summaryrefslogtreecommitdiff
path: root/programs
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2006-06-26 11:32:54 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2006-06-26 11:32:54 +0000
commit6782d06a206e8aa8304d4ec9518361aecd1b9472 (patch)
tree8ea2727105be2e0191d89f7a101f43ba8b59c810 /programs
parentaa0f5b38aec14428b4b80e06f90ff781f8bca5f1 (diff)
downloadvyos-strongswan-6782d06a206e8aa8304d4ec9518361aecd1b9472.tar.gz
vyos-strongswan-6782d06a206e8aa8304d4ec9518361aecd1b9472.zip
Load /tmp/tmp.dFxzTv5957/strongswan-2.7.2 into
branches/source-dist/debian/strongswan.
Diffstat (limited to 'programs')
-rwxr-xr-xprograms/ipsec/ipsec.in17
-rw-r--r--programs/pluto/connections.c11
-rw-r--r--programs/pluto/demux.c5
-rw-r--r--programs/pluto/fetch.c6
-rw-r--r--programs/pluto/kernel.c4
-rw-r--r--programs/pluto/log.c6
-rw-r--r--programs/pluto/rcv_whack.c72
-rw-r--r--programs/pluto/state.c4
-rw-r--r--programs/pluto/vendor.c9
-rw-r--r--programs/pluto/vendor.h7
-rw-r--r--programs/starter/confread.c26
-rw-r--r--programs/starter/interfaces.c19
-rw-r--r--programs/starter/starterwhack.c10
13 files changed, 132 insertions, 64 deletions
diff --git a/programs/ipsec/ipsec.in b/programs/ipsec/ipsec.in
index 0616561d8..1c657b9e7 100755
--- a/programs/ipsec/ipsec.in
+++ b/programs/ipsec/ipsec.in
@@ -12,7 +12,7 @@
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
-# RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $
+# RCSID $Id: ipsec.in,v 1.14 2006/05/25 11:52:03 as Exp $
IPSEC_NAME=strongSwan
@@ -122,6 +122,11 @@ case "$1" in
;;
down)
shift
+ if [ "$#" -ne 1 ]
+ then
+ echo "Usage: ipsec down <connection name>"
+ exit 1
+ fi
$IPSEC_EXECDIR/whack --name "$1" --terminate
exit 0
;;
@@ -161,6 +166,11 @@ restart)
route|unroute)
op="$1"
shift
+ if [ "$#" -ne 1 ]
+ then
+ echo "Usage: ipsec $op <connection name>"
+ exit 1
+ fi
$IPSEC_EXECDIR/whack --name "$1" "--$op"
exit 0
;;
@@ -197,6 +207,11 @@ stop)
;;
up)
shift
+ if [ "$#" -ne 1 ]
+ then
+ echo "Usage: ipsec up <connection name>"
+ exit 1
+ fi
$IPSEC_EXECDIR/whack --name "$1" --initiate
exit 0
;;
diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c
index 263bdbd1e..6cf6a6a8b 100644
--- a/programs/pluto/connections.c
+++ b/programs/pluto/connections.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: connections.c,v 1.42 2006/04/22 21:59:20 as Exp $
+ * RCSID $Id: connections.c,v 1.43 2006/04/29 18:16:02 as Exp $
*/
#include <string.h>
@@ -4022,7 +4022,7 @@ show_connections_status(bool all, const char *name)
/* sort it! */
qsort(array, count, sizeof(struct connection *), connection_compare_qsort);
- for (i=0; i<count; i++)
+ for (i = 0; i < count; i++)
{
const char *ifn;
char instance[1 + 10 + 1];
@@ -4076,7 +4076,7 @@ show_connections_status(bool all, const char *name)
if (c->spd.that.groups != NULL)
{
char buf[BUF_LEN];
-
+
format_groups(c->spd.that.groups, buf, BUF_LEN);
whack_log(RC_COMMENT
, "\"%s\"%s: groups: %s"
@@ -4097,7 +4097,7 @@ show_connections_status(bool all, const char *name)
, (unsigned long) c->sa_keying_tries);
/* show DPD parameters if defined */
-
+
if (c->dpd_action != DPD_ACTION_NONE)
whack_log(RC_COMMENT
, "\"%s\"%s: dpd_action: %s;"
@@ -4141,6 +4141,9 @@ show_connections_status(bool all, const char *name)
kernel_alg_show_connection(c, instance);
}
}
+ if (count > 0)
+ whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
+
pfree(array);
}
diff --git a/programs/pluto/demux.c b/programs/pluto/demux.c
index 2f8fb9a8f..db7f1c4a6 100644
--- a/programs/pluto/demux.c
+++ b/programs/pluto/demux.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: demux.c,v 1.13 2005/02/18 21:08:59 as Exp $
+ * RCSID $Id: demux.c,v 1.14 2006/06/22 11:58:25 as Exp $
*/
/* Ordering Constraints on Payloads
@@ -2397,7 +2397,8 @@ complete_state_transition(struct msg_digest **mdp, stf_status result)
* whatever retrying was in place, remains in place.
