Imported Upstream version 4.5.1

5 files changed, 187 insertions, 198 deletions

diff --git a/src/libcharon/config/backend_manager.c b/src/libcharon/config/backend_manager.c
index 90ef58563..e78cb702d 100644
--- a/src/libcharon/config/backend_manager.c
+++ b/src/libcharon/config/backend_manager.c
@@ -96,6 +96,11 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
 		{
 			match += MATCH_ANY;
 		}
+		else
+		{
+			me_cand->destroy(me_cand);
+			return MATCH_NONE;
+		}
 		me_cand->destroy(me_cand);
 	}
 	else
@@ -119,6 +124,11 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
 		{
 			match += MATCH_ANY;
 		}
+		else
+		{
+			other_cand->destroy(other_cand);
+			return MATCH_NONE;
+		}
 		other_cand->destroy(other_cand);
 	}
 	else
@@ -128,11 +138,8 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
 	return match;
 }
 
-/**
- * implements backend_manager_t.get_ike_cfg.
- */
-static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this,
-							  host_t *me, host_t *other)
+METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*,
+	private_backend_manager_t *this, host_t *me, host_t *other)
 {
 	ike_cfg_t *current, *found = NULL;
 	enumerator_t *enumerator;
@@ -308,12 +315,9 @@ static void insert_sorted(match_entry_t *entry, linked_list_t *list,
 	}
 }
 
-/**
- * Implements backend_manager_t.create_peer_cfg_enumerator.
- */
-static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this,
-							host_t *me, host_t *other, identification_t *my_id,
-							identification_t *other_id)
+METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*,
+	private_backend_manager_t *this, host_t *me, host_t *other,
+	identification_t *my_id, identification_t *other_id)
 {
 	enumerator_t *enumerator;
 	peer_data_t *data;
@@ -372,10 +376,8 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this,
 									(void*)peer_enum_filter_destroy);
 }
 
-/**
- * implements backend_manager_t.get_peer_cfg_by_name.
- */
-static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name)
+METHOD(backend_manager_t, get_peer_cfg_by_name, peer_cfg_t*,
+	private_backend_manager_t *this, char *name)
 {
 	backend_t *backend;
 	peer_cfg_t *config = NULL;
@@ -392,30 +394,24 @@ static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *n
 	return config;
 }
 
-/**
- * Implementation of backend_manager_t.remove_backend.
- */
-static void remove_backend(private_backend_manager_t *this, backend_t *backend)
+METHOD(backend_manager_t, remove_backend, void,
+	private_backend_manager_t *this, backend_t *backend)
 {
 	this->lock->write_lock(this->lock);
 	this->backends->remove(this->backends, backend, NULL);
 	this->lock->unlock(this->lock);
 }
 
-/**
- * Implementation of backend_manager_t.add_backend.
- */
-static void add_backend(private_backend_manager_t *this, backend_t *backend)
+METHOD(backend_manager_t, add_backend, void,
+	private_backend_manager_t *this, backend_t *backend)
 {
 	this->lock->write_lock(this->lock);
 	this->backends->insert_last(this->backends, backend);
 	this->lock->unlock(this->lock);
 }
 
-/**
- * Implementation of backend_manager_t.destroy.
- */
-static void destroy(private_backend_manager_t *this)
+METHOD(backend_manager_t, destroy, void,
+	private_backend_manager_t *this)
 {
 	this->backends->destroy(this->backends);
 	this->lock->destroy(this->lock);
@@ -424,20 +420,24 @@ static void destroy(private_backend_manager_t *this)
 
 /*
  * Described in header-file
+
  */
 backend_manager_t *backend_manager_create()
 {
-	private_backend_manager_t *this = malloc_thing(private_backend_manager_t);
-
-	this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg;
-	this->public.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_manager_t*,char*))get_peer_cfg_by_name;
-	this->public.create_peer_cfg_enumerator = (enumerator_t* (*)(backend_manager_t*,host_t*,host_t*,identification_t*,identification_t*))create_peer_cfg_enumerator;
-	this->public.add_backend = (void(*)(backend_manager_t*, backend_t *backend))add_backend;
-	this->public.remove_backend = (void(*)(backend_manager_t*, backend_t *backend))remove_backend;
-	this->public.destroy = (void (*)(backend_manager_t*))destroy;
+	private_backend_manager_t *this;
 
