diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2016-07-16 15:19:53 +0200 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2016-07-16 15:19:53 +0200 |
commit | bf372706c469764d59e9f29c39e3ecbebd72b8d2 (patch) | |
tree | 0f0e296e2d50e4a7faf99ae6fa428d2681e81ea1 /src/libcharon/sa/ikev1 | |
parent | 518dd33c94e041db0444c7d1f33da363bb8e3faf (diff) | |
download | vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.tar.gz vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.zip |
Imported Upstream version 5.5.0
Diffstat (limited to 'src/libcharon/sa/ikev1')
-rw-r--r-- | src/libcharon/sa/ikev1/keymat_v1.c | 48 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/keymat_v1.h | 8 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/task_manager_v1.c | 100 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/aggressive_mode.c | 17 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/isakmp_delete.c | 2 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/isakmp_dpd.c | 8 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/isakmp_dpd.h | 2 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/isakmp_natd.c | 4 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/isakmp_vendor.c | 2 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/main_mode.c | 22 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/mode_config.c | 2 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/quick_delete.c | 10 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/quick_delete.h | 2 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/quick_mode.c | 60 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/quick_mode.h | 6 | ||||
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/xauth.c | 2 |
16 files changed, 162 insertions, 133 deletions
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index e428966ad..be6b03bef 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -32,7 +32,7 @@ typedef struct private_keymat_v1_t private_keymat_v1_t; */ typedef struct { /** message ID */ - u_int32_t mid; + uint32_t mid; /** current IV */ chunk_t iv; /** last block of encrypted message */ @@ -128,7 +128,7 @@ static void iv_data_destroy(iv_data_t *this) */ typedef struct { /** message ID */ - u_int32_t mid; + uint32_t mid; /** Ni_b (Nonce from first message) */ chunk_t n_i; /** Nr_b (Nonce from second message) */ @@ -272,7 +272,7 @@ static bool expand_skeyid_e(chunk_t skeyid_e, size_t key_size, prf_t *prf, static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e) { private_aead_t *this; - u_int16_t alg, key_size; + uint16_t alg, key_size; crypter_t *crypter; chunk_t ka; @@ -324,7 +324,7 @@ static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e) /** * Converts integrity algorithm to PRF algorithm */ -static u_int16_t auth_to_prf(u_int16_t alg) +static uint16_t auth_to_prf(uint16_t alg) { switch (alg) { @@ -348,7 +348,7 @@ static u_int16_t auth_to_prf(u_int16_t alg) /** * Converts integrity algorithm to hash algorithm */ -static u_int16_t auth_to_hash(u_int16_t alg) +static uint16_t auth_to_hash(uint16_t alg) { switch (alg) { @@ -370,7 +370,7 @@ static u_int16_t auth_to_hash(u_int16_t alg) /** * Adjust the key length for PRF algorithms that expect a fixed key length. */ -static void adjust_keylen(u_int16_t alg, chunk_t *key) +static void adjust_keylen(uint16_t alg, chunk_t *key) { switch (alg) { @@ -393,10 +393,10 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, { chunk_t g_xy, g_xi, g_xr, dh_me, spi_i, spi_r, nonces, data, skeyid_e; chunk_t skeyid; - u_int16_t alg; + uint16_t alg; - spi_i = chunk_alloca(sizeof(u_int64_t)); - spi_r = chunk_alloca(sizeof(u_int64_t)); + spi_i = chunk_alloca(sizeof(uint64_t)); + spi_r = chunk_alloca(sizeof(uint64_t)); if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL)) { /* no PRF negotiated, use HMAC version of integrity algorithm instead */ @@ -431,8 +431,8 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, } DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &g_xy); - *((u_int64_t*)spi_i.ptr) = id->get_initiator_spi(id); - *((u_int64_t*)spi_r.ptr) = id->get_responder_spi(id); + *((uint64_t*)spi_i.ptr) = id->get_initiator_spi(id); + *((uint64_t*)spi_r.ptr) = id->get_responder_spi(id); nonces = chunk_cata("cc", nonce_i, nonce_r); switch (auth) @@ -585,11 +585,11 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, METHOD(keymat_v1_t, derive_child_keys, bool, private_keymat_v1_t *this, proposal_t *proposal, diffie_hellman_t *dh, - u_int32_t spi_i, u_int32_t spi_r, chunk_t