[svn-upgrade] Integrating new upstream version, strongswan (4.1.10)

1 files changed, 37 insertions, 24 deletions

diff --git a/src/charon/control/interfaces/stroke_interface.c b/src/charon/control/interfaces/stroke_interface.c
index 66ed423ae..b51d53ebd 100755
--- a/src/charon/control/interfaces/stroke_interface.c
+++ b/src/charon/control/interfaces/stroke_interface.c
@@ -239,13 +239,13 @@ static void stroke_add_conn(stroke_msg_t *msg, FILE *out)
 	bool other_ca_same =FALSE;
 	host_t *my_host, *other_host, *my_subnet, *other_subnet;
 	host_t *my_vip = NULL, *other_vip = NULL;
-	linked_list_t *my_groups = linked_list_create();
 	linked_list_t *other_groups = linked_list_create();
 	proposal_t *proposal;
 	traffic_selector_t *my_ts, *other_ts;
 	char *interface;
 	bool use_existing = FALSE;
 	iterator_t *iterator;
+	u_int32_t vendor;
 	
 	pop_string(msg, &msg->add_conn.name);
 	DBG1(DBG_CFG, "received stroke: add connection '%s'", msg->add_conn.name);
@@ -262,7 +262,7 @@ static void stroke_add_conn(stroke_msg_t *msg, FILE *out)
 	DBG2(DBG_CFG, "  p2p_mediated_by=%s", msg->add_conn.p2p.mediated_by);
 	DBG2(DBG_CFG, "  p2p_peerid=%s", msg->add_conn.p2p.peerid);
 
-	my_host = msg->add_conn.me.address?
+	my_host = msg->add_conn.me.address ?
 			  host_create_from_string(msg->add_conn.me.address, IKE_PORT) : NULL;
 	if (my_host == NULL)
 	{
@@ -365,11 +365,11 @@ static void stroke_add_conn(stroke_msg_t *msg, FILE *out)
 		}
 	}
 	else
-#endif /* P2P */
 	{
-		// no peer ID supplied, assume right ID
+		/* no peer ID supplied, assume right ID */
 		peer_id = other_id->clone(other_id);
 	}
+#endif /* P2P */
 	
 	my_subnet = host_create_from_string(msg->add_conn.me.subnet ?
 					msg->add_conn.me.subnet : msg->add_conn.me.address, IKE_PORT);
@@ -544,7 +544,8 @@ static void stroke_add_conn(stroke_msg_t *msg, FILE *out)
 		&&  ietfAttr_list_equals(other_groups, peer_cfg->get_groups(peer_cfg))
 		&&	peer_cfg->get_ike_version(peer_cfg) == (msg->add_conn.ikev2 ? 2 : 1)
 		&&	peer_cfg->get_auth_method(peer_cfg) == msg->add_conn.auth_method
-		&&	peer_cfg->get_eap_type(peer_cfg) == msg->add_conn.eap_type)
+		&&	peer_cfg->get_eap_type(peer_cfg, &vendor) == msg->add_conn.eap_type
+		&&	vendor == msg->add_conn.eap_vendor)
 		{
 			DBG1(DBG_CFG, "reusing existing configuration '%s'",
 				 peer_cfg->get_name(peer_cfg));
@@ -564,9 +565,8 @@ static void stroke_add_conn(stroke_msg_t *msg, FILE *out)
 		other_host->destroy(other_host);
 		other_id->destroy(other_id);
 		other_ca->destroy(other_ca);
-		peer_id->destroy(peer_id);
+		DESTROY_IF(peer_id);
 		DESTROY_IF(mediated_by_cfg);
-		ietfAttr_list_destroy(my_groups);
 		ietfAttr_list_destroy(other_groups);
 	}
 	else
@@ -613,15 +613,25 @@ static void stroke_add_conn(stroke_msg_t *msg, FILE *out)
 			ike_cfg->add_proposal(ike_cfg, proposal);
 		}
 		