-	this->backends = linked_list_create();
-	this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+	INIT(this,
+		.public = {
+			.get_ike_cfg = _get_ike_cfg,
+			.get_peer_cfg_by_name = _get_peer_cfg_by_name,
+			.create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
+			.add_backend = _add_backend,
+			.remove_backend = _remove_backend,
+			.destroy = _destroy,
+		},
+		.backends = linked_list_create(),
+		.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+	);
 
 	return &this->public;
 }
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index 1cdfd5949..74949be3c 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -80,6 +80,11 @@ struct private_child_cfg_t {
 	ipsec_mode_t mode;
 
 	/**
+	 * action to take to start CHILD_SA
+	 */
+	action_t start_action;
+
+	/**
 	 * action to take on DPD
 	 */
 	action_t dpd_action;
@@ -118,6 +123,12 @@ struct private_child_cfg_t {
 	 * Optional mark to install outbound CHILD_SA with
 	 */
 	mark_t mark_out;
+
+	/**
+	 * Traffic Flow Confidentiality padding, if enabled
+	 */
+	u_int32_t tfc;
+
 	/**
 	 * set up IPsec transport SA in MIPv6 proxy mode
 	 */
@@ -129,26 +140,20 @@ struct private_child_cfg_t {
 	bool install_policy;
 };
 
-/**
- * Implementation of child_cfg_t.get_name.
- */
-static char *get_name(private_child_cfg_t *this)
+METHOD(child_cfg_t, get_name, char*,
+	private_child_cfg_t *this)
 {
 	return this->name;
 }
 
-/**
- * Implementation of child_cfg_t.add_proposal.
- */
-static void add_proposal(private_child_cfg_t *this, proposal_t *proposal)
+METHOD(child_cfg_t, add_proposal, void,
+	private_child_cfg_t *this, proposal_t *proposal)
 {
 	this->proposals->insert_last(this->proposals, proposal);
 }
 
-/**
- * Implementation of child_cfg_t.get_proposals.
- */
-static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh)
+METHOD(child_cfg_t, get_proposals, linked_list_t*,
+	private_child_cfg_t *this, bool strip_dh)
 {
 	enumerator_t *enumerator;
 	proposal_t *current;
@@ -169,12 +174,9 @@ static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh)
 	return proposals;
 }
 
-/**
- * Implementation of child_cfg_t.select_proposal.
- */
-static proposal_t* select_proposal(private_child_cfg_t*this,
-								   linked_list_t *proposals, bool strip_dh,
-								   bool private)
+METHOD(child_cfg_t, select_proposal, proposal_t*,
+	private_child_cfg_t*this, linked_list_t *proposals, bool strip_dh,
+	bool private)
 {
 	enumerator_t *stored_enum, *supplied_enum;
 	proposal_t *stored, *supplied, *selected = NULL;
@@ -219,11 +221,8 @@ static proposal_t* select_proposal(private_child_cfg_t*this,
 	return selected;
 }
 
-/**
- * Implementation of child_cfg_t.add_traffic_selector.
- */
-static void add_traffic_selector(private_child_cfg_t *this, bool local,
-								 traffic_selector_t *ts)
+METHOD(child_cfg_t, add_traffic_selector, void,
+	private_child_cfg_t *this, bool local, traffic_selector_t *ts)
 {
 	if (local)
 	{
@@ -235,12 +234,8 @@ static void add_traffic_selector(private_child_cfg_t *this, bool local,
 	}
 }
 
-/**
- * Implementation of child_cfg_t.get_traffic_selectors.
- */
-static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool local,
-											linked_list_t *supplied,
-											host_t *host)
+METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*,
+	private_child_cfg_t *this, bool local, linked_list_t *supplied,	host_t *host)
 {
 	enumerator_t *e1, *e2;
 	traffic_selector_t *ts1, *ts2, *selected;
@@ -346,18 +341,14 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
 	return result;
 }
 
-/**
- * Implementation of child_cfg_t.get_updown.
- */
-static char* get_updown(private_child_cfg_t *this)
+METHOD(child_cfg_t, get_updown, char*,
+	private_child_cfg_t *this)
 {
 	return this->updown;
 }
 
