2:03:6c:e4:
+ d4:af:85:37:63:8e:0c:15:63:32:ee:eb:72:05:60:1b:d6:f2:
+ c1:66:89:92
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
+cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
+FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU
+zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO
+/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0
+C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
++wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E
+BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
+VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/21.pem b/testing/hosts/winnetou/etc/openssl/newcerts/21.pem
new file mode 100644
index 000000000..965543286
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/21.pem
@@ -0,0 +1,83 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 33 (0x21)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=CH, O=Linux strongSwan, CN=strongSwan Root CA
+ Validity
+ Not Before: Apr 6 09:54:33 2010 GMT
+ Not After : Apr 4 09:54:33 2019 GMT
+ Subject: C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c2:4e:4d:26:99:8c:37:b9:51:1f:a1:25:ba:1d:
+ 70:4e:34:58:1c:56:9b:ea:f4:16:20:fe:14:b7:36:
+ 73:48:47:fd:07:16:9b:55:df:aa:77:3d:a9:a3:cf:
+ 1a:8c:4e:d8:17:f0:5e:01:44:1d:f3:9d:43:31:c6:
+ ba:d8:61:b2:f7:4c:3e:49:96:3f:56:77:b8:3a:f0:
+ b1:ca:ab:98:bc:aa:e0:92:3c:ed:ec:52:7a:7d:60:
+ 82:60:95:12:26:f9:e5:3e:1f:37:1a:d3:20:62:5a:
+ a1:ee:89:9f:db:fd:67:01:b6:07:e5:2b:de:71:40:
+ ff:07:5c:91:27:6a:27:17:3a:5c:bf:43:29:c4:64:
+ dd:3c:59:b6:ff:52:b8:37:ed:13:d1:bb:f3:b3:ba:
+ 3c:94:b2:7f:25:18:86:57:73:d4:46:5e:e4:f4:ec:
+ 52:80:1b:04:9d:03:0d:72:71:df:9e:b6:90:3b:5f:
+ 41:dc:1e:cd:ab:74:2c:0c:8e:b1:56:9b:62:af:f4:
+ 1b:f7:c1:67:02:cb:7a:be:2a:18:5d:be:dc:2b:2f:
+ 3f:b8:cd:5e:78:51:61:e4:af:db:ee:22:da:60:23:
+ 81:b0:51:23:50:37:8a:aa:14:dc:da:b5:bc:f0:2a:
+ ce:b7:a4:38:8f:d1:57:d1:eb:7b:d2:f5:af:c5:f5:
+ 74:81
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage:
+ Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+ 5F:9B:13:46:F9:20:72:C8:00:D5:88:B5:A7:4C:2E:97:EA:0B:93:28
+ X509v3 Authority Key Identifier:
+ keyid:5D:A7:DD:70:06:51:32:7E:E7:B6:6D:B3:B5:E5:E0:60:EA:2E:4D:EF
+ DirName:/C=CH/O=Linux strongSwan/CN=strongSwan Root CA
+ serial:00
+
+ Signature Algorithm: sha256WithRSAEncryption
+ 24:65:4e:a5:cc:8c:7c:bb:af:ba:d6:9e:af:f4:f7:21:67:4d:
+ de:9d:fb:2e:8a:90:78:fd:92:f6:12:03:9a:bb:c5:87:66:3f:
+ 72:38:f9:83:f6:aa:93:e7:62:34:9e:c9:f3:02:97:86:48:c8:
+ c5:e7:7d:46:f3:e4:eb:ee:5e:9e:12:09:2d:20:21:42:7a:98:
+ ae:be:e5:fd:5a:dd:44:9d:07:80:9e:d0:e7:78:9a:45:08:42:
+ 62:f3:28:50:91:4a:a7:61:5a:85:73:34:9a:e5:f8:14:f5:6b:
+ 97:7d:f9:a2:d6:00:be:52:da:9a:94:a1:03:e0:1b:ae:0c:3e:
+ 08:72:dd:2c:94:6f:8a:81:7a:99:64:dc:97:51:ff:a3:a0:03:
+ 92:d0:78:db:4b:88:8e:d8:fd:d6:cc:33:64:6f:9f:6f:38:44:
+ 82:31:a7:64:ea:37:61:ee:a7:a0:4d:2c:7b:fa:7c:b8:b1:74:
+ 9a:4c:fa:71:bb:66:31:98:7f:ee:dd:9e:e6:3a:64:38:6f:22:
+ dd:7c:ce:bf:f6:9f:51:0b:05:03:e1:33:94:a3:62:11:90:21:
+ 95:66:37:33:43:ac:a1:95:00:ab:5a:e4:b1:bc:07:00:46:8b:
+ 4b:97:73:d7:c1:5d:64:5c:7d:f2:37:37:5f:c8:66:3f:e8:6f:
+ 9b:77:58:28
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
+MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
+GoxO2BfwXgFEHfOdQzHGuthhsvdMPkmWP1Z3uDrwscqrmLyq4JI87exSen1ggmCV
+Eib55T4fNxrTIGJaoe6Jn9v9ZwG2B+Ur3nFA/wdckSdqJxc6XL9DKcRk3TxZtv9S
+uDftE9G787O6PJSyfyUYhldz1EZe5PTsUoAbBJ0DDXJx3562kDtfQdwezat0LAyO
+sVabYq/0G/fBZwLLer4qGF2+3CsvP7jNXnhRYeSv2+4i2mAjgbBRI1A3iqoU3Nq1
+vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
+MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
+VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
+MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt b/testing/hosts/winnetou/etc/openssl/research/index.txt
index 75e87f2c9..98aa9e3e4 100644
--- a/testing/hosts/winnetou/etc/openssl/research/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/research/index.txt
@@ -1,5 +1,6 @@
-V 100322070423Z 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
+R 100322070423Z 100407091025Z,superseded 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
V 100615195710Z 02 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
V 120323210330Z 03 unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org
V 140323203747Z 04 unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org
V 151103161503Z 05 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Duck Research CA
+V 150406092057Z 06 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt.old b/testing/hosts/winnetou/etc/openssl/research/index.txt.old
index 26e68d4f3..2a68119f8 100644
--- a/testing/hosts/winnetou/etc/openssl/research/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/research/index.txt.old
@@ -1,4 +1,5 @@
-V 100322070423Z 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
+R 100322070423Z 100407091025Z 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
V 100615195710Z 02 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
V 120323210330Z 03 unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org
V 140323203747Z 04 unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org
+V 151103161503Z 05 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Duck Research CA
diff --git a/testing/hosts/winnetou/etc/openssl/research/newcerts/06.pem b/testing/hosts/winnetou/etc/openssl/research/newcerts/06.pem
new file mode 100644
index 000000000..69e5c05e3
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/research/newcerts/06.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
+YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
index 693af7c28..23f120b29 100644
--- a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
@@ -42,7 +42,7 @@ crl_extensions = crl_ext # The extentions to add to the CRL
default_days = 1825 # how long to certify for
default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
+default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
email_in_dn = no # allow/forbid EMail in DN
@@ -74,7 +74,7 @@ emailAddress = optional
####################################################################
[ req ]
-default_bits = 1024
+default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
diff --git a/testing/hosts/winnetou/etc/openssl/research/researchCert.der b/testing/hosts/winnetou/etc/openssl/research/researchCert.der
index 2a52f620d..0cbb57b99 100644
--- a/testing/hosts/winnetou/etc/openssl/research/researchCert.der
+++ b/testing/hosts/winnetou/etc/openssl/research/researchCert.der
Binary files differ
diff --git a/testing/hosts/winnetou/etc/openssl/research/researchCert.pem b/testing/hosts/winnetou/etc/openssl/research/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/hosts/winnetou/etc/openssl/research/researchCert.pem
+++ b/testing/hosts/winnetou/etc/openssl/research/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/research/serial b/testing/hosts/winnetou/etc/openssl/research/serial
index cd672a533..2c7456e3e 100644
--- a/testing/hosts/winnetou/etc/openssl/research/serial
+++ b/testing/hosts/winnetou/etc/openssl/research/serial
@@ -1 +1 @@
-06
+07
diff --git a/testing/hosts/winnetou/etc/openssl/research/serial.old b/testing/hosts/winnetou/etc/openssl/research/serial.old
index eeee65ec4..cd672a533 100644
--- a/testing/hosts/winnetou/etc/openssl/research/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/research/serial.old
@@ -1 +1 @@
-05
+06
diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt b/testing/hosts/winnetou/etc/openssl/sales/index.txt
index 3e39e973b..c4e05f253 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt
@@ -1,4 +1,5 @@
-V 100322071017Z 01 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
+R 100322071017Z 100407093948Z,superseded 01 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
V 100615195536Z 02 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
V 120323211811Z 03 unknown /C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org
V 140323211053Z 04 unknown /C=CH/O=Linux strongSwan/OU=Sales no CDP/CN=dave@strongswan.org
+V 150406094241Z 05 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt.attr.old b/testing/hosts/winnetou/etc/openssl/sales/index.txt.attr.old
new file mode 100644
index 000000000..8f7e63a34
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt.old b/testing/hosts/winnetou/etc/openssl/sales/index.txt.old