+		u_int32_t rekey = 0, reauth = 0, over, jitter;
+		
+		jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100;
+		over = msg->add_conn.rekey.margin;
+		if (msg->add_conn.rekey.reauth)
+		{
+			reauth = msg->add_conn.rekey.ike_lifetime - over;
+		}
+		else
+		{
+			rekey = msg->add_conn.rekey.ike_lifetime - over;
+		}
 		
 		peer_cfg = peer_cfg_create(msg->add_conn.name, msg->add_conn.ikev2 ? 2 : 1,
 					ike_cfg, my_id, other_id, my_ca, other_ca, other_groups,
-					msg->add_conn.me.sendcert,
-					msg->add_conn.auth_method, msg->add_conn.eap_type,
-					msg->add_conn.rekey.tries, msg->add_conn.rekey.ike_lifetime,
-					msg->add_conn.rekey.ike_lifetime - msg->add_conn.rekey.margin,
-					msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100, 
-					msg->add_conn.rekey.reauth, msg->add_conn.mobike,
+					msg->add_conn.me.sendcert, msg->add_conn.auth_method,
+					msg->add_conn.eap_type,	msg->add_conn.eap_vendor,
+					msg->add_conn.rekey.tries, rekey, reauth, jitter, over,
+					msg->add_conn.mobike,
 					msg->add_conn.dpd.delay, msg->add_conn.dpd.action, my_vip, other_vip,
 					msg->add_conn.p2p.mediation, mediated_by_cfg, peer_id);
 	}
@@ -1104,9 +1114,8 @@ static void stroke_del_ca(stroke_msg_t *msg, FILE *out)
  */
 static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all)
 {
-	peer_cfg_t *cfg = ike_sa->get_peer_cfg(ike_sa);
 	ike_sa_id_t *id = ike_sa->get_id(ike_sa);
-	u_int32_t next, now = time(NULL);
+	u_int32_t rekey, reauth;
 
 	fprintf(out, "%12s[%d]: %N, %H[%D]...%H[%D]\n",
 			ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
@@ -1116,21 +1125,26 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all)
 	
 	if (all)
 	{
-		fprintf(out, "%12s[%d]: IKE SPIs: %.16llx_i%s %.16llx_r%s, ",
+		fprintf(out, "%12s[%d]: IKE SPIs: %.16llx_i%s %.16llx_r%s",
 				ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
 				id->get_initiator_spi(id), id->is_initiator(id) ? "*" : "",
 				id->get_responder_spi(id), id->is_initiator(id) ? "" : "*");
 	
-		ike_sa->get_stats(ike_sa, &next);
-		if (next)
+		rekey = ike_sa->get_statistic(ike_sa, STAT_REKEY_TIME);
+		reauth = ike_sa->get_statistic(ike_sa, STAT_REAUTH_TIME);
+		if (rekey)
 		{
-			fprintf(out, "%s in %V\n", cfg->use_reauth(cfg) ?
-					"reauthentication" : "rekeying", &now, &next);
+			fprintf(out, ", rekeying in %V", &rekey);
 		}
-		else
+		if (reauth)
 		{
-			fprintf(out, "rekeying disabled\n");
+			fprintf(out, ", reauthentication in %V", &reauth);
 		}
+		if (!rekey && !reauth)
+		{
+			fprintf(out, ", rekeying disabled");
+		}
+		fprintf(out, "\n");
 	}
 }
 
@@ -1188,7 +1202,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
 			
 			if (rekey)
 			{
-				fprintf(out, "in %V", &now, &rekey);
+				fprintf(out, "in %#V", &now, &rekey);
 			}
 			else
 			{
@@ -1692,7 +1706,6 @@ static job_requeue_t stroke_process(int *fdp)
 	return JOB_REQUEUE_NONE;
 }
 
-
 /**
  * Implementation of private_stroke_interface_t.stroke_receive.
  */