-/**
- * Implementation of child_cfg_t.get_hostaccess.
- */
-static bool get_hostaccess(private_child_cfg_t *this)
+METHOD(child_cfg_t, get_hostaccess, bool,
+	private_child_cfg_t *this)
 {
 	return this->hostaccess;
 }
@@ -378,10 +369,8 @@ static u_int64_t apply_jitter(u_int64_t rekey, u_int64_t jitter)
 }
 #define APPLY_JITTER(l) l.rekey = apply_jitter(l.rekey, l.jitter)
 
-/**
- * Implementation of child_cfg_t.get_lifetime.
- */
-static lifetime_cfg_t *get_lifetime(private_child_cfg_t *this)
+METHOD(child_cfg_t, get_lifetime, lifetime_cfg_t*,
+	private_child_cfg_t *this)
 {
 	lifetime_cfg_t *lft = malloc_thing(lifetime_cfg_t);
 	memcpy(lft, &this->lifetime, sizeof(lifetime_cfg_t));
@@ -391,34 +380,32 @@ static lifetime_cfg_t *get_lifetime(private_child_cfg_t *this)
 	return lft;
 }
 
-/**
- * Implementation of child_cfg_t.get_mode.
- */
-static ipsec_mode_t get_mode(private_child_cfg_t *this)
+METHOD(child_cfg_t, get_mode, ipsec_mode_t,
+	private_child_cfg_t *this)
 {
 	return this->mode;
 }
 
-/**
- * Implementation of child_cfg_t.get_dpd_action.
- */
-static action_t get_dpd_action(private_child_cfg_t *this)
+METHOD(child_cfg_t, get_start_action, action_t,
+	private_child_cfg_t *this)
+{
+	return this->start_action;
+}
+
+METHOD(child_cfg_t, get_dpd_action, action_t,
+	private_child_cfg_t *this)
 {
 	return this->dpd_action;
 }
 
-/**
- * Implementation of child_cfg_t.get_close_action.
- */
-static action_t get_close_action(private_child_cfg_t *this)
+METHOD(child_cfg_t, get_close_action, action_t,
+	private_child_cfg_t *this)
 {
 	return this->close_action;
 }
 
-/**
- * Implementation of child_cfg_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_child_cfg_t *this)
+METHOD(child_cfg_t, get_dh_group, diffie_hellman_group_t,
+	private_child_cfg_t *this)
 {
 	enumerator_t *enumerator;
 	proposal_t *proposal;
@@ -436,77 +423,64 @@ static diffie_hellman_group_t get_dh_group(private_child_cfg_t *this)
 	return dh_group;
 }
 
-/**
- * Implementation of child_cfg_t.use_ipcomp.
- */
-static bool use_ipcomp(private_child_cfg_t *this)
+METHOD(child_cfg_t, use_ipcomp, bool,
+	private_child_cfg_t *this)
 {
 	return this->use_ipcomp;
 }
 
-/**
- * Implementation of child_cfg_t.get_inactivity.
- */
-static u_int32_t get_inactivity(private_child_cfg_t *this)
+METHOD(child_cfg_t, get_inactivity, u_int32_t,
+	private_child_cfg_t *this)
 {
 	return this->inactivity;
 }
 
-/**
- * Implementation of child_cfg_t.get_reqid.
- */
-static u_int32_t get_reqid(private_child_cfg_t *this)
+METHOD(child_cfg_t, get_reqid, u_int32_t,
+	private_child_cfg_t *this)
 {
 	return this->reqid;
 }
 
-/**
- * Implementation of child_cfg_t.get_mark.
- */
-static mark_t get_mark(private_child_cfg_t *this, bool inbound)
+METHOD(child_cfg_t, get_mark, mark_t,
+	private_child_cfg_t *this, bool inbound)
 {
 	return inbound ? this->mark_in : this->mark_out;
 }
 
-/**
- * Implementation of child_cfg_t.set_mipv6_options.
- */
-static void set_mipv6_options(private_child_cfg_t *this, bool proxy_mode,
-														 bool install_policy)
+METHOD(child_cfg_t, get_tfc, u_int32_t,
+	private_child_cfg_t *this)
+{
+	return this->tfc;
+}
+
+METHOD(child_cfg_t, set_mipv6_options, void,
+	private_child_cfg_t *this, bool proxy_mode, bool install_policy)
 {
 	this->proxy_mode = proxy_mode;
 	this->install_policy = install_policy;
 }
 