index ab3c06416..f377c3588 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt.old
@@ -1,3 +1,4 @@
-V 100322071017Z 01 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
+R 100322071017Z 100407093948Z,superseded 01 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
V 100615195536Z 02 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
V 120323211811Z 03 unknown /C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org
+V 140323211053Z 04 unknown /C=CH/O=Linux strongSwan/OU=Sales no CDP/CN=dave@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/sales/newcerts/05.pem b/testing/hosts/winnetou/etc/openssl/sales/newcerts/05.pem
new file mode 100644
index 000000000..91df37a81
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/sales/newcerts/05.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
+BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
index 75816c432..547b2edbc 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
@@ -42,7 +42,7 @@ crl_extensions = crl_ext # The extentions to add to the CRL
default_days = 1825 # how long to certify for
default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
+default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
email_in_dn = no # allow/forbid EMail in DN
@@ -74,7 +74,7 @@ emailAddress = optional
####################################################################
[ req ]
-default_bits = 1024
+default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
diff --git a/testing/hosts/winnetou/etc/openssl/sales/salesCert.der b/testing/hosts/winnetou/etc/openssl/sales/salesCert.der
index 529fd2d45..dafc9ed48 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/salesCert.der
+++ b/testing/hosts/winnetou/etc/openssl/sales/salesCert.der
Binary files differ
diff --git a/testing/hosts/winnetou/etc/openssl/sales/salesCert.pem b/testing/hosts/winnetou/etc/openssl/sales/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/salesCert.pem
+++ b/testing/hosts/winnetou/etc/openssl/sales/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/sales/serial b/testing/hosts/winnetou/etc/openssl/sales/serial
index eeee65ec4..cd672a533 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/serial
+++ b/testing/hosts/winnetou/etc/openssl/sales/serial
@@ -1 +1 @@
-05
+06
diff --git a/testing/hosts/winnetou/etc/openssl/sales/serial.old b/testing/hosts/winnetou/etc/openssl/sales/serial.old
index 64969239d..eeee65ec4 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/sales/serial.old
@@ -1 +1 @@
-04
+05
diff --git a/testing/hosts/winnetou/etc/openssl/serial b/testing/hosts/winnetou/etc/openssl/serial
index 33c1ce6c7..2bd5a0a98 100644
--- a/testing/hosts/winnetou/etc/openssl/serial
+++ b/testing/hosts/winnetou/etc/openssl/serial
@@ -1 +1 @@
-1F
+22
diff --git a/testing/hosts/winnetou/etc/openssl/serial.old b/testing/hosts/winnetou/etc/openssl/serial.old
index e28e17eb7..aabe6ec39 100644
--- a/testing/hosts/winnetou/etc/openssl/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/serial.old
@@ -1 +1 @@
-1E
+21
diff --git a/testing/scripts/build-umlrootfs b/testing/scripts/build-umlrootfs
index 4a561b857..16dd843b9 100755
--- a/testing/scripts/build-umlrootfs
+++ b/testing/scripts/build-umlrootfs
@@ -206,9 +206,9 @@ then
echo -n " --enable-leak-detective" >> $INSTALLSHELL
fi
-if [ "$USE_LOAD_TESTS" = "yes" ]
+if [ "$USE_LOAD_TESTER" = "yes" ]
then
- echo -n " --enable-load-tests" >> $INSTALLSHELL
+ echo -n " --enable-load-tester" >> $INSTALLSHELL
fi
if [ "$USE_TEST_VECTORS" = "yes" ]
@@ -221,6 +221,26 @@ then
echo -n " --enable-gcrypt" >> $INSTALLSHELL
fi
+if [ "$USE_SOCKET_DEFAULT" = "yes" ]
+then
+ echo -n " --enable-socket-default" >> $INSTALLSHELL
+fi
+
+if [ "$USE_SOCKET_DYNAMIC" = "yes" ]
+then
+ echo -n " --enable-socket-dynamic" >> $INSTALLSHELL
+fi
+
+if [ "$USE_DHCP" = "yes" ]
+then
+ echo -n " --enable-dhcp" >> $INSTALLSHELL
+fi
+
+if [ "$USE_FARP" = "yes" ]
+then
+ echo -n " --enable-farp" >> $INSTALLSHELL
+fi
+
echo "" >> $INSTALLSHELL
echo "make" >> $INSTALLSHELL
echo "make install" >> $INSTALLSHELL
diff --git a/testing/testing.conf b/testing/testing.conf
index e86f60ae2..c7852d28f 100755
--- a/testing/testing.conf
+++ b/testing/testing.conf
@@ -19,19 +19,19 @@ UMLTESTDIR=~/strongswan-testing
# Bzipped kernel sources
# (file extension .tar.bz2 required)
-KERNEL=$UMLTESTDIR/linux-2.6.31.5.tar.bz2
+KERNEL=$UMLTESTDIR/linux-2.6.33.3.tar.bz2
# Extract kernel version
KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'`
# Kernel configuration file
-KERNELCONFIG=$UMLTESTDIR/.config-2.6.31
+KERNELCONFIG=$UMLTESTDIR/.config-2.6.33
# Bzipped uml patch for kernel
-#UMLPATCH=$UMLTESTDIR/aead_init.patch.bz2
+UMLPATCH=$UMLTESTDIR/aes_gmac.patch.bz2
# Bzipped source of strongSwan
-STRONGSWAN=$UMLTESTDIR/strongswan-4.3.6.tar.bz2
+STRONGSWAN=$UMLTESTDIR/strongswan-4.4.0.tar.bz2
# strongSwan compile options (use "yes" or "no")
USE_LIBCURL="yes"
@@ -49,15 +49,19 @@ USE_BLOWFISH="yes"
USE_KERNEL_PFKEY="yes"
USE_INTEGRITY_TEST="yes"
USE_LEAK_DETECTIVE="yes"
-USE_LOAD_TESTS="yes"
+USE_LOAD_TESTER="yes"
USE_TEST_VECTORS="yes"
USE_GCRYPT="yes"
+USE_SOCKET_DEFAULT="yes"
+USE_SOCKET_DYNAMIC="yes"
+USE_DHCP="yes"
+USE_FARP="yes"
# Gentoo linux root filesystem
ROOTFS=$UMLTESTDIR/gentoo-fs-20090615.tar.bz2
# Size of the finished root filesystem in MB
-ROOTFSSIZE=600
+ROOTFSSIZE=700
# Amount of Memory to use per UML [MB].
# If "auto" is stated 1/12 of total host ram will be used.
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
index 586a3dc5e..48b36cec7 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink updown
+ load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
index 586a3dc5e..48b36cec7 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink updown
+ load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index b15a55fa5..0113aa780 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink updown
+ load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index ab6f08e2d..6fcefc56a 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index b15a55fa5..0113aa780 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink updown
+ load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
index 6f4ec2510..774042329 100644
--- a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
libstrongswan {
diff --git a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
index ff3faf993..1f442a7dd 100644
--- a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink socket-raw
}
pluto {
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
index cf4893014..831790f1e 100644
--- a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink socket-raw
}
pluto {
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ike2/description.txt b/testing/tests/ike2/description.txt
new file mode 100644
index 000000000..31d24cda6
--- /dev/null
+++ b/testing/tests/ike2/description.txt
@@ -0,0 +1,6 @@
+The router <b>moon</b> sets up a connection to gateway <b>sun</b> in order
+to reach the subnet hidden behind <b>sun</b>. The gateway <b>sun</b> assigns a
+virtual IP address to router <b>moon</b>. A special updown script on <b>moon</b>
+specified by <b>leftupdown=/etc/nat_updown</b> dynamically inserts a source NAT rule
+which maps the IP address of client <b>alice</b> to the virtual IP of <b>moon</b>.
+This allows <b>alice</b> to access client <b>bob</b> via the established IPsec tunnel.
diff --git a/testing/tests/ike2/evaltest.dat b/testing/tests/ike2/evaltest.dat
new file mode 100644
index 000000000..75d5ffbd3
--- /dev/null
+++ b/testing/tests/ike2/evaltest.dat
@@ -0,0 +1,8 @@
+moon::ipsec statusall::net-net.*ESTABLISHED::YES
+sun::ipsec statusall::net-net.*ESTABLISHED::YES
+moon::cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
+bob::tcpdump::IP alice2.strongswan.org > bob.strongswan.org: ICMP::YES
+bob::tcpdump::IP bob.strongswan.org > alice2.strongswan.org: ICMP::YES
diff --git a/testing/tests/ike2/hosts/bob/etc/hosts b/testing/tests/ike2/hosts/bob/etc/hosts
new file mode 100644
index 000000000..ee854da09
--- /dev/null
+++ b/testing/tests/ike2/hosts/bob/etc/hosts
@@ -0,0 +1,70 @@
+# /etc/hosts: This file describes a number of hostname-to-address
+# mappings for the TCP/IP subsystem. It is mostly
+# used at boot time, when no name servers are running.
+# On small systems, this file can be used instead of a
+# "named" name server. Just add the names, addresses
+# and any aliases to this file...