*/
whack_log(RC_NOTIFICATION + md->note
- , "%s: %s", enum_name(&state_names, st->st_state)
+ , "%s: %s"
+ , enum_name(&state_names, (st == NULL)? STATE_MAIN_R0:st->st_state)
, enum_name(&notification_names, md->note));
SEND_NOTIFICATION(md->note);
diff --git a/programs/pluto/fetch.c b/programs/pluto/fetch.c
index 075b88fd2..4bfb6031b 100644
--- a/programs/pluto/fetch.c
+++ b/programs/pluto/fetch.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: fetch.c,v 1.11 2005/11/25 10:08:00 as Exp $
+ * RCSID $Id: fetch.c,v 1.12 2006/05/16 14:19:27 as Exp $
*/
#include <stdlib.h>
@@ -339,7 +339,7 @@ fetch_curl(char *url, chunk_t *blob)
}
curl_easy_cleanup(curl);
/* not using freeanychunk because of realloc (no leak detective) */
- free(response.ptr);
+ curl_free(response.ptr);
}
return strlen(errorbuffer) > 0 ? "libcurl error" : NULL;
#else /* !LIBCURL */
@@ -728,7 +728,7 @@ fetch_ocsp_status(ocsp_location_t* location)
curl_easy_cleanup(curl);
pfree(uri);
/* not using freeanychunk because of realloc (no leak detective) */
- free(response.ptr);
+ curl_free(response.ptr);
}
freeanychunk(location->nonce);
freeanychunk(request);
diff --git a/programs/pluto/kernel.c b/programs/pluto/kernel.c
index 5d7c5f78a..d2070c0d4 100644
--- a/programs/pluto/kernel.c
+++ b/programs/pluto/kernel.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: kernel.c,v 1.25 2006/04/17 14:58:09 as Exp $
+ * RCSID $Id: kernel.c,v 1.26 2006/04/29 18:16:02 as Exp $
*/
#include <stddef.h>
@@ -934,6 +934,8 @@ show_shunt_status(void)
, ourst, ourport, hist, hisport, sat, bs->transport_proto
, prio, bs->why);
}
+ if (bare_shunts != NULL)
+ whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
}
/* Setup an IPsec route entry.