-/**
- * Implementation of child_cfg_t.use_proxy_mode.
- */
-static bool use_proxy_mode(private_child_cfg_t *this)
+METHOD(child_cfg_t, use_proxy_mode, bool,
+	private_child_cfg_t *this)
 {
 	return this->proxy_mode;
 }
 
-/**
- * Implementation of child_cfg_t.install_policy.
- */
-static bool install_policy(private_child_cfg_t *this)
+METHOD(child_cfg_t, install_policy, bool,
+	private_child_cfg_t *this)
 {
 	return this->install_policy;
 }
 
-/**
- * Implementation of child_cfg_t.get_ref.
- */
-static child_cfg_t* get_ref(private_child_cfg_t *this)
+METHOD(child_cfg_t, get_ref, child_cfg_t*,
+	private_child_cfg_t *this)
 {
 	ref_get(&this->refcount);
 	return &this->public;
 }
 
-/**
- * Implements child_cfg_t.destroy.
- */
-static void destroy(private_child_cfg_t *this)
+METHOD(child_cfg_t, destroy, void,
+	private_child_cfg_t *this)
 {
 	if (ref_put(&this->refcount))
 	{
@@ -527,71 +501,67 @@ static void destroy(private_child_cfg_t *this)
  */
 child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
 							  char *updown, bool hostaccess,
-							  ipsec_mode_t mode, action_t dpd_action,
-							  action_t close_action, bool ipcomp,
-							  u_int32_t inactivity, u_int32_t reqid,
-							  mark_t *mark_in, mark_t *mark_out)
+							  ipsec_mode_t mode, action_t start_action,
+							  action_t dpd_action, action_t close_action,
+							  bool ipcomp, u_int32_t inactivity, u_int32_t reqid,
+							  mark_t *mark_in, mark_t *mark_out, u_int32_t tfc)
 {
-	private_child_cfg_t *this = malloc_thing(private_child_cfg_t);
-
-	this->public.get_name = (char* (*) (child_cfg_t*))get_name;
-	this->public.add_traffic_selector = (void (*)(child_cfg_t*,bool,traffic_selector_t*))add_traffic_selector;
-	this->public.get_traffic_selectors = (linked_list_t*(*)(child_cfg_t*,bool,linked_list_t*,host_t*))get_traffic_selectors;
-	this->public.add_proposal = (void (*) (child_cfg_t*,proposal_t*))add_proposal;
-	this->public.get_proposals = (linked_list_t* (*) (child_cfg_t*,bool))get_proposals;
-	this->public.select_proposal = (proposal_t* (*) (child_cfg_t*,linked_list_t*,bool,bool))select_proposal;
-	this->public.get_updown = (char* (*) (child_cfg_t*))get_updown;
-	this->public.get_hostaccess = (bool (*) (child_cfg_t*))get_hostaccess;
-	this->public.get_mode = (ipsec_mode_t (*) (child_cfg_t *))get_mode;
-	this->public.get_dpd_action = (action_t (*) (child_cfg_t *))get_dpd_action;
-	this->public.get_close_action = (action_t (*) (child_cfg_t *))get_close_action;
-	this->public.get_lifetime = (lifetime_cfg_t* (*) (child_cfg_t *))get_lifetime;
-	this->public.get_dh_group = (diffie_hellman_group_t(*)(child_cfg_t*)) get_dh_group;
-	this->public.set_mipv6_options = (void (*) (child_cfg_t*,bool,bool))set_mipv6_options;
-	this->public.use_ipcomp = (bool (*) (child_cfg_t *))use_ipcomp;
-	this->public.get_inactivity = (u_int32_t (*) (child_cfg_t *))get_inactivity;
-	this->public.get_reqid = (u_int32_t (*) (child_cfg_t *))get_reqid;
-	this->public.get_mark = (mark_t (*) (child_cfg_t *,bool))get_mark;
-	this->public.use_proxy_mode = (bool (*) (child_cfg_t *))use_proxy_mode;
-	this->public.install_policy = (bool (*) (child_cfg_t *))install_policy;
-	this->public.get_ref = (child_cfg_t* (*) (child_cfg_t*))get_ref;
-	this->public.destroy = (void (*) (child_cfg_t*))destroy;
-
-	this->name = strdup(name);
-	this->updown = updown ? strdup(updown) : NULL;
-	this->hostaccess = hostaccess;
-	this->mode = mode;
-	this->dpd_action = dpd_action;
-	this->close_action = close_action;
-	this->use_ipcomp = ipcomp;
-	this->inactivity = inactivity;
-	this->reqid = reqid;
+	private_child_cfg_t *this;
+
+	INIT(this,
+		.public = {
+			.get_name = _get_name,
+			.add_traffic_selector = _add_traffic_selector,
+			.get_traffic_selectors = _get_traffic_selectors,
+			.add_proposal = _add_proposal,
+			.get_proposals = _get_proposals,
+			.select_proposal = _select_proposal,
+			.get_updown = _get_updown,
+			.get_hostaccess = _get_hostaccess,
+			.get_mode = _get_mode,
+			.get_start_action = _get_start_action,
+			.get_dpd_action = _get_dpd_action,
+			.get_close_action = _get_close_action,
+			.get_lifetime = _get_lifetime,
+			.get_dh_group = _get_dh_group,
+			.set_mipv6_options = _set_mipv6_options,
+			.use_ipcomp = _use_ipcomp,
+			.get_inactivity = _get_inactivity,
+			.get_reqid = _get_reqid,
+			.get_mark = _get_mark,
+			.get_tfc = _get_tfc,
+			.use_proxy_mode = _use_proxy_mode,
+			.install_policy = _install_policy,
+			.get_ref = _get_ref,
+			.destroy = _destroy,
+		},
+		.name = strdup(name),
+		.updown = strdupnull(updown),
+		.hostaccess = hostaccess,
+		.mode = mode,
+		.start_action = start_action,
+		.dpd_action = dpd_action,
+		.close_action = close_action,
+		.use_ipcomp = ipcomp,
+		.inactivity = inactivity,
+		.reqid = reqid,
+		.proxy_mode = FALSE,
+		.install_policy = TRUE,
+		.refcount = 1,
+		.proposals = linked_list_create(),
+		.my_ts = linked_list_create(),
+		.other_ts = linked_list_create(),
+		.tfc = tfc,
+	);
 