+#
+
+127.0.0.1 localhost
+
+192.168.0.254 uml0.strongswan.org uml0
+10.1.0.254 uml1.strongswan.org uml1
+10.2.0.254 uml1.strongswan.org uml2
+
+10.1.0.10 alice.strongswan.org alice
+10.1.0.20 venus.strongswan.org venus
+10.1.0.1 moon1.strongswan.org moon1
+192.168.0.1 moon.strongswan.org moon
+192.168.0.50 alice1.strongswan.org alice1
+192.168.0.100 carol.strongswan.org carol
+10.3.0.1 carol1.strongswan.org carol1
+192.168.0.150 winnetou.strongswan.org winnetou crl.strongswan.org ocsp.strongswan.org ldap.strongswan.org
+192.168.0.200 dave.strongswan.org dave
+10.3.0.2 dave1.strongswan.org dave1
+192.168.0.2 sun.strongswan.org sun
+10.2.0.1 sun1.strongswan.org sun1
+10.2.0.10 bob.strongswan.org bob
+10.4.0.1 alice2.strongswan.org alice2
+
+# IPv6 versions of localhost and co
+::1 ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+ff02::3 ip6-allhosts
+
+# IPv6 solicited-node multicast addresses
+ff02::1:ff00:1 ip6-mcast-1
+ff02::1:ff00:2 ip6-mcast-2
+ff02::1:ff00:10 ip6-mcast-10
+ff02::1:ff00:15 ip6-mcast-15
+ff02::1:ff00:20 ip6-mcast-20
+
+# IPv6 site-local addresses
+fec0::5 ip6-alice1.strongswan.org ip6-alice1
+fec1::10 ip6-alice.strongswan.org ip6-alice
+fec1::20 ip6-venus.strongswan.org ip6-venus
+fec1::1 ip6-moon1.strongswan.org ip6-moon1
+fec0::1 ip6-moon.strongswan.org ip6-moon
+fec0::10 ip6-carol.strongswan.org ip6-carol
+fec3::1 ip6-carol1.strongswan.org ip6-carol1
+fec0::15 ip6-winnetou.strongswan.org ip6-winnetou
+fec0::20 ip6-dave.strongswan.org ip6-dave
+fec3::2 ip6-dave1.strongswan.org ip6-dave1
+fec0::2 ip6-sun.strongswan.org ip6-sun
+fec2::1 ip6-sun1.strongswan.org ip6-sun1
+fec2::10 ip6-bob.strongswan.org ip6-bob
+
+# IPv6 link-local HW derived addresses
+fe80::fcfd:0aff:fe01:14 ip6-hw-venus.strongswan.org ip6-hw-venus
+fe80::fcfd:0aff:fe01:0a ip6-hw-alice.strongswan.org ip6-hw-alice
+fe80::fcfd:0aff:fe01:01 ip6-hw-moon1.strongswan.org ip6-hw-moon1
+fe80::fcfd:c0ff:fea8:01 ip6-hw-moon.strongswan.org ip6-hw-moon
+fe80::fcfd:c0ff:fea8:64 ip6-hw-carol.strongswan.org ip6-hw-carol
+fe80::fcfd:c0ff:fea8:96 ip6-hw-winnetou.strongswan.org ip6-hw-winnetou
+fe80::fcfd:c0ff:fea8:c8 ip6-hw-dave.strongswan.org ip6-hw-dave
+fe80::fcfd:c0ff:fea8:02 ip6-hw-sun.strongswan.org ip6-hw-sun
+fe80::fcfd:0aff:fe02:01 ip6-hw-sun1.strongswan.org ip6-hw-sun1
+fe80::fcfd:0aff:fe02:0a ip6-hw-bob.strongswan.org ip6-hw-bob
diff --git a/testing/tests/ike2/hosts/moon/etc/ipsec.conf b/testing/tests/ike2/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..e43e0d785
--- /dev/null
+++ b/testing/tests/ike2/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ mobike=no
+
+conn net-net
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsourceip=%config
+ leftupdown=/etc/nat_updown
+ right=PH_IP_SUN
+ rightid=@sun.strongswan.org
+ rightsubnet=10.2.0.0/16
+ auto=add
diff --git a/testing/tests/ike2/hosts/moon/etc/nat_updown b/testing/tests/ike2/hosts/moon/etc/nat_updown
new file mode 100755
index 000000000..aab1df687
--- /dev/null
+++ b/testing/tests/ike2/hosts/moon/etc/nat_updown
@@ -0,0 +1,152 @@
+#! /bin/sh
+# NAT updown script
+#
+# Copyright (C) 2010 Andreas Steffen <andreas.steffen@strongswan.org>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+
+# things that this script gets (from ipsec_pluto(8) man page)
+#
+# PLUTO_VERSION
+# indicates what version of this interface is being
+# used. This document describes version 1.1. This
+# is upwardly compatible with version 1.0.
+#
+# PLUTO_VERB
+# specifies the name of the operation to be performed
+# (prepare-host, prepare-client, up-host, up-client,
+# down-host, or down-client). If the address family
+# for security gateway to security gateway communica-
+# tions is IPv6, then a suffix of -v6 is added to the
+# verb.
+#
+# PLUTO_CONNECTION
+# is the name of the connection for which we are
+# routing.
+#
+# PLUTO_NEXT_HOP
+# is the next hop to which packets bound for the peer
+# must be sent.
+#
+# PLUTO_INTERFACE
+# is the name of the ipsec interface to be used.
+#
+# PLUTO_REQID
+# is the requid of the ESP policy
+#
+# PLUTO_ME
+# is the IP address of our host.
+#
+# PLUTO_MY_ID
+# is the ID of our host.
+#
+# PLUTO_MY_CLIENT
+# is the IP address / count of our client subnet. If
+# the client is just the host, this will be the
+# host's own IP address / max (where max is 32 for
+# IPv4 and 128 for IPv6).
+#
+# PLUTO_MY_CLIENT_NET
+# is the IP address of our client net. If the client
+# is just the host, this will be the host's own IP
+# address.
+#
+# PLUTO_MY_CLIENT_MASK
+# is the mask for our client net. If the client is
+# just the host, this will be 255.255.255.255.
+#
+# PLUTO_MY_SOURCEIP
+# if non-empty, then the source address for the route will be
+# set to this IP address.
+#
+# PLUTO_MY_PROTOCOL
+# is the IP protocol that will be transported.
+#
+# PLUTO_MY_PORT
+# is the UDP/TCP port to which the IPsec SA is
+# restricted on our side.
+#
+# PLUTO_PEER
+# is the IP address of our peer.
+#
+# PLUTO_PEER_ID
+# is the ID of our peer.
+#
+# PLUTO_PEER_CA
+# is the CA which issued the cert of our peer.
+#
+# PLUTO_PEER_CLIENT
+# is the IP address / count of the peer's client sub-
+# net. If the client is just the peer, this will be
+# the peer's own IP address / max (where max is 32
+# for IPv4 and 128 for IPv6).
+#
+# PLUTO_PEER_CLIENT_NET
+# is the IP address of the peer's client net. If the
+# client is just the peer, this will be the peer's
+# own IP address.
+#
+# PLUTO_PEER_CLIENT_MASK
+# is the mask for the peer's client net. If the
+# client is just the peer, this will be
+# 255.255.255.255.
+#
+# PLUTO_PEER_PROTOCOL
+# is the IP protocol that will be transported.
+#
+# PLUTO_PEER_PORT
+# is the UDP/TCP port to which the IPsec SA is
+# restricted on the peer side.
+#
+
+# define a minimum PATH environment in case it is not set
+PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin"
+export PATH
+
+# resolve octal escape sequences
+PLUTO_MY_ID=`printf "$PLUTO_MY_ID"`
+PLUTO_PEER_ID=`printf "$PLUTO_PEER_ID"`
+
+case "$PLUTO_VERB:$1" in
+up-host:)
+ # connection to me coming up
+ # If you are doing a custom version, firewall commands go here.
+ ;;
+down-host:)
+ # connection to me going down
+ # If you are doing a custom version, firewall commands go here.
+ ;;
+up-client:)
+ # connection to my client subnet coming up
+ # If you are doing a custom version, firewall commands go here.
+ iptables -A FORWARD -i eth1 -o $PLUTO_INTERFACE -s PH_IP_ALICE \
+ -d $PLUTO_PEER_CLIENT -j ACCEPT
+ iptables -A FORWARD -o eth1 -i $PLUTO_INTERFACE -d PH_IP_ALICE \
+ -s $PLUTO_PEER_CLIENT -j ACCEPT
+ iptables -t nat -A POSTROUTING -o $PLUTO_INTERFACE -s PH_IP_ALICE \
+ -d $PLUTO_PEER_CLIENT -j SNAT --to-source $PLUTO_MY_SOURCEIP
+ echo "inserted NAT rule mapping PH_IP_ALICE to virtual IP $PLUTO_MY_SOURCEIP" >&2
+ ;;
+down-client:)
+ # connection to my client subnet going down
+ # If you are doing a custom version, firewall commands go here.
+ iptables -D FORWARD -i eth1 -o $PLUTO_INTERFACE -s PH_IP_ALICE \
+ -d $PLUTO_PEER_CLIENT -j ACCEPT
+ iptables -D FORWARD -o eth1 -i $PLUTO_INTERFACE -d PH_IP_ALICE \
+ -s $PLUTO_PEER_CLIENT -j ACCEPT
+ iptables -t nat -D POSTROUTING -o $PLUTO_INTERFACE -s PH_IP_ALICE \
+ -d $PLUTO_PEER_CLIENT -j SNAT --to-source $PLUTO_MY_SOURCEIP
+ echo "deleted NAT rule mapping PH_IP_ALICE to virtual IP $PLUTO_MY_SOURCEIP" >&2
+ ;;
+*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
+ exit 1
+ ;;
+esac
diff --git a/testing/tests/ike2/hosts/moon/etc/strongswan.conf b/testing/tests/ike2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..161934454
--- /dev/null
+++ b/testing/tests/ike2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-raw updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/ike2/hosts/sun/etc/ipsec.conf b/testing/tests/ike2/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..9cede8d56
--- /dev/null
+++ b/testing/tests/ike2/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ mobike=no
+
+conn net-net
+ left=PH_IP_SUN
+ leftcert=sunCert.pem
+ leftid=@sun.strongswan.org
+ leftsubnet=10.2.0.0/16
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsourceip=10.4.0.0/24
+ auto=add
diff --git a/testing/tests/ike2/hosts/sun/etc/strongswan.conf b/testing/tests/ike2/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..161934454
--- /dev/null
+++ b/testing/tests/ike2/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-raw updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/ike2/posttest.dat b/testing/tests/ike2/posttest.dat
new file mode 100644
index 000000000..b121de27d
--- /dev/null
+++ b/testing/tests/ike2/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+moon::conntrack -F
diff --git a/testing/tests/ike2/pretest.dat b/testing/tests/ike2/pretest.dat
new file mode 100644
index 000000000..abbca90d7
--- /dev/null
+++ b/testing/tests/ike2/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::conntrack -F
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+moon::ipsec start
+sun::ipsec start
+moon::sleep 1
+moon::ipsec up net-net
+moon::sleep 1
diff --git a/testing/tests/ike2/test.conf b/testing/tests/ike2/test.conf
new file mode 100644
index 000000000..1971a33ab
--- /dev/null
+++ b/testing/tests/ike2/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun bob"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/alg-modp-subgroup/description.txt b/testing/tests/ikev1/alg-modp-subgroup/description.txt
new file mode 100644
index 000000000..cb7d11720
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/description.txt
@@ -0,0 +1,14 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b> using the <b>MODP Diffie-Hellman Groups 22, 23, and 24</b>
+with <b>Prime Order Subgroups</b>.
+<p/>
+<b>carol</b> proposes the DH groups MODP_2048_224 and MODP_1024_160 whereas
+<b>dave</b> proposes MODP_2048_224 and MODP_2048_256.
+Since <b>moon</b> does not support MODP_2048_224 the roadwarriors fall back to
+MODP_1024_160 and MODP_2048_256, respectively.
