diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2006-11-06 19:00:10 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2006-11-06 19:00:10 +0000 |
| commit | 58d26e02cd8686e177eebb9fb81e6b17798bbb30 (patch) | |
| tree | e7329ae5a85bb2d6b8bba0ebcd65c6c41999f96f /programs/starter | |
| parent | 0b5d496ea2fd532dcf5e5b6b804a7db32f488364 (diff) | |
| download | vyos-strongswan-58d26e02cd8686e177eebb9fb81e6b17798bbb30.tar.gz vyos-strongswan-58d26e02cd8686e177eebb9fb81e6b17798bbb30.zip | |
Load /tmp/tmp.IBEBMao893/strongswan-2.8.0+dfsg into
branches/source-dist/debian/strongswan.
Diffstat (limited to 'programs/starter')
| -rw-r--r-- | programs/starter/args.c | 4 | ||||
| -rw-r--r-- | programs/starter/confread.c | 26 | ||||
| -rw-r--r-- | programs/starter/confread.h | 9 | ||||
| -rw-r--r-- | programs/starter/keywords.c | 179 | ||||
| -rw-r--r-- | programs/starter/keywords.h | 8 | ||||
| -rw-r--r-- | programs/starter/keywords.txt | 5 | ||||
| -rw-r--r-- | programs/starter/starterwhack.c | 3 |
7 files changed, 139 insertions, 95 deletions
diff --git a/programs/starter/args.c b/programs/starter/args.c index 6f3da63eb..2b2853a20 100644 --- a/programs/starter/args.c +++ b/programs/starter/args.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: args.c,v 1.9 2006/04/17 10:32:36 as Exp $ + * RCSID $Id: args.c,v 1.10 2006/10/19 14:58:30 as Exp $ */ #include <stddef.h> @@ -191,6 +191,7 @@ static const token_info_t token_info[] = { ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL }, { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL }, { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action }, + { ARG_MISC, 0, NULL /* KW_MODECONFIG */ }, /* ca section keywords */ { ARG_STR, offsetof(starter_ca_t, name), NULL }, @@ -209,6 +210,7 @@ static const token_info_t token_info[] = { ARG_MISC, 0, NULL /* KW_SUBNETWITHIN */ }, { ARG_MISC, 0, NULL /* KW_PROTOPORT */ }, { ARG_MISC, 0, NULL /* KW_SOURCEIP */ }, + { ARG_MISC, 0, NULL /* KW_NATIP */ }, { ARG_ENUM, offsetof(starter_end_t, firewall), LST_bool }, { ARG_ENUM, offsetof(starter_end_t, hostaccess), LST_bool }, { ARG_STR, offsetof(starter_end_t, updown), NULL }, diff --git a/programs/starter/confread.c b/programs/starter/confread.c index af0f00877..edd041ab4 100644 --- a/programs/starter/confread.c +++ b/programs/starter/confread.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: confread.c,v 1.38 2006/06/20 21:52:53 as Exp $ + * RCSID $Id: confread.c,v 1.39 2006/10/19 14:58:30 as Exp $ */ #include <stddef.h> @@ -255,6 +255,11 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token end->has_port_wildcard = has_port_wildcard; break; case KW_SOURCEIP: + if (end->has_natip) + { + plog("# natip and sourceip cannot be defined at the same time"); + goto err; + } if (streq(value, "%modeconfig") || streq(value, "%modecfg")) { end->modecfg = TRUE; @@ -272,6 +277,22 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token } conn->policy |= POLICY_TUNNEL; break; + case KW_NATIP: + if (end->has_srcip) + { + plog("# natip and sourceip cannot be defined at the same time"); + goto err; + } + conn->tunnel_addr_family = ip_version(value); + ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &end->srcip); + if (ugh != NULL) + { + plog("# bad addr: %s=%s [%s]", name, value, ugh); + goto err; + } + end->has_natip = TRUE; + conn->policy |= POLICY_TUNNEL; + break; default: break; } @@ -430,6 +451,9 