diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2006-06-26 11:32:54 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2006-06-26 11:32:54 +0000 |
commit | 6782d06a206e8aa8304d4ec9518361aecd1b9472 (patch) | |
tree | 8ea2727105be2e0191d89f7a101f43ba8b59c810 /programs | |
parent | aa0f5b38aec14428b4b80e06f90ff781f8bca5f1 (diff) | |
download | vyos-strongswan-6782d06a206e8aa8304d4ec9518361aecd1b9472.tar.gz vyos-strongswan-6782d06a206e8aa8304d4ec9518361aecd1b9472.zip |
Load /tmp/tmp.dFxzTv5957/strongswan-2.7.2 into
branches/source-dist/debian/strongswan.
Diffstat (limited to 'programs')
-rwxr-xr-x | programs/ipsec/ipsec.in | 17 | ||||
-rw-r--r-- | programs/pluto/connections.c | 11 | ||||
-rw-r--r-- | programs/pluto/demux.c | 5 | ||||
-rw-r--r-- | programs/pluto/fetch.c | 6 | ||||
-rw-r--r-- | programs/pluto/kernel.c | 4 | ||||
-rw-r--r-- | programs/pluto/log.c | 6 | ||||
-rw-r--r-- | programs/pluto/rcv_whack.c | 72 | ||||
-rw-r--r-- | programs/pluto/state.c | 4 | ||||
-rw-r--r-- | programs/pluto/vendor.c | 9 | ||||
-rw-r--r-- | programs/pluto/vendor.h | 7 | ||||
-rw-r--r-- | programs/starter/confread.c | 26 | ||||
-rw-r--r-- | programs/starter/interfaces.c | 19 | ||||
-rw-r--r-- | programs/starter/starterwhack.c | 10 |
13 files changed, 132 insertions, 64 deletions
diff --git a/programs/ipsec/ipsec.in b/programs/ipsec/ipsec.in index 0616561d8..1c657b9e7 100755 --- a/programs/ipsec/ipsec.in +++ b/programs/ipsec/ipsec.in @@ -12,7 +12,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $ +# RCSID $Id: ipsec.in,v 1.14 2006/05/25 11:52:03 as Exp $ IPSEC_NAME=strongSwan @@ -122,6 +122,11 @@ case "$1" in ;; down) shift + if [ "$#" -ne 1 ] + then + echo "Usage: ipsec down <connection name>" + exit 1 + fi $IPSEC_EXECDIR/whack --name "$1" --terminate exit 0 ;; @@ -161,6 +166,11 @@ restart) route|unroute) op="$1" shift + if [ "$#" -ne 1 ] + then + echo "Usage: ipsec $op <connection name>" + exit 1 + fi $IPSEC_EXECDIR/whack --name "$1" "--$op" exit 0 ;; @@ -197,6 +207,11 @@ stop) ;; up) shift + if [ "$#" -ne 1 ] + then + echo "Usage: ipsec up <connection name>" + exit 1 + fi $IPSEC_EXECDIR/whack --name "$1" --initiate exit 0 ;; diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c index 263bdbd1e..6cf6a6a8b 100644 --- a/programs/pluto/connections.c +++ b/programs/pluto/connections.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: connections.c,v 1.42 2006/04/22 21:59:20 as Exp $ + * RCSID $Id: connections.c,v 1.43 2006/04/29 18:16:02 as Exp $ */ #include <string.h> @@ -4022,7 +4022,7 @@ show_connections_status(bool all, const char *name) /* sort it! */ qsort(array, count, sizeof(struct connection *), connection_compare_qsort); - for (i=0; i<count; i++) + for (i = 0; i < count; i++) { const char *ifn; char instance[1 + 10 + 1]; @@ -4076,7 +4076,7 @@ show_connections_status(bool all, const char *name) if (c->spd.that.groups != NULL) { char buf[BUF_LEN]; - + format_groups(c->spd.that.groups, buf, BUF_LEN); whack_log(RC_COMMENT , "\"%s\"%s: groups: %s" @@ -4097,7 +4097,7 @@ show_connections_status(bool all, const char *name) , (unsigned long) c->sa_keying_tries); /* show DPD parameters if defined */ - + if (c->dpd_action != DPD_ACTION_NONE) whack_log(RC_COMMENT , "\"%s\"%s: dpd_action: %s;" @@ -4141,6 +4141,9 @@ show_connections_status(bool all, const char *name) kernel_alg_show_connection(c, instance); } } + if (count > 0) + whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ + pfree(array); } diff --git a/programs/pluto/demux.c b/programs/pluto/demux.c index 2f8fb9a8f..db7f1c4a6 100644 --- a/programs/pluto/demux.c +++ b/programs/pluto/demux.