+<p/>
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
new file mode 100644
index 000000000..0f71ba5f5
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
@@ -0,0 +1,13 @@
+moon::cat /var/log/auth.log::MODP_2048_224.*refused due to strict flag::YES
+moon::ipsec statusall::IPsec SA established::YES
+carol::ipsec statusall::IPsec SA established::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA1/MODP_1024_160::YES
+dave::ipsec statusall::IPsec SA established::YES
+dave::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048_256::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..944524020
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes128-sha1-modp2048s224,aes128-sha1-modp1024s160!
+
+conn home
+ left=PH_IP_CAROL
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..a9de84e91
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes128-sha256-modp2048s224,aes128-sha256-modp2048s256!
+
+conn home
+ left=PH_IP_DAVE
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..424f78bb4
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes128-sha256-modp2048s256,aes128-sha1-modp1024s160!
+
+conn rw
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ leftfirewall=yes
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev1/alg-modp-subgroup/posttest.dat b/testing/tests/ikev1/alg-modp-subgroup/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/alg-modp-subgroup/pretest.dat b/testing/tests/ikev1/alg-modp-subgroup/pretest.dat
new file mode 100644
index 000000000..42e9d7c24
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1/alg-modp-subgroup/test.conf b/testing/tests/ikev1/alg-modp-subgroup/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
index 3c5c5d91d..61d1c34e2 100644
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
+++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIBCzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEKjCCAxKgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDIxNzA4NDQzMFoXDTEwMDIxNjA4NDQzMFowZjELMAkGA1UE
+b290IENBMB4XDTEwMDIyNzIxMDUzMFoXDTE1MDIyNjIxMDUzMFowZjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xIDAeBgNVBAsTF0F1dGhv
cml6YXRpb24gQXV0aG9yaXR5MRowGAYDVQQDFBFhYUBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2Czo4Mds6Jz15DWop6ExWI
-wWt9zU8Xu//ow1F0Kf9a4DLjo8qO+km3gybByNQQv1LrZ1eq+82Gy4RYXU1FnhC6
-dc8aobDmUQkY/8uYXtUmevKF5QcbYciDLp01W1q0DONAlc/9wmvJWhvjs9itWOBC
-fAUcH3eUNvMgkc7hlQTqreZTH4zyJ6M54JibkTsyfVg/1yOT41zUU3b+vI/r9kNB
-CYcp2DrdhdxX6mEiSTyDA/OMlgvCa7kPinUL4FJtQOFBozCsGcD28ONLc8Abkggf
-NABXCclPVAXOTawJF3dRWcMhIlNLWxWMVRvEt5OkAEdy/mXGBvtVArmGnmA+8zcC
-AwEAAaOCAQIwgf8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFA+6
-5KwThPKc9Vxn0048uRThft1tMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDq
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKw0NWg8FpkrWoItNzexEiaS
+dESF+blw2+2y51vVmbDk9edfJcjkzBNIEvY/0GXODmcthjExiTNgmNuCdQwapCHx
+p39HaD902rzmvflI40dZTmlFcn0Pp41wNbvjVaOpn7f6Mov68YmsoLQr47+OU6sn
+d3c8rx+BXO4g6YyRB0xpwB2kfO34FZh7FwOe4sVAJu5E7urK0hij2W1+adZNFg7K
+SP2i7llfooxWpS+6Vi6ZjuJ/dcGyvXpXnr0H2x58sZeaB5n8Ay+mhPDX72xXfwEm
+s7fztkhqmmix2TVEH96dR99ouCENF1Cm8OCbR1kkhWReL6P0tCbirbwFbZxKtOUC
+AwEAAaOCAQIwgf8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFEvO
+LmT1B7kU0IJsJtK+0nZMwxXgMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDq
Lk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
bjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEAMBwGA1UdEQQVMBOBEWFh
QHN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ry
-b25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEEBQADggEBAIeg
-CjgR2yIGSuyrFolvEM/qoT3j+LpQREDZbx9BKr3kGmbqF75clwfpysJ4FlXZZ2CR
-aH2GoPOZGXwsYc3poqGeeWSxo+fpt4XIGUc1eREXm1rKVMd+qb0u0PXuhq2+u1aY
-ZJDY0yqUU2/7AInXjzG7lI120W+K6tuTM/5UVI5EPpAFwUVlCxnMh4Sl4VkgZ2Hw
-YnO3/8SEHmHR03/GhOd5d8hD8a0AGHtdOPpZnUOR9PH5FszpQ/alUdn+NTdQ7O2v
-Q8jqPCeQSAAkJbBBRvGA4bD6KXt1k74fXXUofiKWpQUozlO1Cc978Kfl5/do5bov
-wTLSA/z7c8nVCVoZI9Y=
+b25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBAI2K
+atqWeSWcxmcylrBJXkXDOsZtFZAE/kGWD5+T/lDFzE5D0GeDWfHehojtooWGpnL3
+u7xo3h3+qVliYcCFy1zKtPE0lwkBWKFPSw4UNfOmaF4De6Tp1V6FSQE9JPNpcTL/
+aPWFkX69Py8elR8OIsXPlFtOfTbtjZxoGuLNn7BX1XjctG5iIhKs/3TVMdzcyjVL
+wKiDE1xq8/Es2pPTgvF8jk7VcNyIGhrlj1IYq35h0RKTSXTCRlczf+lzoPo6Duov
+G0r/8VLpI4bBmKN4cIvaRCa4zew8SWpJzg/06zm2QT8eEJVVB499usVf9OVS3Qa5
+8mcNXcKmqcyP2Tlnvbo=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem
index 209b48f3a..250441ad0 100644
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem
+++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAvYLOjgx2zonPXkNainoTFYjBa33NTxe7/+jDUXQp/1rgMuOj
-yo76SbeDJsHI1BC/UutnV6r7zYbLhFhdTUWeELp1zxqhsOZRCRj/y5he1SZ68oXl
-BxthyIMunTVbWrQM40CVz/3Ca8laG+Oz2K1Y4EJ8BRwfd5Q28yCRzuGVBOqt5lMf
-jPInozngmJuROzJ9WD/XI5PjXNRTdv68j+v2Q0EJhynYOt2F3FfqYSJJPIMD84yW
-C8JruQ+KdQvgUm1A4UGjMKwZwPbw40tzwBuSCB80AFcJyU9UBc5NrAkXd1FZwyEi
-U0tbFYxVG8S3k6QAR3L+ZcYG+1UCuYaeYD7zNwIDAQABAoIBAQCCGgsz+dqWcIWs
-cRD3gFcZsYkYAoWwhtrKFUIB6X3rkLfaN+16Yi3x7cpcES2OaPDwPCv2Q6warS+K
-7B8hrWmWkmvOgrn+eB+p3z+8xh5UttYxKTrSZjn7LhQSWU8eNf2jBfPTlqKi3Ni/
-zNLrLhaV3w7Fc0knDtmqj/GJ1dQ4SrUpME3sREpWbGSzjJ2UsR7iqQiDsYwWHzK2
-nWWwzrSmpObhDR3jiyOwBy/DEjXRC7h0fUL8eBghJvLWgFgifI5Z36FXa0FasxQr
-zKZnQdwuJHqQz7+sVjAmKtNd7x7RE5Ii0oQYiWDFr0OAwKD5UfMNydpcOVC/bV2n
-SKWmguoBAoGBAO73MTPP9ne4cfC7t4k2+F9hkb7mAjAbk9GbTyZyEKSDKH2bL02W
-G4kXdlkvZVgKhIDg8PCouRSQKv2IxubDrarFURb5KMJlyfBV1Q8JSxpVtxK69clq
-yIu/AtiiBE/n11MdmdoJLr6l2nNStJummj2jw5OyN8sdJarf83rCy+ITAoGBAMsF
-IfivZ+Tueavy0tGRb1qqKalIhwzLBRmWCna39bB9rK4eTNio5Oes95mC7t8mslmO
-18enKUTO87svWLzo8NVYIKSqg5B+kIN44hROErlV6HHPVd5vJzZFjH7SSfy5y8Ka
-wmsA1xiG6NEgEndc6F6uQ2YdaZAHWFO6CiTNpq7NAoGADXglb9QzAkCFO5p5F+Tf
-TxEC1A3G5ctII7JrXbFkOsGh0KKkoezqFGocI57GSZYeLd1/9zCrbftKUQwamftB
-mLSSg4b7wylVnpRX9AcEErHuJcIgBIBeWXIkyO0o7RAWVPsAJwgJeHmEvKdWwsc7
-PmoypeqPtoUoEF+bK7o7H70CgYAYlYaHlrX+AuK4766XsgTJ9dEVrrKr2enEL2cU
-+THHLXC7pO+pTMprQ4a4ECLc4tK2BZYblyJoMqdRA2q7dXm0W/eX+Q31cV4OjZTS
-4KFj0ANVxMWhKdSVvdZFhTFwaQ9DgXoJexCQ58VJjZiu25FH5dJDi0w9JKaNfPm9
-eym0AQKBgHhfqD9EXxazoP27NyZAFUSA3r4u06qFjbAEjbuJVAJNSuEu6Sht2uIg
-lCHpTPssDLHVSY0faQwY4vPqJZVg0k/rAu2VlvbJxYrdzXr8eTfPRJrhv/s/Tbro
-n1rmisBKov1P2Cu2e03a8+GDO3lpSZr9YNG/e7wggSbfAvqCoUDF
+MIIEowIBAAKCAQEArDQ1aDwWmStagi03N7ESJpJ0RIX5uXDb7bLnW9WZsOT1518l
+yOTME0gS9j/QZc4OZy2GMTGJM2CY24J1DBqkIfGnf0doP3TavOa9+UjjR1lOaUVy
+fQ+njXA1u+NVo6mft/oyi/rxiaygtCvjv45Tqyd3dzyvH4Fc7iDpjJEHTGnAHaR8
+7fgVmHsXA57ixUAm7kTu6srSGKPZbX5p1k0WDspI/aLuWV+ijFalL7pWLpmO4n91
+wbK9eleevQfbHnyxl5oHmfwDL6aE8NfvbFd/ASazt/O2SGqaaLHZNUQf3p1H32i4
+IQ0XUKbw4JtHWSSFZF4vo/S0JuKtvAVtnEq05QIDAQABAoIBAQCbfhUPhtp8+imi
+zANFFW2nSK0VxsgEi4T7MIU6Zjh+A3CLuF2c9gPUEUuV8W9SzeoxfmjieLFDpCDC
+bR0VjeTRBazR//+A9RoiYlP+CbO4FEr6QYwsovsPetf6TT9iJeMjtBb6UODTCP6f
+UdY3fOPN8zgrga87yorINw3MMJSfiI21zSzCkueOQloktBgih5Wueu8FDFUB2fVa
+uLTUa+wOhXUBPyF5OXLox5TxE6gBPkiUsnNXP8X/kHLPk2iBQmdxz+uwG/Pz6pS2
+JsmX2WzFJ0+Rj4cJpoa4Ev5uAx79kcXnQT3d5/HIwuh7ZEMKorb1m8w8lhAW4ARU
+ddjhLkWhAoGBAOCpDGfLwQHWVejOcjEwfWts0hHLdlNfZEgsLSex2k/U6Mk1TjCo
+tAHQOvmqxZDxypJEem3RPaWZh+gttTpHvGkS9fsvTpyARcDp0FXI40hwARPsnMbI
+0fDmpVfOOLZdQKMDg42TrZC/mipU68gFP/rYC7xalJs0pe0LL3ffsSC5AoGBAMQ5
+3V6nuucpL87I0fKg56z0/3lcRxI46KuIXhHSAjxNb76cQuxiK8s5TPCot3Unq6GQ
+R7Y+dYd1FVEh2i3Q7/Yh/BSeYiDcDf5aELCwY32O/OnSSoNTbgGR5FT+/SHJK5bg
+j/O5S7+dajqtC2JZJl8smOeB5c187bc4FU72+6eNAoGAZUiRSTI434Ur0ftQzBBa
+WtYClvctb0TwRwFzkhPCon8QO7YGfDVygebIz8pHq6L2ep7Yuy28Jy5icTA6Jf41
+WQGtWALp4/CIggJnZGVe4kdslPj1bUEYNQ0mucFFHCJKg7OP2YIcm8dlz3PdoJ2N
+TJ+eGtqTaK2BqK6ERfzZNDECgYBbVTOcYyWzgpAmB4LxE8PB1Sc0LadG7AYgERD3
+6m/v8XsZlVHxBKCtrrYJLf52IUjZonY+dUPvEKgjY0ZSHPYT8i2Ky02RTduVkAZE
+t1UXk/5UNvVHuwVw5Z8JkMXxe9k2GL/oCU8gmPxg4zpxRF1/3xosZ2G3C3b52LjS
+UFNB4QKBgDX2UmLgRHAXDsmksNZaMUSNk+xws0B1M/EDd9h7e79ilENkOPDLo5+E
+z22WPNrgzKEUz44FZZOsislfPE7ffgQcRTxtNWqoElwxuHLuy46jaReL7zJSDtpv
+wtn4YoOpH0DnC994nziTQif33FBF/2o8hWoq4vcXKNSMGTwGzi/a
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/description.txt b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt
new file mode 100644
index 000000000..bc9b7c760
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt
@@ -0,0 +1,4 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only
+ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac!</b>
+in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
+the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
new file mode 100644
index 000000000..3ec271cf1
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec statusall::rw.*IPsec SA established::YES
+carol::ipsec statusall::home.*IPsec SA established::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec statusall::ESP proposal: AES_GMAC_256::YES
+carol::ipsec statusall::ESP proposal: AES_GMAC_256::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..69ef8d49d
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes256-sha384-modp2048!
+ esp=aes256gmac!
+
+conn home
+ left=PH_IP_CAROL
+ leftfirewall=yes
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..41a583763
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes256-sha384-modp2048!
+ esp=aes256gmac!
+
+conn rw
+ left=PH_IP_MOON
+ leftfirewall=yes
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat
new file mode 100644
index 000000000..94a400606
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat