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) case KW_REKEY: KW_POLICY_FLAG("no", "yes", POLICY_DONT_REKEY) break; + case KW_MODECONFIG: + KW_POLICY_FLAG("push", "pull", POLICY_MODECFG_PUSH) + break; default: break; } diff --git a/programs/starter/confread.h b/programs/starter/confread.h index a3b1b7379..052f5d527 100644 --- a/programs/starter/confread.h +++ b/programs/starter/confread.h @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: confread.h,v 1.23 2006/04/17 10:32:36 as Exp $ + * RCSID $Id: confread.h,v 1.24 2006/10/19 15:01:05 as Exp $ */ #ifndef _IPSEC_CONFREAD_H_ @@ -49,15 +49,16 @@ struct starter_end { char *cert; char *ca; char *groups; - char *iface; + char *iface; ip_address addr; ip_address nexthop; ip_address srcip; - ip_subnet subnet; + ip_subnet subnet; bool has_client; bool has_client_wildcard; - bool has_port_wildcard; + bool has_port_wildcard; bool has_srcip; + bool has_natip; bool modecfg; certpolicy_t sendcert; bool firewall; diff --git a/programs/starter/keywords.c b/programs/starter/keywords.c index 4cc5c03e8..75be0a542 100644 --- a/programs/starter/keywords.c +++ b/programs/starter/keywords.c @@ -44,7 +44,7 @@ error "gperf generated tables don't work with this execution character set. Plea * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: keywords.c,v 1.7 2006/04/17 10:32:48 as Exp $ + * RCSID $Id: keywords.c,v 1.8 2006/10/19 14:58:30 as Exp $ */ #include <string.h> @@ -56,12 +56,12 @@ struct kw_entry { kw_token_t token; }; -#define TOTAL_KEYWORDS 77 +#define TOTAL_KEYWORDS 80 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 #define MIN_HASH_VALUE 9 -#define MAX_HASH_VALUE 146 -/* maximum key range = 138, duplicates = 0 */ +#define MAX_HASH_VALUE 156 +/* maximum key range = 148, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -77,32 +77,32 @@ hash (str, len) { static const unsigned char asso_values[] = { - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 15, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 85, 147, 40, - 25, 25, 0, 10, 5, 80, 147, 35, 60, 35, - 60, 55, 10, 147, 15, 20, 5, 65, 147, 147, - 147, 35, 0, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147, 147, 147, 147, 147, - 147, 147, 147, 147, 147, 147 + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 25, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 90, 157, 60, + 50, 25, 0, 10, 5, 65, 157, 65, 70, 5, + 0, 75, 35, 157, 10, 20, 5, 70, 157, 157, + 157, 55, 0, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, + 157, 157, 157, 157, 157, 157 }; return len + asso_values[(unsigned char)str[2]] + asso_values[(unsigned char)str[len - 1]]; } @@ -111,104 +111,113 @@ static const struct kw_entry wordlist[] = { {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {"left", KW_LEFT}, - {""}, {""}, {""}, + {"leftupdown", KW_LEFTUPDOWN}, + {""}, {""}, {"leftcert", KW_LEFTCERT,}, {"auth", KW_AUTH}, {"leftsubnet", KW_LEFTSUBNET}, - {""}, + {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, {"leftsendcert", KW_LEFTSENDCERT}, {"leftprotoport", KW_LEFTPROTOPORT}, {""}, {"right", KW_RIGHT}, - {"leftnexthop", KW_LEFTNEXTHOP}, - {"leftsourceip", KW_LEFTSOURCEIP}, - {"esp", KW_ESP}, + {"rightupdown", KW_RIGHTUPDOWN}, + {"dumpdir", KW_DUMPDIR}, + {""}, {"rightcert", KW_RIGHTCERT}, {""}, {"rightsubnet", KW_RIGHTSUBNET}, - {""}, + {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN}, {"rightsendcert", KW_RIGHTSENDCERT