 	if (mark_in)
 	{
 		this->mark_in = *mark_in;
 	}
-	else
-	{
-		this->mark_in.value = 0;
-		this->mark_in.mask  = 0;
-	}
 	if (mark_out)
 	{
 		this->mark_out = *mark_out;
 	}
-	else
-	{
-		this->mark_out.value = 0;
-		this->mark_out.mask  = 0;
-	}
-
-	this->proxy_mode = FALSE;
-	this->install_policy = TRUE;
-	this->refcount = 1;
-	this->proposals = linked_list_create();
-	this->my_ts = linked_list_create();
-	this->other_ts = linked_list_create();
 	memcpy(&this->lifetime, lifetime, sizeof(lifetime_cfg_t));
 
 	return &this->public;
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index 1e6fe3fe9..175ced76c 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -32,14 +32,15 @@ typedef struct child_cfg_t child_cfg_t;
 #include <kernel/kernel_ipsec.h>
 
 /**
- * Action to take when DPD detected/connection gets closed by peer.
+ * Action to take when connection is loaded, DPD is detected or
+ * connection gets closed by peer.
  */
 enum action_t {
 	/** No action */
 	ACTION_NONE,
-	/** Route config to reestablish on demand */
+	/** Route config to establish or reestablish on demand */
 	ACTION_ROUTE,
-	/** Restart config immediately */
+	/** Start or restart config immediately */
 	ACTION_RESTART,
 };
 
@@ -169,6 +170,13 @@ struct child_cfg_t {
 	ipsec_mode_t (*get_mode) (child_cfg_t *this);
 
 	/**
+	 * Action to take to start CHILD_SA.
+	 *
+	 * @return				start action
+	 */
+	action_t (*get_start_action) (child_cfg_t *this);
+
+	/**
 	 * Action to take on DPD.
 	 *
 	 * @return				DPD action
@@ -220,6 +228,13 @@ struct child_cfg_t {
 	mark_t (*get_mark)(child_cfg_t *this, bool inbound);
 