new file mode 100644
index 000000000..f360351e1
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1
+carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/test.conf b/testing/tests/ikev1/esp-alg-aes-gmac/test.conf
new file mode 100644
index 000000000..acb73b06f
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf
index 5a444f19c..90eb30a9b 100644
--- a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf
@@ -4,7 +4,7 @@ pluto {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
index 5a444f19c..90eb30a9b 100644
--- a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -4,7 +4,7 @@ pluto {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev1/ip-pool/description.txt b/testing/tests/ikev1/ip-pool/description.txt
new file mode 100644
index 000000000..b3f584c57
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv1 Mode Config payload
+by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual
+IP addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> in a monotonously
+increasing order.
+<p>
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping
+the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two
+pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev1/ip-pool/evaltest.dat b/testing/tests/ikev1/ip-pool/evaltest.dat
new file mode 100644
index 000000000..f67ab321b
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/evaltest.dat
@@ -0,0 +1,26 @@
+carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES
+carol::ip addr list dev eth0::PH_IP_CAROL1::YES
+carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
+carol::ipsec status::home.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES
+dave::ip addr list dev eth0::PH_IP_DAVE1::YES
+dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave::ipsec status::home.*IPsec SA established::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::cat /var/log/auth.log::adding virtual IP address pool::YES
+moon::cat /var/log/auth.log::peer requested virtual IP %any::YES
+moon::cat /var/log/auth.log::assigning virtual IP::YES
+moon::ipsec leases rw::2/15, 2 online::YES
+moon::ipsec leases rw 10.3.0.1::carol@strongswan.org::YES
+moon::ipsec leases rw 10.3.0.2::dave@strongswan.org::YES
+moon::ipsec statusall::rw.*carol@strongswan.org.*erouted::YES
+moon::ipsec statusall::rw.*dave@strongswan.org.*erouted::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..0c770de9f
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..163c19516
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=PH_IP_DAVE
+ leftsourceip=%config
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..ddedd7e7b
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn rw
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+ right=%any
+ rightsourceip=10.3.0.0/28
+ auto=add
diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-pool/posttest.dat b/testing/tests/ikev1/ip-pool/posttest.dat
new file mode 100644
index 000000000..a68e84cbd
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/posttest.dat
@@ -0,0 +1,8 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del 10.3.0.1/32 dev eth0
+dave::ip addr del 10.3.0.2/32 dev eth0
diff --git a/testing/tests/ikev1/ip-pool/pretest.dat b/testing/tests/ikev1/ip-pool/pretest.dat
new file mode 100644
index 000000000..014e80517
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/pretest.dat
@@ -0,0 +1,10 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev1/ip-pool/test.conf b/testing/tests/ikev1/ip-pool/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/description.txt b/testing/tests/ikev1/ip-two-pools-mixed/description.txt
new file mode 100644
index 000000000..3869ced0a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/description.txt
@@ -0,0 +1,9 @@
+The hosts <b>alice</b> and <b>carol</b> set up a tunnel connection each to gateway <b>moon</b>.
+Both hosts request a <b>virtual IP</b> via the IKEv1 Mode Config payload by using the
+<b>leftsourceip=%config</b> parameter. Gateway <b>moon</b> assigns virtual IP
+addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> to hosts connecting
+to the <b>eth0</b> (PH_IP_MOON) interface and virtual IP addresses from an SQLite-based pool
+named <b>intpool</b> [10.4.0.1..10.4.1.244] to hosts connecting to the <b>eth1</b> (PH_IP_MOON1) interface.
+<p>
+Thus <b>carol</b> is assigned <b>PH_IP_CAROL1</b> whereas <b>alice</b> gets <b>10.4.0.1</b> and
+both ping the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat b/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat
new file mode 100644
index 000000000..f237ce53f
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat
@@ -0,0 +1,17 @@
+carol::ipsec status::home.*IPsec SA established::YES
+alice::ipsec status::home.*IPsec SA established::YES
+moon::ipsec status::ext.*carol@strongswan.org.*erouted::YES
+moon::ipsec status::int.*alice@strongswan.org.*erouted::YES
+moon::cat /var/log/auth.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
+moon::ipsec leases ext::1/15, 1 online::YES
+moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES
+moon::ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*1::YES
+moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
+alice::cat /var/log/auth.log::setting virtual IP source address to 10.4.0.1::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
+alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables
new file mode 100755
index 000000000..97b773645
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables
@@ -0,0 +1,78 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow ESP
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MOBIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf
new file mode 100755
index 000000000..e8077b22a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=%defaultroute
+ leftsourceip=%config
+ leftcert=aliceCert.pem
+ leftid=alice@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON1
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..99a8c60ff
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..bb9d03acd
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+ iptables -A INPUT -i eth1 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+ iptables -A INPUT -i eth1 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+ iptables -A INPUT -i eth1 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+ iptables -A FORWARD -i eth0 -o eth1 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A FORWARD -o eth0 -i eth1 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # masquerade crl fetches to winnetou
+ iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -d PH_IP_WINNETOU -j MASQUERADE
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..e844ba989
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+ right=%any
+
+conn int
+ left=PH_IP_MOON1
+ rightsourceip=%intpool
+ auto=add
+
+conn ext
+ left=PH_IP_MOON
+ rightsourceip=10.3.0.0/28
+ auto=add
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..90eb30a9b
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,17 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql
+}
+
+libhydra {
+ plugins {
+ attr-sql {
+ database = sqlite:///etc/ipsec.d/ipsec.db
+ }
+ }
+}
+
+pool {
+ load = sqlite
+}
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat b/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat
new file mode 100644
index 000000000..74e3cf2c0
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat
@@ -0,0 +1,13 @@
+carol::ipsec stop
+alice::ipsec stop
+moon::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+alice::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del 10.3.0.1/32 dev eth0
+alice::ip addr del 10.4.0.1/32 dev eth0
+moon::ip route del 10.3.0.0/16 via PH_IP_MOON
+moon::ip route del 10.4.0.0/16 via PH_IP_MOON1
+moon::conntrack -F
+moon::ipsec pool --del intpool 2> /dev/null
+moon::rm /etc/ipsec.d/ipsec.*
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat b/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat
new file mode 100644
index 000000000..21e28ce0c
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat
@@ -0,0 +1,15 @@
+moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
+moon::ipsec pool --add intpool --start 10.4.0.1 --end 10.4.1.244 --timeout 0 2> /dev/null
+moon::ip route add 10.3.0.0/16 via PH_IP_MOON
+moon::ip route add 10.4.0.0/16 via PH_IP_MOON1
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+alice::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+moon::ipsec start
+alice::ipsec start
+carol::sleep 2
+carol::ipsec up home
+alice::ipsec up home
+alice::sleep 1
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/test.conf b/testing/tests/ikev1/ip-two-pools-mixed/test.conf
new file mode 100644
index 000000000..329774c0a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice carol"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice moon carol"
diff --git a/testing/tests/ikev1/ip-two-pools/description.txt b/testing/tests/ikev1/ip-two-pools/description.txt
new file mode 100644
index 000000000..33a5187c5
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/description.txt
@@ -0,0 +1,9 @@
+The hosts <b>alice</b> and <b>carol</b> set up a tunnel connection each to gateway <b>moon</b>.