diff --git a/programs/pluto/log.c b/programs/pluto/log.c
index 137e92980..73ffceccd 100644
--- a/programs/pluto/log.c
+++ b/programs/pluto/log.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: log.c,v 1.7 2005/07/11 18:33:45 as Exp $
+ * RCSID $Id: log.c,v 1.8 2006/04/29 18:16:02 as Exp $
*/
#include <stdio.h>
@@ -770,13 +770,11 @@ show_status(bool all, const char *name)
show_ifaces_status();
show_myid_status();
show_debug_status();
+ whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
}
- whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
show_connections_status(all, name);
- whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
show_states_status(name);
#ifdef KLIPS
- whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
show_shunt_status();
#endif
}
diff --git a/programs/pluto/rcv_whack.c b/programs/pluto/rcv_whack.c
index 164a4f249..99c377765 100644
--- a/programs/pluto/rcv_whack.c
+++ b/programs/pluto/rcv_whack.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: rcv_whack.c,v 1.17 2005/12/25 12:41:23 as Exp $
+ * RCSID $Id: rcv_whack.c,v 1.18 2006/05/25 11:33:57 as Exp $
*/
#include <stdio.h>
@@ -557,7 +557,14 @@ whack_handle(int whackctlfd)
if (msg.whack_route)
{
if (!listening)
+ {
whack_log(RC_DEAF, "need --listen before --route");
+ }
+ if (msg.name == NULL)
+ {
+ whack_log(RC_UNKNOWN_NAME
+ , "whack --route requires a connection name");
+ }
else
{
struct connection *c = con_by_name(msg.name, TRUE);
@@ -579,37 +586,54 @@ whack_handle(int whackctlfd)
if (msg.whack_unroute)
{
- struct connection *c = con_by_name(msg.name, TRUE);
-
- if (c != NULL)
+ if (msg.name == NULL)
{
- struct spd_route *sr;
- int fail = 0;
-
- set_cur_connection(c);
+ whack_log(RC_UNKNOWN_NAME
+ , "whack --unroute requires a connection name");
+ }
+ else
+ {
+ struct connection *c = con_by_name(msg.name, TRUE);
- for (sr = &c->spd; sr != NULL; sr = sr->next)
+ if (c != NULL)
{
- if (sr->routing >= RT_ROUTED_TUNNEL)
- fail++;
+ struct spd_route *sr;
+ int fail = 0;
+
+ set_cur_connection(c);
+
+ for (sr = &c->spd; sr != NULL; sr = sr->next)
+ {
+ if (sr->routing >= RT_ROUTED_TUNNEL)
+ fail++;
+ }
+ if (fail > 0)
+ whack_log(RC_RTBUSY, "cannot unroute: route busy");
+ else if (c->policy & POLICY_GROUP)
+ unroute_group(c);
+ else
+ unroute_connection(c);
+ reset_cur_connection();
}
- if (fail > 0)
- whack_log(RC_RTBUSY, "cannot unroute: route busy");
- else if (c->policy & POLICY_GROUP)
- unroute_group(c);
- else
- unroute_connection(c);
- reset_cur_connection();
}
}
if (msg.whack_initiate)
{
if (!listening)
+ {
whack_log(RC_DEAF, "need --listen before --initiate");
+ }
+ else if (msg.name == NULL)
+ {
+ whack_log(RC_UNKNOWN_NAME
+ , "whack --initiate requires a connection name");
+ }
else
+ {
initiate_connection(msg.name
, msg.whack_async? NULL_FD : dup_any(whackfd));
+ }
}
if (msg.whack_oppo_initiate)
@@ -623,7 +647,17 @@ whack_handle(int whackctlfd)
}
if (msg.whack_terminate)
- terminate_connection(msg.name);
+ {
+ if (msg.name == NULL)
+ {
+ whack_log(RC_UNKNOWN_NAME
+ , "whack --terminate requires a connection name");
+ }
+ else
+ {
+ terminate_connection(msg.name);
+ }
+ }
if (msg.whack_status)
show_status(msg.whack_statusall, msg.name);
diff --git a/programs/pluto/state.c b/programs/pluto/state.c
index 5957654e3..0781d2eb3 100644
--- a/programs/pluto/state.c
+++ b/programs/pluto/state.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: state.c,v 1.12 2006/04/03 15:49:36 as Exp $
+ * RCSID $Id: state.c,v 1.13 2006/04/29 18:16:02 as Exp $