 	/**
+	 * Get the TFC padding value to use for CHILD_SA.
+	 *
+	 * @return				TFC padding, 0 to disable, -1 for MTU
+	 */
+	u_int32_t (*get_tfc)(child_cfg_t *this);
+
+	/**
 	 * Sets two options needed for Mobile IPv6 interoperability
 	 *
 	 * @param proxy_mode	use IPsec transport proxy mode (default FALSE)
@@ -276,6 +291,7 @@ struct child_cfg_t {
  * @param updown			updown script to execute on up/down event
  * @param hostaccess		TRUE to allow access to the local host
  * @param mode				mode to propose for CHILD_SA, transport, tunnel or BEET
+ * @param start_action		start action
  * @param dpd_action		DPD action
  * @param close_action		close action
  * @param ipcomp			use IPComp, if peer supports it
@@ -283,13 +299,14 @@ struct child_cfg_t {
  * @param reqid				specific reqid to use for CHILD_SA, 0 for auto assign
  * @param mark_in			optional inbound mark (can be NULL)
  * @param mark_out			optional outbound mark (can be NULL)
+ * @param tfc				TFC padding size, 0 to disable, -1 to pad to PMTU
  * @return					child_cfg_t object
  */
 child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
 							  char *updown, bool hostaccess,
-							  ipsec_mode_t mode, action_t dpd_action,
-							  action_t close_action, bool ipcomp,
-							  u_int32_t inactivity, u_int32_t reqid,
-							  mark_t *mark_in, mark_t *mark_out);
+							  ipsec_mode_t mode, action_t start_action,
+							  action_t dpd_action, action_t close_action,
+							  bool ipcomp, u_int32_t inactivity, u_int32_t reqid,
+							  mark_t *mark_in, mark_t *mark_out, u_int32_t tfc);
 
 #endif /** CHILD_CFG_H_ @}*/
diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c
index 9df14c9ae..6f0c87279 100644
--- a/src/libcharon/config/peer_cfg.c
+++ b/src/libcharon/config/peer_cfg.c
@@ -682,7 +682,7 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg,
 	this->use_mobike = mobike;
 	this->dpd = dpd;
 	this->virtual_ip = virtual_ip;
-	this->pool = pool ? strdup(pool) : NULL;
+	this->pool = strdupnull(pool);
 	this->local_auth = linked_list_create();
 	this->remote_auth = linked_list_create();
 	this->refcount = 1;
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 5b8294599..86a59bc1b 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -560,6 +560,7 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
 
 	if (token == NULL)
 	{
+		DBG1(DBG_CFG, "algorithm '%.*s' not recognized", alg.len, alg.ptr);
 		return FAILED;
 	}
 
@@ -740,9 +741,10 @@ static void proposal_add_supported_ike(private_proposal_t *this)
 	integrity_algorithm_t integrity;
 	pseudo_random_function_t prf;
 	diffie_hellman_group_t group;
+	const char *plugin_name;
 
 	enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
-	while (enumerator->enumerate(enumerator, &encryption))
+	while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
 	{
 		switch (encryption)
 		{
@@ -777,7 +779,7 @@ static void proposal_add_supported_ike(private_proposal_t *this)
 	enumerator->destroy(enumerator);
 
 	enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
-	while (enumerator->enumerate(enumerator, &integrity))
+	while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
 	{
 		switch (integrity)
 		{
@@ -796,7 +798,7 @@ static void proposal_add_supported_ike(private_proposal_t *this)
 	enumerator->destroy(enumerator);
 
 	enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
-	while (enumerator->enumerate(enumerator, &prf))
+	while (enumerator->enumerate(enumerator, &prf, &plugin_name))
 	{
 		switch (prf)
 		{
@@ -815,7 +817,7 @@ static void proposal_add_supported_ike(private_proposal_t *this)
 	enumerator->destroy(enumerator);
 
 	enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
-	while (enumerator->enumerate(enumerator, &group))
+	while (enumerator->enumerate(enumerator, &group, &plugin_name))
 	{
 		switch (group)
 		{