+Both hosts request a <b>virtual IP</b> via the IKEv1 Mode Config payload by using the
+<b>leftsourceip=%config</b> parameter. Gateway <b>moon</b> assigns virtual IP
+addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> to hosts connecting
+to the <b>eth0</b> (PH_IP_MOON) interface and virtual IP addresses from a simple pool defined
+by <b>rightsourceip=10.4.0.0/28</b> to hosts connecting to the <b>eth1</b> (PH_IP_MOON1) interface.
+<p>
+Thus <b>carol</b> is assigned <b>PH_IP_CAROL1</b> whereas <b>alice</b> gets <b>10.4.0.1</b> and
+both ping the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/ip-two-pools/evaltest.dat b/testing/tests/ikev1/ip-two-pools/evaltest.dat
new file mode 100644
index 000000000..2f19a77ba
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/evaltest.dat
@@ -0,0 +1,18 @@
+carol::ipsec status::home.*IPsec SA established::YES
+alice::ipsec status::home.*IPsec SA established::YES
+moon::ipsec status::ext.*carol@strongswan.org.*erouted::YES
+moon::ipsec status::int.*alice@strongswan.org.*erouted::YES
+moon::cat /var/log/auth.log::adding virtual IP address pool.*int.*10.4.0.0/28::YES
+moon::cat /var/log/auth.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
+moon::ipsec leases ext::1/15, 1 online::YES
+moon::ipsec leases int::1/15, 1 online::YES
+moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES
+moon::ipsec leases int 10.4.0.1::alice@strongswan.org::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
+alice::cat /var/log/auth.log::setting virtual IP source address to 10.4.0.1::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
+alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables
new file mode 100755
index 000000000..97b773645
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables
@@ -0,0 +1,78 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow ESP
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MOBIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf
new file mode 100755
index 000000000..e8077b22a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=%defaultroute
+ leftsourceip=%config
+ leftcert=aliceCert.pem
+ leftid=alice@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON1
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..99a8c60ff
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..bb9d03acd
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+ iptables -A INPUT -i eth1 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+ iptables -A INPUT -i eth1 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+ iptables -A INPUT -i eth1 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+ iptables -A FORWARD -i eth0 -o eth1 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A FORWARD -o eth0 -i eth1 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # masquerade crl fetches to winnetou
+ iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -d PH_IP_WINNETOU -j MASQUERADE
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..4771e26d6
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+ right=%any
+
+conn int
+ left=PH_IP_MOON1
+ rightsourceip=10.4.0.0/28
+ auto=add
+
+conn ext
+ left=PH_IP_MOON
+ rightsourceip=10.3.0.0/28
+ auto=add
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools/posttest.dat b/testing/tests/ikev1/ip-two-pools/posttest.dat
new file mode 100644
index 000000000..4474e5ade
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/posttest.dat
@@ -0,0 +1,12 @@
+alice::ipsec stop
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+alice::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del 10.3.0.1/32 dev eth0
+alice::ip addr del 10.4.0.1/32 dev eth0
+moon::ip route del 10.3.0.0/16 via 192.168.0.1
+moon::ip route del 10.4.0.0/16 via 10.1.0.1
+moon::conntrack -F
+moon::rm /etc/ipsec.d/ipsec.*
diff --git a/testing/tests/ikev1/ip-two-pools/pretest.dat b/testing/tests/ikev1/ip-two-pools/pretest.dat
new file mode 100644
index 000000000..8091a6ed2
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/pretest.dat
@@ -0,0 +1,12 @@
+moon::ip route add 10.3.0.0/16 via 192.168.0.1
+moon::ip route add 10.4.0.0/16 via 10.1.0.1
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+alice::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+moon::ipsec start
+alice::ipsec start
+carol::sleep 2
+carol::ipsec up home
+alice::ipsec up home
+alice::sleep 1
diff --git a/testing/tests/ikev1/ip-two-pools/test.conf b/testing/tests/ikev1/ip-two-pools/test.conf
new file mode 100644
index 000000000..329774c0a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice carol"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice moon carol"
diff --git a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf
index 83cdb0d28..21493adc3 100644
--- a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl attr
dns1 = PH_IP_WINNETOU
dns2 = PH_IP6_VENUS
}
diff --git a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
index 83cdb0d28..21493adc3 100644
--- a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl attr
dns1 = PH_IP_WINNETOU
dns2 = PH_IP6_VENUS
}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/protoport-route/pretest.dat b/testing/tests/ikev1/protoport-route/pretest.dat
index b1fc81827..d52aeaeb8 100644
--- a/testing/tests/ikev1/protoport-route/pretest.dat
+++ b/testing/tests/ikev1/protoport-route/pretest.dat
@@ -2,7 +2,7 @@ moon::/etc/init.d/iptables start 2> /dev/null
carol::/etc/init.d/iptables start 2> /dev/null
moon::ipsec start
carol::ipsec start
-carol::sleep 1
+carol::sleep 3
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname
-carol::ping -c 1 PH_IP_ALICE > /dev/null
-carol::sleep 2
+carol::ping -c 1 PH_IP_MOON1 > /dev/null
+carol::sleep 2
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
index 95ec73753..336227af7 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
dh_exponent_ansi_x9_42 = no
- load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown
+ load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
index 95ec73753..336227af7 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
dh_exponent_ansi_x9_42 = no
- load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown
+ load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
index 95ec73753..336227af7 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
dh_exponent_ansi_x9_42 = no
- load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown
+ load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/description.txt b/testing/tests/ikev2/alg-modp-subgroup/description.txt
new file mode 100644
index 000000000..cb7d11720
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/description.txt
@@ -0,0 +1,14 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b> using the <b>MODP Diffie-Hellman Groups 22, 23, and 24</b>
+with <b>Prime Order Subgroups</b>.
+<p/>
+<b>carol</b> proposes the DH groups MODP_2048_224 and MODP_1024_160 whereas
+<b>dave</b> proposes MODP_2048_224 and MODP_2048_256.
+Since <b>moon</b> does not support MODP_2048_224 the roadwarriors fall back to
+MODP_1024_160 and MODP_2048_256, respectively.
+<p/>
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
new file mode 100644
index 000000000..80df206bf
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
@@ -0,0 +1,15 @@
+carol::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_1024_160::YES
+dave::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES
+moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES
+moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES
+dave::ipsec statusall::home.*ESTABLISHED::YES
+dave::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..257923d02
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes128-sha1-modp2048s224,aes128-sha1-modp1024s160!
+
+conn home
+ left=PH_IP_CAROL
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..9b5247973
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes128-sha256-modp2048s224,aes128-sha256-modp2048s256!
+
+conn home
+ left=PH_IP_DAVE
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..2b66e3400
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes128-sha256-modp2048s256,aes128-sha1-modp1024s160!
+
+conn rw
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ leftfirewall=yes
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/posttest.dat b/testing/tests/ikev2/alg-modp-subgroup/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/alg-modp-subgroup/pretest.dat b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat
new file mode 100644
index 000000000..42e9d7c24
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev2/alg-modp-subgroup/test.conf b/testing/tests/ikev2/alg-modp-subgroup/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
index 4ae78cec5..06304115b 100644
--- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
index 4ae78cec5..06304115b 100644
--- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
index 86a0257ad..3fbdad4f9 100644
--- a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
index 86a0257ad..3fbdad4f9 100644
--- a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
index 86a0257ad..3fbdad4f9 100644
--- a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
index 86a0257ad..3fbdad4f9 100644
--- a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
index ff38e227b..5af37dc90 100644
--- a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
index ff38e227b..5af37dc90 100644
--- a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
index 51810734d..223ed67a3 100644
--- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown attr
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
}
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
index c9e6722ae..bb4af2c75 100644
--- a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
index c9e6722ae..bb4af2c75 100644
--- a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
index c466dc8cf..4890be7cc 100644
--- a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
scepclient {
diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
index c466dc8cf..4890be7cc 100644
--- a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
scepclient {
diff --git a/testing/tests/ikev2/dhcp-dynamic/description.txt b/testing/tests/ikev2/dhcp-dynamic/description.txt
new file mode 100644
index 000000000..b29a1de78
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/description.txt
@@ -0,0 +1,8 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b>
+parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS server
+information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned dynamically
+by <b>venus</b> from the pool 10.1.0.50..10.1.0.60 so that <b>carol</b> and <b>dave</b> become full members
+of the subnet 10.1.0.0/16 hidden behind gateway <b>moon</b>. And this thanks to the <b>farp</b> plugin
+through which <b>moon</b> acts as a proxy for ARP requests e.g. from <b>alice</b> who wants to ping
+<b>carol</b> and <b>dave</b>.