*/
#include <stdio.h>
@@ -902,6 +902,8 @@ show_states_status(const char *name)
if (IS_PHASE1(st->st_state))
show_pending_phase2(st->st_connection->host_pair, st);
}
+ if (count > 0)
+ whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
/* free the array */
pfree(array);
diff --git a/programs/pluto/vendor.c b/programs/pluto/vendor.c
index 51931c239..3a8ac15a9 100644
--- a/programs/pluto/vendor.c
+++ b/programs/pluto/vendor.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: vendor.c,v 1.35 2006/04/12 16:44:28 as Exp $
+ * RCSID $Id: vendor.c,v 1.38 2006/06/04 09:42:35 as Exp $
*/
#include <stdlib.h>
@@ -198,7 +198,12 @@ static struct vid_struct _vid_tab[] = {
/*
* strongSwan
*/
- DEC_MD5_VID(STRONGSWAN, "strongSwan 2.7.0")
+ DEC_MD5_VID(STRONGSWAN_4_0_0, "strongSwan 4.0.0")
+ DEC_MD5_VID(STRONGSWAN_4_0_1, "strongSwan 4.0.1")
+
+ DEC_MD5_VID(STRONGSWAN, "strongSwan 2.7.2")
+ DEC_MD5_VID(STRONGSWAN_2_7_1, "strongSwan 2.7.1")
+ DEC_MD5_VID(STRONGSWAN_2_7_0, "strongSwan 2.7.0")
DEC_MD5_VID(STRONGSWAN_2_6_4, "strongSwan 2.6.4")
DEC_MD5_VID(STRONGSWAN_2_6_3, "strongSwan 2.6.3")
DEC_MD5_VID(STRONGSWAN_2_6_2, "strongSwan 2.6.2")
diff --git a/programs/pluto/vendor.h b/programs/pluto/vendor.h
index d6b414be2..e0c3a5f30 100644
--- a/programs/pluto/vendor.h
+++ b/programs/pluto/vendor.h
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: vendor.h,v 1.30 2006/04/12 16:44:28 as Exp $
+ * RCSID $Id: vendor.h,v 1.33 2006/06/04 09:42:35 as Exp $
*/
#ifndef _VENDOR_H_
@@ -76,6 +76,11 @@ enum known_vendorid {
VID_STRONGSWAN_2_6_2 = 55,
VID_STRONGSWAN_2_6_3 = 56,
VID_STRONGSWAN_2_6_4 = 57,
+ VID_STRONGSWAN_2_7_0 = 58,
+ VID_STRONGSWAN_2_7_1 = 59,
+
+ VID_STRONGSWAN_4_0_0 = 70,
+ VID_STRONGSWAN_4_0_1 = 71,
/* 101 - 200 : NAT-Traversal */
VID_NATT_STENBERG_01 =101,
diff --git a/programs/starter/confread.c b/programs/starter/confread.c
index cf12d05ca..af0f00877 100644
--- a/programs/starter/confread.c
+++ b/programs/starter/confread.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: confread.c,v 1.37 2006/04/17 19:35:07 as Exp $
+ * RCSID $Id: confread.c,v 1.38 2006/06/20 21:52:53 as Exp $
*/
#include <stddef.h>
@@ -31,6 +31,9 @@
#include "args.h"
#include "interfaces.h"
+/* strings containing a colon are interpreted as an IPv6 address */
+#define ip_version(string) (strchr(string, ':') != NULL)? AF_INET6 : AF_INET;
+
static const char ike_defaults[] = "3des-sha, 3des-md5";
static const char esp_defaults[] = "3des-sha1, 3des-md5";
@@ -166,8 +169,13 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
goto err;
}
}
- else if (streq(value,"%any"))
- {
+ else if (streq(value, "%any"))
+ {
+ anyaddr(conn->addr_family, &end->addr);
+ }
+ else if (streq(value, "%any6"))
+ {
+ conn->addr_family = AF_INET6;
anyaddr(conn->addr_family, &end->addr);
}
else if (value[0] == '%')
@@ -183,6 +191,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
}
else
{
+ conn->addr_family = ip_version(value);
ugh = ttoaddr(value, 0, conn->addr_family, &end->addr);
if (ugh != NULL)
{
@@ -203,10 +212,14 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
}
}
else if (streq(value, "%direct"))
+ {
ugh = anyaddr(conn->addr_family, &end->nexthop);
+ }
else
+ {
+ conn->addr_family = ip_version(value);
ugh = ttoaddr(value, 0, conn->addr_family, &end->nexthop);
-
+ }
if (ugh != NULL)
{
plog("# bad addr: %s=%s [%s]", name, value, ugh);
@@ -222,6 +235,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
else
{
end->has_client = TRUE;