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: demux.c,v 1.13 2005/02/18 21:08:59 as Exp $ + * RCSID $Id: demux.c,v 1.14 2006/06/22 11:58:25 as Exp $ */ /* Ordering Constraints on Payloads @@ -2397,7 +2397,8 @@ complete_state_transition(struct msg_digest **mdp, stf_status result) * whatever retrying was in place, remains in place. */ whack_log(RC_NOTIFICATION + md->note - , "%s: %s", enum_name(&state_names, st->st_state) + , "%s: %s" + , enum_name(&state_names, (st == NULL)? STATE_MAIN_R0:st->st_state) , enum_name(¬ification_names, md->note)); SEND_NOTIFICATION(md->note); diff --git a/programs/pluto/fetch.c b/programs/pluto/fetch.c index 075b88fd2..4bfb6031b 100644 --- a/programs/pluto/fetch.c +++ b/programs/pluto/fetch.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: fetch.c,v 1.11 2005/11/25 10:08:00 as Exp $ + * RCSID $Id: fetch.c,v 1.12 2006/05/16 14:19:27 as Exp $ */ #include <stdlib.h> @@ -339,7 +339,7 @@ fetch_curl(char *url, chunk_t *blob) } curl_easy_cleanup(curl); /* not using freeanychunk because of realloc (no leak detective) */ - free(response.ptr); + curl_free(response.ptr); } return strlen(errorbuffer) > 0 ? "libcurl error" : NULL; #else /* !LIBCURL */ @@ -728,7 +728,7 @@ fetch_ocsp_status(ocsp_location_t* location) curl_easy_cleanup(curl); pfree(uri); /* not using freeanychunk because of realloc (no leak detective) */ - free(response.ptr); + curl_free(response.ptr); } freeanychunk(location->nonce); freeanychunk(request); diff --git a/programs/pluto/kernel.c b/programs/pluto/kernel.c index 5d7c5f78a..d2070c0d4 100644 --- a/programs/pluto/kernel.c +++ b/programs/pluto/kernel.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: kernel.c,v 1.25 2006/04/17 14:58:09 as Exp $ + * RCSID $Id: kernel.c,v 1.26 2006/04/29 18:16:02 as Exp $ */ #include <stddef.h> @@ -934,6 +934,8 @@ show_shunt_status(void) , ourst, ourport, hist, hisport, sat, bs->transport_proto , prio, bs->why); } + if (bare_shunts != NULL) + whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ } /* Setup an IPsec route entry. diff --git a/programs/pluto/log.c b/programs/pluto/log.c index 137e92980..73ffceccd 100644 --- a/programs/pluto/log.c +++ b/programs/pluto/log.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: log.c,v 1.7 2005/07/11 18:33:45 as Exp $ + * RCSID $Id: log.c,v 1.8 2006/04/29 18:16:02 as Exp $ */ #include <stdio.h> @@ -770,13 +770,11 @@ show_status(bool all, const char *name) show_ifaces_status(); show_myid_status(); show_debug_status(); + whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ } - whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ show_connections_status(all, name); - whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ show_states_status(name); #ifdef KLIPS - whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ show_shunt_status(); #endif } diff --git a/programs/pluto/rcv_whack.c b/programs/pluto/rcv_whack.c index 164a4f249..99c377765 100644 --- a/programs/pluto/rcv_whack.c +++ b/programs/pluto/rcv_whack.