diff --git a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
new file mode 100644
index 000000000..b3814084f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.50/32::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.51/32::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::arp reply carol3.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::arp reply dave3.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > dave3.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave3.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_DAVE
+ leftsourceip=%config
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf
new file mode 100644
index 000000000..0340d5669
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf
@@ -0,0 +1,9 @@
+subnet 10.1.0.0 netmask 255.255.0.0 {
+ option routers 10.1.0.1;
+ option broadcast-address 10.1.255.255;
+ option domain-name servers PH_IP_WINNETOU PH_IP_VENUS
+ option netbios-name-servers PH_IP_VENUS;
+
+ # dynamic address pool for visitors
+ range 10.1.0.30 10.1.0.50;
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..058bebb2d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow bootpc and bootps
+ iptables -A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+ iptables -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT
+
+ # allow broadcasts from eth1
+ iptables -A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ # log dropped packets
+ iptables -A INPUT -j LOG --log-prefix " IN: "
+ iptables -A OUTPUT -j LOG --log-prefix " OUT: "
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..3868a7a38
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+
+conn rw
+ right=%any
+ rightsourceip=%dhcp
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..146c81f48
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+ plugins {
+ dhcp {
+ server = 10.1.255.255
+ }
+ }
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf
new file mode 100644
index 000000000..2176af702
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf
@@ -0,0 +1,14 @@
+# dhcpd configuration file
+
+ddns-update-style none;
+
+subnet 10.1.0.0 netmask 255.255.0.0 {
+ option domain-name "strongswan.org";
+ option domain-name-servers 10.1.0.20;
+ option netbios-name-servers 10.1.0.10;
+ option routers 10.1.0.1;
+ option broadcast-address 10.1.255.255;
+ next-server 10.1.0.20;
+
+ range 10.1.0.50 10.1.0.60;
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf
new file mode 100644
index 000000000..2d35dfd64
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf
@@ -0,0 +1,7 @@
+interface=eth0
+dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255
+dhcp-option=option:router,10.1.0.1
+dhcp-option=option:dns-server,10.1.0.20
+dhcp-option=option:netbios-ns,10.1.0.10
+dhcp-option=option:domain-name,strongswan.org
+log-dhcp
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd
new file mode 100755
index 000000000..4044dcc35
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop"
+
+depend() {
+ need net
+ need logger
+}
+
+start() {
+ ebegin "Starting DHCP server"
+ start-stop-daemon --start --quiet --exec /usr/sbin/dhcpd
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping DHCP server"
+ start-stop-daemon --stop --quiet --pidfile /var/run/dhcpd.pid
+ rm -f /var/state/dhcp/dhcpd.leases
+ touch /var/state/dhcp/dhcpd.leases
+ eend $?
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/posttest.dat b/testing/tests/ikev2/dhcp-dynamic/posttest.dat
new file mode 100644
index 000000000..1f5487596
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+venus::cat /var/state/dhcp/dhcpd.leases
+venus::/etc/init.d/dhcpd stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+alice::arp -d 10.1.0.50
+alice::arp -d 10.1.0.51
diff --git a/testing/tests/ikev2/dhcp-dynamic/pretest.dat b/testing/tests/ikev2/dhcp-dynamic/pretest.dat
new file mode 100644
index 000000000..bd36b4fe3
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+venus::cat /etc/dhcpd.conf
+venus::/etc/init.d/dhcpd start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/dhcp-dynamic/test.conf b/testing/tests/ikev2/dhcp-dynamic/test.conf
new file mode 100644
index 000000000..a2ad7b25f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/dhcp-static-client-id/description.txt b/testing/tests/ikev2/dhcp-static-client-id/description.txt
new file mode 100644
index 000000000..d253a8865
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b>
+parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS/WINS server
+information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned statically
+by <b>venus</b> based on the IKEv2 peer identities <b>carol@strongswan.org</b> and <b>dave@strongswan.org</b>,
+respectively, included by the dhcp plugin as a <b>dhcp-client-identity</b> option in the DHCP request.
+<p/>
+With the static assignment of 10.1.0.30 and 10.1.0.40, respectively, <b>carol</b> and <b>dave</b>
+become full members of the subnet 10.1.0.0/16 hidden behind gateway <b>moon</b>. And this thanks to
+the <b>farp</b> plugin through which <b>moon</b> acts as a proxy for ARP requests e.g. from <b>alice</b>
+who wants to ping <b>carol</b> and <b>dave</b>.
diff --git a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
new file mode 100644
index 000000000..8abd2416a
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_DAVE
+ leftsourceip=%config
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf
new file mode 100644
index 000000000..0340d5669
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf
@@ -0,0 +1,9 @@
+subnet 10.1.0.0 netmask 255.255.0.0 {
+ option routers 10.1.0.1;
+ option broadcast-address 10.1.255.255;
+ option domain-name servers PH_IP_WINNETOU PH_IP_VENUS
+ option netbios-name-servers PH_IP_VENUS;
+
+ # dynamic address pool for visitors
+ range 10.1.0.30 10.1.0.50;
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..058bebb2d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow bootpc and bootps
+ iptables -A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+ iptables -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT
+
+ # allow broadcasts from eth1
+ iptables -A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ # log dropped packets
+ iptables -A INPUT -j LOG --log-prefix " IN: "
+ iptables -A OUTPUT -j LOG --log-prefix " OUT: "
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..3868a7a38
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+
+conn rw
+ right=%any
+ rightsourceip=%dhcp
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..146c81f48
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+ plugins {
+ dhcp {
+ server = 10.1.255.255
+ }
+ }
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf
new file mode 100644
index 000000000..44ee681b6
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf
@@ -0,0 +1,25 @@
+# dhcpd configuration file
+
+ddns-update-style none;
+
+subnet 10.1.0.0 netmask 255.255.0.0 {
+ option domain-name "strongswan.org";
+ option domain-name-servers 10.1.0.20;
+ option netbios-name-servers 10.1.0.10;
+ option routers 10.1.0.1;
+ option broadcast-address 10.1.255.255;
+ next-server 10.1.0.20;
+
+ range 10.1.0.50 10.1.0.60;
+}
+
+host carol {
+ option dhcp-client-identifier "carol@strongswan.org";
+ fixed-address 10.1.0.30;
+}
+
+host dave {
+ option dhcp-client-identifier "dave@strongswan.org";
+ fixed-address 10.1.0.40;
+}
+
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf
new file mode 100644
index 000000000..5672236a0
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf
@@ -0,0 +1,9 @@
+interface=eth0
+dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255
+dhcp-host=id:carol@strongswan.org,10.1.0.30
+dhcp-host=id:dave@strongswan.org,10.1.0.40
+dhcp-option=option:router,10.1.0.1
+dhcp-option=option:dns-server,10.1.0.20
+dhcp-option=option:netbios-ns,10.1.0.10
+dhcp-option=option:domain-name,strongswan.org
+log-dhcp
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd
new file mode 100755
index 000000000..4044dcc35
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop"
+
+depend() {
+ need net
+ need logger
+}
+
+start() {
+ ebegin "Starting DHCP server"
+ start-stop-daemon --start --quiet --exec /usr/sbin/dhcpd
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping DHCP server"
+ start-stop-daemon --stop --quiet --pidfile /var/run/dhcpd.pid
+ rm -f /var/state/dhcp/dhcpd.leases
+ touch /var/state/dhcp/dhcpd.leases
+ eend $?
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/posttest.dat b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat
new file mode 100644
index 000000000..e1aadc618
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat
@@ -0,0 +1,9 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+venus::/etc/init.d/dhcpd stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+alice::arp -d 10.1.0.30
+alice::arp -d 10.1.0.40
diff --git a/testing/tests/ikev2/dhcp-static-client-id/pretest.dat b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat
new file mode 100644
index 000000000..bd36b4fe3
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+venus::cat /etc/dhcpd.conf
+venus::/etc/init.d/dhcpd start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/dhcp-static-client-id/test.conf b/testing/tests/ikev2/dhcp-static-client-id/test.conf
new file mode 100644
index 000000000..a2ad7b25f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/dhcp-static-mac/description.txt b/testing/tests/ikev2/dhcp-static-mac/description.txt
new file mode 100644
index 000000000..ed7525c87
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/description.txt
@@ -0,0 +1,12 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b>
+parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS/WINS server
+information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned statically
+by <b>venus</b> based on the user-defined MAC address derived by the <b>dhcp</b> plugin from a hash over
+the client identity. This deterministic MAC generation is activated with the strongswan.conf setting
+<b>charon.plugins.dhcp.identity_lease = yes</b>.
+<p/>
+With the static assignment of 10.1.0.30 and 10.1.0.40, respectively, <b>carol</b> and <b>dave</b>
+become full members of the subnet 10.1.0.0/16 hidden behind gateway <b>moon</b>. And this thanks to
+the <b>farp</b> plugin through which <b>moon</b> acts as a proxy for ARP requests e.g. from <b>alice</b>
+who wants to ping <b>carol</b> and <b>dave</b>.
