diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-02-07 13:27:27 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-02-07 13:27:27 +0100 |
| commit | 7585facf05d927eb6df3929ce09ed5e60d905437 (patch) | |
| tree | e4d14b4dc180db20356b6b01ce0112f3a2d7897e /src/conftest/config.c | |
| parent | c1343b3278cdf99533b7902744d15969f9d6fdc1 (diff) | |
| download | vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.tar.gz vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.zip | |
Imported Upstream version 5.0.2
Diffstat (limited to 'src/conftest/config.c')
| -rw-r--r-- | src/conftest/config.c | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/src/conftest/config.c b/src/conftest/config.c index cbc6ac05f..ae0d93460 100644 --- a/src/conftest/config.c +++ b/src/conftest/config.c @@ -101,12 +101,13 @@ static ike_cfg_t *load_ike_config(private_config_t *this, proposal_t *proposal; char *token; - ike_cfg = ike_cfg_create(TRUE, + ike_cfg = ike_cfg_create(IKEV2, TRUE, settings->get_bool(settings, "configs.%s.fake_nat", FALSE, config), settings->get_str(settings, "configs.%s.lhost", "%any", config), FALSE, settings->get_int(settings, "configs.%s.lport", 500, config), settings->get_str(settings, "configs.%s.rhost", "%any", config), FALSE, - settings->get_int(settings, "configs.%s.rport", 500, config)); + settings->get_int(settings, "configs.%s.rport", 500, config), + FRAGMENTATION_NO); token = settings->get_str(settings, "configs.%s.proposal", NULL, config); if (token) { @@ -143,9 +144,7 @@ static child_cfg_t *load_child_config(private_config_t *this, proposal_t *proposal; traffic_selector_t *ts; ipsec_mode_t mode = MODE_TUNNEL; - host_t *net; char *token; - int bits; u_int32_t tfc; if (settings->get_bool(settings, "configs.%s.%s.transport", @@ -183,16 +182,15 @@ static child_cfg_t *load_child_config(private_config_t *this, child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); } - token = settings->get_str(settings, "configs.%s.%s.lts", NULL, config); + token = settings->get_str(settings, "configs.%s.%s.lts", NULL, config, child); if (token) { enumerator = enumerator_create_token(token, ",", " "); while (enumerator->enumerate(enumerator, &token)) { - net = host_create_from_subnet(token, &bits); - if (net) + ts = traffic_selector_create_from_cidr(token, 0, 0); + if (ts) { - ts = traffic_selector_create_from_subnet(net, bits, 0, 0); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); } else @@ -208,16 +206,15 @@ static child_cfg_t *load_child_config(private_config_t *this, child_cfg->add_traffic_selector(child_cfg, TRUE, ts); } - token = settings->get_str(settings, "configs.%s.%s.rts", NULL, config); + token = settings->get_str(settings, "configs.%s.%s.rts", NULL, config, child); if (token) { enumerator = enumerator_create_token(token, ",", " "); while (enumerator->enumerate(enumerator, &token)) { - net = host_create_from_subnet(token, &bits); - if (net) + ts = traffic_selector_create_from_cidr(token, 0, 0); + if (ts) { - ts = traffic_selector_create_from_subnet(net, bits, 0, 0); child_cfg->add_traffic_selector(child_cfg, FALSE, ts); } else @@ -247,11 +244,11 @@ static peer_cfg_t *load_peer_config(private_config_t *this, child_cfg_t *child_cfg; enumerator_t *enumerator; identification_t *lid, *rid; - char *child, *policy; + char *child, *policy, *pool; uintptr_t strength; ike_cfg = load_ike_config(this, settings, config); - peer_cfg = peer_cfg_create(config, IKEV2, ike_cfg, CERT_ALWAYS_SEND, + peer_cfg = peer_cfg_create(config, ike_cfg, CERT_ALWAYS_SEND, UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, 0, 0, FALSE, NULL, NULL); @@ -266,12 +263,12 @@ static peer_cfg_t *load_peer_config(private_config_t *this, auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); rid = identification_create_from_string( settings->get_str(settings, "configs.%s.rid", "%any", config)); - strength = settings->get_int(settings, "configs.%s.rsa_strength", 0); + strength = settings->get_int(settings, "configs.%s.rsa_strength", 0, config); if (strength) { auth->add(auth, AUTH_RULE_RSA_STRENGTH, strength); } - strength = settings->get_int(settings, "configs.%s.ecdsa_strength", 0); + strength = settings->get_int(settings, "configs.%s.ecdsa_strength", 0, config); if (strength) { auth->add(auth, AUTH_RULE_ECDSA_STRENGTH, strength); @@ -283,6 +280,11 @@ static peer_cfg_t *load_peer_config(private_config_t *this, } auth->add(auth, AUTH_RULE_IDENTITY, rid); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); + pool = settings->get_str(settings, "configs.%s.named_pool", NULL, config); + if (pool) + { + peer_cfg->add_pool(peer_cfg, pool); + } DBG1(DBG_CFG, "loaded config %s: %Y - %Y", config, lid, rid); |