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: rcv_whack.c,v 1.17 2005/12/25 12:41:23 as Exp $ + * RCSID $Id: rcv_whack.c,v 1.18 2006/05/25 11:33:57 as Exp $ */ #include <stdio.h> @@ -557,7 +557,14 @@ whack_handle(int whackctlfd) if (msg.whack_route) { if (!listening) + { whack_log(RC_DEAF, "need --listen before --route"); + } + if (msg.name == NULL) + { + whack_log(RC_UNKNOWN_NAME + , "whack --route requires a connection name"); + } else { struct connection *c = con_by_name(msg.name, TRUE); @@ -579,37 +586,54 @@ whack_handle(int whackctlfd) if (msg.whack_unroute) { - struct connection *c = con_by_name(msg.name, TRUE); - - if (c != NULL) + if (msg.name == NULL) { - struct spd_route *sr; - int fail = 0; - - set_cur_connection(c); + whack_log(RC_UNKNOWN_NAME + , "whack --unroute requires a connection name"); + } + else + { + struct connection *c = con_by_name(msg.name, TRUE); - for (sr = &c->spd; sr != NULL; sr = sr->next) + if (c != NULL) { - if (sr->routing >= RT_ROUTED_TUNNEL) - fail++; + struct spd_route *sr; + int fail = 0; + + set_cur_connection(c); + + for (sr = &c->spd; sr != NULL; sr = sr->next) + { + if (sr->routing >= RT_ROUTED_TUNNEL) + fail++; + } + if (fail > 0) + whack_log(RC_RTBUSY, "cannot unroute: route busy"); + else if (c->policy & POLICY_GROUP) + unroute_group(c); + else + unroute_connection(c); + reset_cur_connection(); } - if (fail > 0) - whack_log(RC_RTBUSY, "cannot unroute: route busy"); - else if (c->policy & POLICY_GROUP) - unroute_group(c); - else - unroute_connection(c); - reset_cur_connection(); } } if (msg.whack_initiate) { if (!listening) + { whack_log(RC_DEAF, "need --listen before --initiate"); + } + else if (msg.name == NULL) + { + whack_log(RC_UNKNOWN_NAME + , "whack --initiate requires a connection name"); + } else + { initiate_connection(msg.name , msg.whack_async? NULL_FD : dup_any(whackfd)); + } } if (msg.whack_oppo_initiate) @@ -623,7 +647,17 @@ whack_handle(int whackctlfd) } if (msg.whack_terminate) - terminate_connection(msg.name); + { + if (msg.name == NULL) + { + whack_log(RC_UNKNOWN_NAME + , "whack --terminate requires a connection name"); + } + else + { + terminate_connection(msg.name); + } + } if (msg.whack_status) show_status(msg.whack_statusall, msg.name); diff --git a/programs/pluto/state.c b/programs/pluto/state.c index 5957654e3..0781d2eb3 100644 --- a/programs/pluto/state.c +++ b/programs/pluto/state.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: state.c,v 1.12 2006/04/03 15:49:36 as Exp $ + * RCSID $Id: state.c,v 1.13 2006/04/29 18:16:02 as Exp $ */ #include <stdio.h> @@ -902,6 +902,8 @@ show_states_status(const char *name) if (IS_PHASE1(st->st_state)) show_pending_phase2(st->st_connection->host_pair, st); } + if (count > 0) + whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ /* free the array */ pfree(array); diff --git a/programs/pluto/vendor.c b/programs/pluto/vendor.c index 51931c239..3a8ac15a9 100644 --- a/programs/pluto/vendor.c +++ b/programs/pluto/vendor.