}, {"rightprotoport", KW_RIGHTPROTOPORT}, {"leftgroups", KW_LEFTGROUPS}, - {"leftid", KW_LEFTID}, - {"rightnexthop", KW_RIGHTNEXTHOP}, - {"rightsourceip", KW_RIGHTSOURCEIP}, + {""}, {""}, + {"compress", KW_COMPRESS}, {"lefthostaccess", KW_LEFTHOSTACCESS}, {"interfaces", KW_INTERFACES}, + {""}, {""}, {""}, {""}, {""}, + {"rightgroups", KW_RIGHTGROUPS}, + {""}, + {"pfs", KW_PFS}, + {"leftnatip", KW_LEFTNATIP}, + {"righthostaccess", KW_RIGHTHOSTACCESS}, + {"leftnexthop", KW_LEFTNEXTHOP}, + {"leftsourceip", KW_LEFTSOURCEIP}, {""}, {""}, + {"virtual_private", KW_VIRTUAL_PRIVATE}, + {""}, {""}, + {"ike", KW_IKE}, + {""}, + {"rightnatip", KW_RIGHTNATIP}, + {"leftid", KW_LEFTID}, + {"rightnexthop", KW_RIGHTNEXTHOP}, + {"rightsourceip", KW_RIGHTSOURCEIP}, + {"dpdaction", KW_DPDACTION}, + {"keep_alive", KW_KEEP_ALIVE}, + {"ikelifetime", KW_IKELIFETIME}, + {""}, {"pfsgroup", KW_PFSGROUP}, {"type", KW_TYPE}, {"dpdtimeout", KW_DPDTIMEOUT}, - {"rightgroups", KW_RIGHTGROUPS}, - {"rightid", KW_RIGHTID}, - {"pfs", KW_PFS}, - {"rekeyfuzz", KW_REKEYFUZZ}, - {"righthostaccess", KW_RIGHTHOSTACCESS}, {"authby", KW_AUTHBY}, - {""}, + {"rightid", KW_RIGHTID}, {"leftrsasigkey", KW_LEFTRSASIGKEY}, - {""}, {""}, + {""}, + {"modeconfig", KW_MODECONFIG}, {"cacert", KW_CACERT}, - {"hidetos", KW_HIDETOS}, - {"ike", KW_IKE}, {""}, - {"virtual_private", KW_VIRTUAL_PRIVATE}, + {"esp", KW_ESP}, + {"rekeyfuzz", KW_REKEYFUZZ}, {""}, - {"dumpdir", KW_DUMPDIR}, + {"rekeymargin", KW_REKEYMARGIN}, + {"hidetos", KW_HIDETOS}, {"packetdefault", KW_PACKETDEFAULT}, {"rightrsasigkey", KW_RIGHTRSASIGKEY}, - {"keep_alive", KW_KEEP_ALIVE}, - {"ikelifetime", KW_IKELIFETIME}, + {"strictcrlpolicy", KW_STRICTCRLPOLICY}, + {""}, + {"leftfirewall", KW_LEFTFIREWALL}, {""}, - {"compress", KW_COMPRESS}, {"auto", KW_AUTO}, - {"strictcrlpolicy", KW_STRICTCRLPOLICY}, + {"klipsdebug", KW_KLIPSDEBUG}, {"keyingtries", KW_KEYINGTRIES}, {"keylife", KW_KEYLIFE}, - {"dpddelay", KW_DPDDELAY}, + {"nat_traversal", KW_NAT_TRAVERSAL}, {"cachecrls", KW_CACHECRLS}, - {"leftupdown", KW_LEFTUPDOWN}, + {"plutodebug", KW_PLUTODEBUG}, {"keyexchange", KW_KEYEXCHANGE}, - {"leftfirewall", KW_LEFTFIREWALL}, - {"nocrsend", KW_NOCRSEND}, + {"ocspuri", KW_OCSPURI}, + {"rightfirewall", KW_RIGHTFIREWALL}, + {"uniqueids", KW_UNIQUEIDS}, {""}, - {"rekey", KW_REKEY}, - {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, + {"leftca", KW_LEFTCA}, {"pkcs11module", KW_PKCS11MODULE}, - {"nat_traversal", KW_NAT_TRAVERSAL}, + {""}, {"also", KW_ALSO}, {"pkcs11keepstate", KW_PKCS11KEEPSTATE}, - {"rightupdown", KW_RIGHTUPDOWN}, + {""}, {"crluri2", KW_CRLURI2}, - {"rightfirewall", KW_RIGHTFIREWALL}, - {"postpluto", KW_POSTPLUTO}, - {"plutodebug", KW_PLUTODEBUG}, - {"pkcs11proxy", KW_PKCS11PROXY}, - {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN}, - {"prepluto", KW_PREPLUTO}, - {""}, {""}, - {"leftca", KW_LEFTCA}, - {""}, {""}, - {"dpdaction", KW_DPDACTION}, - {""}, {""}, {""}, {"ldaphost", KW_LDAPHOST}, + {"postpluto", KW_POSTPLUTO}, {""}, - {"klipsdebug", KW_KLIPSDEBUG}, {"overridemtu", KW_OVERRIDEMTU}, {"rightca", KW_RIGHTCA}, - {"fragicmp", KW_FRAGICMP}, - {""}, {""}, - {"rekeymargin", KW_REKEYMARGIN}, - {"ocspuri", KW_OCSPURI}, - {""}, - {"uniqueids", KW_UNIQUEIDS}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {"prepluto", KW_PREPLUTO}, + {""}, {""}, {""}, {""}, + {"dpddelay", KW_DPDDELAY}, + {""}, {""}, {""}, {""}, + {"nocrsend", KW_NOCRSEND}, + {""}, {""}, {""}, {""}, {"ldapbase", KW_LDAPBASE}, + {""}, + {"rekey", KW_REKEY}, + {"pkcs11proxy", KW_PKCS11PROXY}, + {""}, {""}, {""}, {""}, {""}, {""}, + {"fragicmp", KW_FRAGICMP}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {"crluri", KW_CRLURI}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {"crlcheckinterval", KW_CRLCHECKINTERVAL}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {"crluri", KW_CRLURI} + {""}, {""}, {""}, {""}, {""}, + {"crlcheckinterval", KW_CRLCHECKINTERVAL} }; #ifdef __GNUC__ diff --git a/programs/starter/keywords.h b/programs/starter/keywords.h index 6542ae1be..be3aabf3b 100644 --- a/programs/starter/keywords.h +++ b/programs/starter/keywords.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: keywords.h,v 1.8 2006/04/17 10:30:27 as Exp $ + * RCSID $Id: keywords.h,v 1.9 2006/10/19 14:57:56 as Exp $ */ #ifndef _KEYWORDS_H_ @@ -76,9 +76,10 @@ typedef enum { KW_DPDDELAY, KW_DPDTIMEOUT, KW_DPDACTION, + KW_MODECONFIG, #define KW_CONN_FIRST KW_CONN_SETUP -#define KW_CONN_LAST KW_DPDACTION +#define KW_CONN_LAST KW_MODECONFIG /* ca section keywords */ KW_CA_NAME, @@ -100,6 +101,7 @@ typedef enum { KW_SUBNETWITHIN, KW_PROTOPORT, KW_SOURCEIP, + KW_NATIP, KW_FIREWALL, KW_HOSTACCESS, KW_UPDOWN, @@ -121,6 +123,7 @@ typedef enum { KW_LEFTSUBNETWITHIN, KW_LEFTPROTOPORT, KW_LEFTSOURCEIP, + KW_LEFTNATIP, KW_LEFTFIREWALL, KW_LEFTHOSTACCESS, KW_LEFTUPDOWN, @@ -141,6 +144,7 @@ typedef enum { KW_RIGHTSUBNETWITHIN, KW_RIGHTPROTOPORT, KW_RIGHTSOURCEIP, + KW_RIGHTNATIP, KW_RIGHTFIREWALL, KW_RIGHTHOSTACCESS, KW_RIGHTUPDOWN, diff --git a/programs/starter/keywords.txt b/programs/starter/keywords.txt index dcfdafc98..fc9e49e47 100644 --- a/programs/starter/keywords.txt +++ b/programs/starter/keywords.txt @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: keywords.txt,v 1.6 2006/04/17 10:30:27 as Exp $ + * RCSID $Id: keywords.txt,v 1.7 2006/10/19 14:57:56 as Exp $ */ #include <string.h> @@ -65,6 +65,7 @@ pfsgroup, KW_PFSGROUP dpddelay, KW_DPDDELAY dpdtimeout, KW_DPDTIMEOUT dpdaction, KW_DPDACTION +modeconfig, KW_MODECONFIG cacert, KW_CACERT ldaphost, KW_LDAPHOST ldapbase, KW_LDAPBASE @@ -77,6 +78,7 @@ leftsubnet, KW_LEFTSUBNET leftsubnetwithin, KW_LEFTSUBNETWITHIN leftprotoport, KW_LEFTPROTOPORT leftsourceip, KW_LEFTSOURCEIP +leftnatip, KW_LEFTNATIP leftfirewall, KW_LEFTFIREWALL lefthostaccess, KW_LEFTHOSTACCESS leftupdown, KW_LEFTUPDOWN @@ -92,6 +94,7 @@ rightsubnet, KW_RIGHTSUBNET rightsubnetwithin, KW_RIGHTSUBNETWITHIN rightprotoport, KW_RIGHTPROTOPORT rightsourceip, KW_RIGHTSOURCEIP +rightnatip, KW_RIGHTNATIP rightfirewall, KW_RIGHTFIREWALL righthostaccess, KW_RIGHTHOSTACCESS rightupdown, KW_RIGHTUPDOWN diff --git a/programs/starter/starterwhack.c b/programs/starter/starterwhack.c index 0d7a3715e..b4bf2fb9d 100644 --- a/programs/starter/starterwhack.c +++ b/programs/starter/starterwhack.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: starterwhack.c,v 1.18 2006/06/20 21:52:53 as Exp $ + * RCSID $Id: starterwhack.c,v 1.19 2006/10/19 15:02:46 as Exp $ */ #include <sys/types.h> @@ -171,6 +171,7 @@ set_whack_end(whack_end_t *w, starter_end_t *end) w->has_client_wildcard = end->has_client_wildcard; w->has_port_wildcard = end->has_port_wildcard; w->has_srcip = end->has_srcip; + w->has_natip = end->has_natip; w->modecfg = end->modecfg; w->hostaccess = end->hostaccess; w->sendcert = end->sendcert; |