summaryrefslogtreecommitdiff
path: root/src/charon-nm/nm
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2016-07-16 15:19:53 +0200
committerYves-Alexis Perez <corsac@debian.org>2016-07-16 15:19:53 +0200
commitbf372706c469764d59e9f29c39e3ecbebd72b8d2 (patch)
tree0f0e296e2d50e4a7faf99ae6fa428d2681e81ea1 /src/charon-nm/nm
parent518dd33c94e041db0444c7d1f33da363bb8e3faf (diff)
downloadvyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.tar.gz
vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.zip
Imported Upstream version 5.5.0
Diffstat (limited to 'src/charon-nm/nm')
-rw-r--r--src/charon-nm/nm/nm_service.c84
1 files changed, 42 insertions, 42 deletions
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index fc7e89958..5991c2465 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -68,7 +68,7 @@ static GValue* handler_to_val(nm_handler_t *handler,
array = g_array_new (FALSE, TRUE, sizeof (guint32));
while (enumerator->enumerate(enumerator, &chunk))
{
- g_array_append_val (array, *(u_int32_t*)chunk.ptr);
+ g_array_append_val (array, *(uint32_t*)chunk.ptr);
}
enumerator->destroy(enumerator);
val = g_slice_new0 (GValue);
@@ -113,7 +113,7 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
enumerator->destroy(enumerator);
val = g_slice_new0(GValue);
g_value_init(val, G_TYPE_UINT);
- g_value_set_uint(val, *(u_int32_t*)me->get_address(me).ptr);
+ g_value_set_uint(val, *(uint32_t*)me->get_address(me).ptr);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val);
val = g_slice_new0(GValue);
@@ -289,7 +289,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
NMSettingVPN *vpn;
identification_t *user = NULL, *gateway = NULL;
const char *address, *str;
- bool virtual, encap, ipcomp;
+ bool virtual, encap;
ike_cfg_t *ike_cfg;
peer_cfg_t *peer_cfg;
child_cfg_t *child_cfg;
@@ -300,12 +300,23 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
certificate_t *cert = NULL;
x509_t *x509;
bool agent = FALSE, smartcard = FALSE, loose_gateway_id = FALSE;
- lifetime_cfg_t lifetime = {
- .time = {
- .life = 10800 /* 3h */,
- .rekey = 10200 /* 2h50min */,
- .jitter = 300 /* 5min */
- }
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_SEND_IF_ASKED,
+ .unique = UNIQUE_REPLACE,
+ .keyingtries = 1,
+ .rekey_time = 36000, /* 10h */
+ .jitter_time = 600, /* 10min */
+ .over_time = 600, /* 10min */
+ };
+ child_cfg_create_t child = {
+ .lifetime = {
+ .time = {
+ .life = 10800 /* 3h */,
+ .rekey = 10200 /* 2h50min */,
+ .jitter = 300 /* 5min */
+ },
+ },
+ .mode = MODE_TUNNEL,
};
/**
@@ -339,32 +350,29 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
return FALSE;
}
str = nm_setting_vpn_get_data_item(vpn, "virtual");
- virtual = str && streq(str, "yes");
+ virtual = streq(str, "yes");
str = nm_setting_vpn_get_data_item(vpn, "encap");
- encap = str && streq(str, "yes");
+ encap = streq(str, "yes");
str = nm_setting_vpn_get_data_item(vpn, "ipcomp");
- ipcomp = str && streq(str, "yes");
+ child.ipcomp = streq(str, "yes");
str = nm_setting_vpn_get_data_item(vpn, "method");
- if (str)
+ if (streq(str, "psk"))
{
- if (streq(str, "psk"))
- {
- auth_class = AUTH_CLASS_PSK;
- }
- else if (streq(str, "agent"))
- {
- auth_class = AUTH_CLASS_PUBKEY;
- agent = TRUE;
- }
- else if (streq(str, "key"))
- {
- auth_class = AUTH_CLASS_PUBKEY;
- }
- else if (streq(str, "smartcard"))
- {
- auth_class = AUTH_CLASS_PUBKEY;
- smartcard = TRUE;
- }
+ auth_class = AUTH_CLASS_PSK;
+ }
+ else if (streq(str, "agent"))
+ {
+ auth_class = AUTH_CLASS_PUBKEY;
+ agent = TRUE;
+ }
+ else if (streq(str, "key"))
+ {
+ auth_class = AUTH_CLASS_PUBKEY;
+ }
+ else if (streq(str, "smartcard"))
+ {
+ auth_class = AUTH_CLASS_PUBKEY;
+ smartcard = TRUE;
}
/**
@@ -533,13 +541,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
- peer_cfg = peer_cfg_create(priv->name, ike_cfg,
- CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
- 36000, 0, /* rekey 10h, reauth none */
- 600, 600, /* jitter, over 10min */
- TRUE, FALSE, TRUE, /* mobike, aggressive, pull */
- 0, 0, /* DPD delay, timeout */
- FALSE, NULL, NULL); /* mediation */
+
+ peer_cfg = peer_cfg_create(priv->name, ike_cfg, &peer);
if (virtual)
{
peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
@@ -561,10 +564,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, loose_gateway_id);
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
- child_cfg = child_cfg_create(priv->name, &lifetime,
- NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
- ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp,
- 0, 0, NULL, NULL, 0);
+ child_cfg = child_cfg_create(priv->name, &child);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
ts = traffic_selector_create_dynamic(0, 0, 65535);