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: vendor.c,v 1.35 2006/04/12 16:44:28 as Exp $ + * RCSID $Id: vendor.c,v 1.38 2006/06/04 09:42:35 as Exp $ */ #include <stdlib.h> @@ -198,7 +198,12 @@ static struct vid_struct _vid_tab[] = { /* * strongSwan */ - DEC_MD5_VID(STRONGSWAN, "strongSwan 2.7.0") + DEC_MD5_VID(STRONGSWAN_4_0_0, "strongSwan 4.0.0") + DEC_MD5_VID(STRONGSWAN_4_0_1, "strongSwan 4.0.1") + + DEC_MD5_VID(STRONGSWAN, "strongSwan 2.7.2") + DEC_MD5_VID(STRONGSWAN_2_7_1, "strongSwan 2.7.1") + DEC_MD5_VID(STRONGSWAN_2_7_0, "strongSwan 2.7.0") DEC_MD5_VID(STRONGSWAN_2_6_4, "strongSwan 2.6.4") DEC_MD5_VID(STRONGSWAN_2_6_3, "strongSwan 2.6.3") DEC_MD5_VID(STRONGSWAN_2_6_2, "strongSwan 2.6.2") diff --git a/programs/pluto/vendor.h b/programs/pluto/vendor.h index d6b414be2..e0c3a5f30 100644 --- a/programs/pluto/vendor.h +++ b/programs/pluto/vendor.h @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: vendor.h,v 1.30 2006/04/12 16:44:28 as Exp $ + * RCSID $Id: vendor.h,v 1.33 2006/06/04 09:42:35 as Exp $ */ #ifndef _VENDOR_H_ @@ -76,6 +76,11 @@ enum known_vendorid { VID_STRONGSWAN_2_6_2 = 55, VID_STRONGSWAN_2_6_3 = 56, VID_STRONGSWAN_2_6_4 = 57, + VID_STRONGSWAN_2_7_0 = 58, + VID_STRONGSWAN_2_7_1 = 59, + + VID_STRONGSWAN_4_0_0 = 70, + VID_STRONGSWAN_4_0_1 = 71, /* 101 - 200 : NAT-Traversal */ VID_NATT_STENBERG_01 =101, diff --git a/programs/starter/confread.c b/programs/starter/confread.c index cf12d05ca..af0f00877 100644 --- a/programs/starter/confread.c +++ b/programs/starter/confread.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: confread.c,v 1.37 2006/04/17 19:35:07 as Exp $ + * RCSID $Id: confread.c,v 1.38 2006/06/20 21:52:53 as Exp $ */ #include <stddef.h> @@ -31,6 +31,9 @@ #include "args.h" #include "interfaces.h" +/* strings containing a colon are interpreted as an IPv6 address */ +#define ip_version(string) (strchr(string, ':') != NULL)? AF_INET6 : AF_INET; + static const char ike_defaults[] = "3des-sha, 3des-md5"; static const char esp_defaults[] = "3des-sha1, 3des-md5"; @@ -166,8 +169,13 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token goto err; } } - else if (streq(value,"%any")) - { + else if (streq(value, "%any")) + { + anyaddr(conn->addr_family, &end->addr); + } + else if (streq(value, "%any6")) + { + conn->addr_family = AF_INET6; anyaddr(conn->addr_family, &end->addr); } else if (value[0] == '%') @@ -183,6 +191,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token } else { + conn->addr_family = ip_version(value); ugh = ttoaddr(value, 0, conn->addr_family, &end->addr); if (ugh != NULL) { @@ -203,10 +212,14 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token } } else if (streq(value, "%direct")) + { ugh = anyaddr(conn->addr_family, &end->nexthop); + } else + { + conn->addr_family = ip_version(value); ugh = ttoaddr(value, 0, conn->addr_family, &end->nexthop); - + } if (ugh != NULL) { plog("# bad addr: %s=%s [%s]", name, value, ugh); @@ -222,6 +235,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token else { end->has_client = TRUE; + conn->tunnel_addr_family = ip_version(value); ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &end->subnet); if (ugh != NULL) { @@ -233,6 +247,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token case KW_SUBNETWITHIN: end->has_client = TRUE; end->has_client_wildcard = TRUE; + conn->tunnel_addr_family = ip_version(value); ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &end->subnet); break; case KW_PROTOPORT: @@ -246,7 +261,8 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token } else { - ugh = ttoaddr(value, 0, conn->addr_family, &end->srcip); + conn->tunnel_addr_family = ip_version(value); + ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &end->srcip); if (ugh != NULL) { plog("# bad addr: %s=%s [%s]", name, value, ugh); diff --git a/programs/starter/interfaces.c b/programs/starter/interfaces.c index 9926ea059..3b24e2faf 100644 --- a/programs/starter/interfaces.c +++ b/programs/starter/interfaces.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: interfaces.c,v 1.15 2006/02/05 10:51:55 as Exp $ + * RCSID $Id: interfaces.c,v 1.16 2006/05/25 12:10:15 as Exp $ */ #include <sys/socket.h> @@ -192,9 +192,6 @@ _iface_up (int sock, struct st_ipsec_if *iface, char *phys struct ipsectunnelconf *shc=(struct ipsectunnelconf *)&req.ifr_data; short phys_flags; int ret = 0; - /* sscholz@astaro.com: for network mask 32 bit - struct sockaddr_in *inp; - */ strncpy(req.ifr_name, phys, IFNAMSIZ); if (ioctl(sock, SIOCGIFFLAGS, &req) !=0 ) @@ -239,13 +236,6 @@ _iface_up (int sock, struct st_ipsec_if *iface, char *phys if (ioctl(sock, SIOCGIFNETMASK, &req) == 0) { strncpy(req.ifr_name, iface->name, IFNAMSIZ); - /* sscholz@astaro.com: changed netmask to 32 bit - * in order to prevent network routes from being created - - inp = (struct sockaddr_in *)&req.ifr_addr; - inp->sin_addr.s_addr = 0xFFFFFFFFL; - - */ ioctl(sock, SIOCSIFNETMASK, &req); } @@ -253,8 +243,7 @@ _iface_up (int sock, struct st_ipsec_if *iface, char *phys strncpy(req.ifr_name, iface->name, IFNAMSIZ); if (ioctl(sock, SIOCGIFFLAGS, &req)==0) { -/* removed by sscholz@astaro.com (caused trouble with DSL/ppp0) */ -/* if (phys_flags & IFF_POINTOPOINT) + if (phys_flags & IFF_POINTOPOINT) { req.ifr_flags |= IFF_POINTOPOINT; req.ifr_flags &= ~IFF_BROADCAST; @@ -266,9 +255,7 @@ _iface_up (int sock, struct st_ipsec_if *iface, char *phys ioctl(sock, SIOCSIFDSTADDR, &req); } } - else - */ - if (phys_flags & IFF_BROADCAST) + else if (phys_flags & IFF_BROADCAST) { req.ifr_flags &= ~IFF_POINTOPOINT; req.ifr_flags |= IFF_BROADCAST; diff --git a/programs/starter/starterwhack.c b/programs/starter/starterwhack.c index a671c560c..0d7a3715e 100644 --- a/programs/starter/starterwhack.c +++ b/programs/starter/starterwhack.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: starterwhack.c,v 1.17 2006/04/17 10:32:36 as Exp $ + * RCSID $Id: starterwhack.c,v 1.18 2006/06/20 21:52:53 as Exp $ */ #include <sys/types.h> @@ -161,13 +161,13 @@ set_whack_end(whack_end_t *w, starter_end_t *end) w->host_addr = end->addr; w->host_nexthop = end->nexthop; w->host_srcip = end->srcip; + w->has_client = end->has_client; - if (end->has_client) - w->client = end->subnet; + if (w->has_client) + w->client = end->subnet; else - w->client.addr.u.v4.sin_family = AF_INET; + w->client.addr.u.v4.sin_family = addrtypeof(&w->host_addr); - w->has_client = end->has_client; w->has_client_wildcard = end->has_client_wildcard; w->has_port_wildcard = end->has_port_wildcard; w->has_srcip = end->has_srcip; |