nonce_i, chunk_t nonce_r, + uint32_t spi_i, uint32_t spi_r, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r) { - u_int16_t enc_alg, int_alg, enc_size = 0, int_size = 0; - u_int8_t protocol; + uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0; + uint8_t protocol; prf_plus_t *prf_plus; chunk_t seed, secret = chunk_empty; bool success = FALSE; @@ -725,7 +725,7 @@ failure: METHOD(keymat_v1_t, create_hasher, bool, private_keymat_v1_t *this, proposal_t *proposal) { - u_int16_t alg; + uint16_t alg; if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL) || (alg = auth_to_hash(alg)) == HASH_UNKNOWN) { @@ -754,7 +754,7 @@ METHOD(keymat_v1_t, get_hash, bool, ike_sa_id_t *ike_sa_id, chunk_t sa_i, chunk_t id, chunk_t *hash) { chunk_t data; - u_int64_t spi, spi_other; + uint64_t spi, spi_other; /* HASH_I = prf(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b ) * HASH_R = prf(SKEYID, g^xr | g^xi | CKY-R | CKY-I | SAi_b | IDir_b ) @@ -810,7 +810,7 @@ static chunk_t get_message_data(message_t *message, generator_t *generator) { payload_t *payload, *next; enumerator_t *enumerator; - u_int32_t *lenpos; + uint32_t *lenpos; if (message->is_encoded(message)) { /* inbound, although the message is generated, we cannot access the @@ -850,7 +850,7 @@ static chunk_t get_message_data(message_t *message, generator_t *generator) * Try to find data about a Quick Mode with the given message ID, * if none is found, state is generated. */ -static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, u_int32_t mid) +static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, uint32_t mid) { enumerator_t *enumerator; qm_data_t *qm, *found = NULL; @@ -885,7 +885,7 @@ static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, u_int32_t mid) METHOD(keymat_v1_t, get_hash_phase2, bool, private_keymat_v1_t *this, message_t *message, chunk_t *hash) { - u_int32_t mid, mid_n; + uint32_t mid, mid_n; chunk_t data = chunk_empty; bool add_message = TRUE; char *name = "Hash"; @@ -993,7 +993,7 @@ static bool generate_iv(private_keymat_v1_t *this, iv_data_t *iv) else { /* initial phase 2 IV = hash(last_phase1_block | mid) */ - u_int32_t net;; + uint32_t net;; chunk_t data; net = htonl(iv->mid); @@ -1014,7 +1014,7 @@ static bool generate_iv(private_keymat_v1_t *this, iv_data_t *iv) /** * Try to find an IV for the given message ID, if not found, generate it. */ -static iv_data_t *lookup_iv(private_keymat_v1_t *this, u_int32_t mid) +static iv_data_t *lookup_iv(private_keymat_v1_t *this, uint32_t mid) { enumerator_t *enumerator; iv_data_t *iv, *found = NULL; @@ -1057,7 +1057,7 @@ static iv_data_t *lookup_iv(private_keymat_v1_t *this, u_int32_t mid) } METHOD(keymat_v1_t, get_iv, bool, - private_keymat_v1_t *this, u_int32_t mid, chunk_t *out) + private_keymat_v1_t *this, uint32_t mid, chunk_t *out) { iv_data_t *iv; @@ -1071,7 +1071,7 @@ METHOD(keymat_v1_t, get_iv, bool, } METHOD(keymat_v1_t, update_iv, bool, - private_keymat_v1_t *this, u_int32_t mid, chunk_t last_block) + private_keymat_v1_t *this, uint32_t mid, chunk_t last_block) { iv_data_t *iv = lookup_iv(this, mid); if (iv) @@ -1084,7 +1084,7 @@ METHOD(keymat_v1_t, update_iv, bool, } METHOD(keymat_v1_t, confirm_iv, bool, - private_keymat_v1_t *this, u_int32_t mid) + private_keymat_v1_t *this, uint32_t mid) { iv_data_t *iv = lookup_iv(this, mid); if (iv) diff --git a/src/libcharon/sa/ikev1/keymat_v1.h b/src/libcharon/sa/ikev1/keymat_v1.h index cc9f3b339..46eeea8b6 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.h +++ b/src/libcharon/sa/ikev1/keymat_v1.h @@ -72,7 +72,7 @@ struct keymat_v1_t { * @param integ_r allocated responders integrity key */ bool (*derive_child_keys)(keymat_v1_t *this, proposal_t *proposal, - diffie_hellman_t *dh, u_int32_t spi_i, u_int32_t spi_r, + diffie_hellman_t *dh, uint32_t spi_i, uint32_t spi_r, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r); @@ -127,7 +127,7 @@ struct keymat_v1_t { * @param iv chunk receiving IV, internal data * @return TRUE if IV allocated successfully */ - bool (*get_iv)(keymat_v1_t *this, u_int32_t mid, chunk_t *iv); + bool (*get_iv)(keymat_v1_t *this, uint32_t mid, chunk_t *iv); /** * Updates the IV for the next message with the given message ID. @@ -141,7 +141,7 @@ struct keymat_v1_t { * @param last_block last block of encrypted message (gets cloned) * @return TRUE if IV updated successfully */ - bool (*update_iv)(keymat_v1_t *this, u_int32_t mid, chunk_t last_block); + bool (*update_iv)(keymat_v1_t *this, uint32_t mid, chunk_t