+ conn->tunnel_addr_family = ip_version(value);
ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &end->subnet);
if (ugh != NULL)
{
@@ -233,6 +247,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
case KW_SUBNETWITHIN:
end->has_client = TRUE;
end->has_client_wildcard = TRUE;
+ conn->tunnel_addr_family = ip_version(value);
ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &end->subnet);
break;
case KW_PROTOPORT:
@@ -246,7 +261,8 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
}
else
{
- ugh = ttoaddr(value, 0, conn->addr_family, &end->srcip);
+ conn->tunnel_addr_family = ip_version(value);
+ ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &end->srcip);
if (ugh != NULL)
{
plog("# bad addr: %s=%s [%s]", name, value, ugh);
diff --git a/programs/starter/interfaces.c b/programs/starter/interfaces.c
index 9926ea059..3b24e2faf 100644
--- a/programs/starter/interfaces.c
+++ b/programs/starter/interfaces.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: interfaces.c,v 1.15 2006/02/05 10:51:55 as Exp $
+ * RCSID $Id: interfaces.c,v 1.16 2006/05/25 12:10:15 as Exp $
*/
#include <sys/socket.h>
@@ -192,9 +192,6 @@ _iface_up (int sock, struct st_ipsec_if *iface, char *phys
struct ipsectunnelconf *shc=(struct ipsectunnelconf *)&req.ifr_data;
short phys_flags;
int ret = 0;
- /* sscholz@astaro.com: for network mask 32 bit
- struct sockaddr_in *inp;
- */
strncpy(req.ifr_name, phys, IFNAMSIZ);
if (ioctl(sock, SIOCGIFFLAGS, &req) !=0 )
@@ -239,13 +236,6 @@ _iface_up (int sock, struct st_ipsec_if *iface, char *phys
if (ioctl(sock, SIOCGIFNETMASK, &req) == 0)
{
strncpy(req.ifr_name, iface->name, IFNAMSIZ);
- /* sscholz@astaro.com: changed netmask to 32 bit
- * in order to prevent network routes from being created
-
- inp = (struct sockaddr_in *)&req.ifr_addr;
- inp->sin_addr.s_addr = 0xFFFFFFFFL;
-
- */
ioctl(sock, SIOCSIFNETMASK, &req);
}
@@ -253,8 +243,7 @@ _iface_up (int sock, struct st_ipsec_if *iface, char *phys
strncpy(req.ifr_name, iface->name, IFNAMSIZ);
if (ioctl(sock, SIOCGIFFLAGS, &req)==0)
{
-/* removed by sscholz@astaro.com (caused trouble with DSL/ppp0) */
-/* if (phys_flags & IFF_POINTOPOINT)
+ if (phys_flags & IFF_POINTOPOINT)
{
req.ifr_flags |= IFF_POINTOPOINT;
req.ifr_flags &= ~IFF_BROADCAST;
@@ -266,9 +255,7 @@ _iface_up (int sock, struct st_ipsec_if *iface, char *phys
ioctl(sock, SIOCSIFDSTADDR, &req);
}
}
- else
- */
- if (phys_flags & IFF_BROADCAST)
+ else if (phys_flags & IFF_BROADCAST)
{
req.ifr_flags &= ~IFF_POINTOPOINT;
req.ifr_flags |= IFF_BROADCAST;
diff --git a/programs/starter/starterwhack.c b/programs/starter/starterwhack.c
index a671c560c..0d7a3715e 100644
--- a/programs/starter/starterwhack.c
+++ b/programs/starter/starterwhack.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: starterwhack.c,v 1.17 2006/04/17 10:32:36 as Exp $
+ * RCSID $Id: starterwhack.c,v 1.18 2006/06/20 21:52:53 as Exp $
*/
#include <sys/types.h>
@@ -161,13 +161,13 @@ set_whack_end(whack_end_t *w, starter_end_t *end)
w->host_addr = end->addr;
w->host_nexthop = end->nexthop;
w->host_srcip = end->srcip;
+ w->has_client = end->has_client;
- if (end->has_client)
- w->client = end->subnet;
+ if (w->has_client)
+ w->client = end->subnet;
else
- w->client.addr.u.v4.sin_family = AF_INET;
+ w->client.addr.u.v4.sin_family = addrtypeof(&w->host_addr);
- w->has_client = end->has_client;
w->has_client_wildcard = end->has_client_wildcard;
w->has_port_wildcard = end->has_port_wildcard;
w->has_srcip = end->has_srcip;