diff --git a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat
new file mode 100644
index 000000000..8abd2416a
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_DAVE
+ leftsourceip=%config
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf
new file mode 100644
index 000000000..0340d5669
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf
@@ -0,0 +1,9 @@
+subnet 10.1.0.0 netmask 255.255.0.0 {
+ option routers 10.1.0.1;
+ option broadcast-address 10.1.255.255;
+ option domain-name servers PH_IP_WINNETOU PH_IP_VENUS
+ option netbios-name-servers PH_IP_VENUS;
+
+ # dynamic address pool for visitors
+ range 10.1.0.30 10.1.0.50;
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..058bebb2d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow bootpc and bootps
+ iptables -A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+ iptables -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT
+
+ # allow broadcasts from eth1
+ iptables -A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ # log dropped packets
+ iptables -A INPUT -j LOG --log-prefix " IN: "
+ iptables -A OUTPUT -j LOG --log-prefix " OUT: "
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..3868a7a38
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+
+conn rw
+ right=%any
+ rightsourceip=%dhcp
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..40c3c2418
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+ plugins {
+ dhcp {
+ server = 10.1.255.255
+ identity_lease = yes
+ }
+ }
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf
new file mode 100644
index 000000000..20666f701
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf
@@ -0,0 +1,25 @@
+# dhcpd configuration file
+
+ddns-update-style none;
+
+subnet 10.1.0.0 netmask 255.255.0.0 {
+ option domain-name "strongswan.org";
+ option domain-name-servers 10.1.0.20;
+ option netbios-name-servers 10.1.0.10;
+ option routers 10.1.0.1;
+ option broadcast-address 10.1.255.255;
+ next-server 10.1.0.20;
+
+ range 10.1.0.50 10.1.0.60;
+}
+
+host carol {
+ hardware ethernet 7a:a7:8f:fc:db:3b;
+ fixed-address 10.1.0.30;
+}
+
+host dave {
+ hardware ethernet 7a:a7:35:78:bc:85;
+ fixed-address 10.1.0.40;
+}
+
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf
new file mode 100644
index 000000000..e3729081f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf
@@ -0,0 +1,9 @@
+interface=eth0
+dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255
+dhcp-host=7a:a7:8f:fc:db:3b,10.1.0.30
+dhcp-host=7a:a7:35:78:bc:85,10.1.0.40
+dhcp-option=option:router,10.1.0.1
+dhcp-option=option:dns-server,10.1.0.20
+dhcp-option=option:netbios-ns,10.1.0.10
+dhcp-option=option:domain-name,strongswan.org
+log-dhcp
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd
new file mode 100755
index 000000000..4044dcc35
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop"
+
+depend() {
+ need net
+ need logger
+}
+
+start() {
+ ebegin "Starting DHCP server"
+ start-stop-daemon --start --quiet --exec /usr/sbin/dhcpd
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping DHCP server"
+ start-stop-daemon --stop --quiet --pidfile /var/run/dhcpd.pid
+ rm -f /var/state/dhcp/dhcpd.leases
+ touch /var/state/dhcp/dhcpd.leases
+ eend $?
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/posttest.dat b/testing/tests/ikev2/dhcp-static-mac/posttest.dat
new file mode 100644
index 000000000..e1aadc618
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/posttest.dat
@@ -0,0 +1,9 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+venus::/etc/init.d/dhcpd stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+alice::arp -d 10.1.0.30
+alice::arp -d 10.1.0.40
diff --git a/testing/tests/ikev2/dhcp-static-mac/pretest.dat b/testing/tests/ikev2/dhcp-static-mac/pretest.dat
new file mode 100644
index 000000000..bd36b4fe3
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+venus::cat /etc/dhcpd.conf
+venus::/etc/init.d/dhcpd start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/dhcp-static-mac/test.conf b/testing/tests/ikev2/dhcp-static-mac/test.conf
new file mode 100644
index 000000000..a2ad7b25f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/description.txt b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt
new file mode 100644
index 000000000..823ec253d
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt
@@ -0,0 +1,4 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only
+ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-modp2048!</b>
+in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
+the established tunnel.
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
new file mode 100644
index 000000000..534f6d452
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec statusall::home.*INSTALLED::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec statusall::NULL_AES_GMAC_256::YES
+carol::ipsec statusall::NULL_AES_GMAC_256::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..f3a266c7d
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=yes
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes256-aesxcbc-modp2048!
+ esp=aes256gmac-modp2048!
+
+conn home
+ left=PH_IP_CAROL
+ leftfirewall=yes
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..bbdb38301
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=yes
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes256-aesxcbc-modp2048!
+ esp=aes256gmac-modp2048!
+
+conn rw
+ left=PH_IP_MOON
+ leftfirewall=yes
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat
new file mode 100644
index 000000000..94a400606
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat
new file mode 100644
index 000000000..f360351e1
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1
+carol::ipsec up home
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/test.conf b/testing/tests/ikev2/esp-alg-aes-gmac/test.conf
new file mode 100644
index 000000000..acb73b06f
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/farp/description.txt b/testing/tests/ikev2/farp/description.txt
new file mode 100644
index 000000000..04e1c10e5
--- /dev/null
+++ b/testing/tests/ikev2/farp/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b>
+parameter. The virtual addresses assigned to the clients by gateway <b>moon</b> belong to the
+subnet 10.1.0.0/16 hidden behind the gateway so that <b>carol</b> and <b>dave</b> become full members of
+this network. And this thanks to the <b>farp</b> plugin through which <b>moon</b> acts as a proxy
+for ARP requests e.g. from <b>alice</b> who wants to ping <b>carol</b> and <b>dave</b>.
diff --git a/testing/tests/ikev2/farp/evaltest.dat b/testing/tests/ikev2/farp/evaltest.dat
new file mode 100644
index 000000000..d48812f47
--- /dev/null
+++ b/testing/tests/ikev2/farp/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec status::rw-carol.*INSTALLED::YES
+moon::ipsec status::rw-dave.*INSTALLED::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_DAVE
+ leftsourceip=%config
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..19dd5d3e6
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,30 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+
+conn rw-carol
+ right=%any
+ rightid=carol@strongswan.org
+ rightsourceip=10.1.0.30
+ auto=add
+
+conn rw-dave
+ right=%any
+ rightid=dave@strongswan.org
+ rightsourceip=10.1.0.40
+ auto=add
diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..4585d928a
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp
+ dns1 = PH_IP_WINNETOU
+ dns2 = PH_IP_VENUS
+}
diff --git a/testing/tests/ikev2/farp/posttest.dat b/testing/tests/ikev2/farp/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev2/farp/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/farp/pretest.dat b/testing/tests/ikev2/farp/pretest.dat
new file mode 100644
index 000000000..709931e1b
--- /dev/null
+++ b/testing/tests/ikev2/farp/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+alice::arp -d 10.1.0.30
+alice::arp -d 10.1.0.40
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/farp/test.conf b/testing/tests/ikev2/farp/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev2/farp/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
index ff38e227b..5af37dc90 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
index ff38e227b..5af37dc90 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
index b7c598fca..626bec3ed 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite attr-sql updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
index b7c598fca..626bec3ed 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite attr-sql updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
index 1ce52a848..70d66b20b 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
index 1ce52a848..70d66b20b 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
index 49f69ff0c..2435403a4 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
index 49f69ff0c..2435403a4 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
index 9f3c6bfa3..f0e7da85e 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
index 3db5e8aef..908f85ac5 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
index 3db5e8aef..908f85ac5 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
index c9e6722ae..bb4af2c75 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
index 77f09f216..79348686d 100644
--- a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
keep_alive = 1d
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
index 39d7154e2..949b9af16 100644
--- a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
index 39d7154e2..949b9af16 100644
--- a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
index 39d7154e2..949b9af16 100644
--- a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
index 39d7154e2..949b9af16 100644
--- a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
index 87fa5b2e9..4e2fcf17b 100644
--- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
index 87fa5b2e9..4e2fcf17b 100644
--- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index 3361ca6a4..ee0e454da 100644
--- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index 3361ca6a4..ee0e454da 100644
--- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index 3361ca6a4..ee0e454da 100644
--- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
index 5e93e0fe7..df11f5ea3 100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
index 5e93e0fe7..df11f5ea3 100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
index cc2bb91d2..eef03e3b4 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
}
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
index cc2bb91d2..eef03e3b4 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
index 6922ecc15..6609a2115 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
index 9f3c6bfa3..f0e7da85e 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
index 6495d6f6a..6fcf5999e 100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
index af2bc1675..a7f7b99ec 100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
index 6495d6f6a..6fcf5999e 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
index 6495d6f6a..6fcf5999e 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
}
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
index 921db4c51..8d2f57828 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-mschapv2 eap-identity updown
+ load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
index 921db4c51..8d2f57828 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-mschapv2 eap-identity updown
+ load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
index 49f69ff0c..2435403a4 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
index 9f3c6bfa3..f0e7da85e 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
index fa662875d..e4ef757fb 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
send_vendor_id = yes
}
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
index fa662875d..e4ef757fb 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
send_vendor_id = yes
}
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
index ac8f98b70..d77218b77 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
send_vendor_id = yes
plugins {
eap-radius {
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
index fcb1cf201..6e1818c9e 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
index fcb1cf201..6e1818c9e 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
index af2bc1675..a7f7b99ec 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
index fcb1cf201..6e1818c9e 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
index fcb1cf201..6e1818c9e 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
index c77902caa..29132e757 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
install_routes = no
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
index 6e9280e41..73d687a0c 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
install_routes=no
}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
index dd817a963..6420b3414 100644
--- a/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
index dd817a963..6420b3414 100644
--- a/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf
index 52a4e0d52..b8038df01 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
index 20d891cdc..f988d90b4 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf
index 52a4e0d52..b8038df01 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf
index 52a4e0d52..b8038df01 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
index 20d891cdc..f988d90b4 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf
index 52a4e0d52..b8038df01 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index 06480bae6..a442b244d 100644
--- a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index ab6f08e2d..6fcefc56a 100644
--- a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index dbb64dbb4..aa50403d8 100644
--- a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
index 867d256bb..7d8cda47e 100644
--- a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
index 867d256bb..7d8cda47e 100644
--- a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
index 867d256bb..7d8cda47e 100644
--- a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-pool-db-restart/pretest.dat b/testing/tests/sql/ip-pool-db-restart/pretest.dat
index 1d64321b5..b5108051c 100644
--- a/testing/tests/sql/ip-pool-db-restart/pretest.dat
+++ b/testing/tests/sql/ip-pool-db-restart/pretest.dat
@@ -17,3 +17,4 @@ dave::ipsec start
carol::sleep 1
dave::ipsec up home
carol::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
index 9df154ee2..aed370ffa 100644
--- a/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql resolve
}
diff --git a/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
index 9df154ee2..aed370ffa 100644
--- a/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql resolve
}
diff --git a/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
index 66be5fab4..49de2788e 100644
--- a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
libstrongswan {
diff --git a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
index 66be5fab4..49de2788e 100644
--- a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
libstrongswan {
diff --git a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
index 66be5fab4..49de2788e 100644
--- a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
libstrongswan {
diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
index c45b3ebd8..a5a7d2017 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql eap-aka eap-aka-3gpp2
+ load = curl aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2
}
diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
index d892e54ad..52de80b19 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql eap-aka eap-aka-3gpp2
+ load = aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2
}
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}