last_block); /** * Confirms the updated IV for the given message ID. @@ -152,7 +152,7 @@ struct keymat_v1_t { * @param mid message ID * @return TRUE if IV confirmed successfully */ - bool (*confirm_iv)(keymat_v1_t *this, u_int32_t mid); + bool (*confirm_iv)(keymat_v1_t *this, uint32_t mid); }; /** diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 3c601a4fa..b0c4f5f84 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2007-2015 Tobias Brunner + * Copyright (C) 2007-2016 Tobias Brunner * Copyright (C) 2007-2011 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -67,7 +67,7 @@ struct exchange_t { /** * Message ID used for this transaction */ - u_int32_t mid; + uint32_t mid; /** * generated packet for retransmission @@ -104,12 +104,12 @@ struct private_task_manager_t { /** * Message ID of the last response */ - u_int32_t mid; + uint32_t mid; /** * Hash of a previously received message */ - u_int32_t hash; + uint32_t hash; /** * packet(s) for retransmission @@ -119,7 +119,7 @@ struct private_task_manager_t { /** * Sequence number of the last sent message */ - u_int32_t seqnr; + uint32_t seqnr; /** * how many times we have retransmitted so far @@ -135,12 +135,12 @@ struct private_task_manager_t { /** * Message ID of the exchange */ - u_int32_t mid; + uint32_t mid; /** * Hashes of old responses we can ignore */ - u_int32_t old_hashes[MAX_OLD_HASHES]; + uint32_t old_hashes[MAX_OLD_HASHES]; /** * Position in old hash array @@ -150,7 +150,7 @@ struct private_task_manager_t { /** * Sequence number of the last sent message */ - u_int32_t seqnr; + uint32_t seqnr; /** * how many times we have retransmitted so far @@ -212,12 +212,12 @@ struct private_task_manager_t { /** * Sequence number for sending DPD requests */ - u_int32_t dpd_send; + uint32_t dpd_send; /** * Sequence number for received DPD requests */ - u_int32_t dpd_recv; + uint32_t dpd_recv; }; /** @@ -341,11 +341,11 @@ static bool generate_message(private_task_manager_t *this, message_t *message, /** * Retransmit a packet (or its fragments) */ -static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr, +static status_t retransmit_packet(private_task_manager_t *this, uint32_t seqnr, u_int mid, u_int retransmitted, array_t *packets) { packet_t *packet; - u_int32_t t; + uint32_t t; array_get(packets, 0, &packet); if (retransmitted > this->retransmit_tries) @@ -354,14 +354,15 @@ static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr, charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT, packet); return DESTROY_ME; } - t = (u_int32_t)(this->retransmit_timeout * 1000.0 * + t = (uint32_t)(this->retransmit_timeout * 1000.0 * pow(this->retransmit_base, retransmitted)); if (retransmitted) { DBG1(DBG_IKE, "sending retransmit %u of %s message ID %u, seq %u", retransmitted, seqnr < RESPONDING_SEQ ? "request" : "response", mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ); - charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet); + charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet, + retransmitted); } send_packets(this, packets); lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*) @@ -370,7 +371,7 @@ static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr, } METHOD(task_manager_t, retransmit, status_t, - private_task_manager_t *this, u_int32_t seqnr) + private_task_manager_t *this, uint32_t seqnr) { status_t status = SUCCESS; @@ -514,26 +515,26 @@ METHOD(task_manager_t, initiate, status_t, new_mid = TRUE; break; } - if (!mode_config_expected(this) && - activate_task(this, TASK_QUICK_MODE)) + if (activate_task(this, TASK_ISAKMP_DELETE)) { - exchange = QUICK_MODE; + exchange = INFORMATIONAL_V1; new_mid = TRUE; break; } - if (activate_task(this, TASK_INFORMATIONAL)) + if (activate_task(this, TASK_QUICK_DELETE)) { exchange = INFORMATIONAL_V1; new_mid = TRUE; break; } - if (activate_task(this, TASK_QUICK_DELETE)) + if (!mode_config_expected(this) && + activate_task(this, TASK_QUICK_MODE)) { - exchange = INFORMATIONAL_V1; + exchange = QUICK_MODE; new_mid = TRUE; break; } - if (activate_task(this, TASK_ISAKMP_DELETE)) + if (activate_task(this, TASK_INFORMATIONAL)) { exchange = INFORMATIONAL_V1; new_mid = TRUE; @@ -807,7 +808,7 @@ static void send_notify(private_task_manager_t *this, message_t *request, message_t *response; array_t *packets = NULL; host_t *me, *other; - u_int32_t mid; + uint32_t mid; if (request->get_exchange_type(request) == INFORMATIONAL_V1) { /* don't respond to INFORMATIONAL requests to avoid a notify war */ @@ -857,7 +858,7 @@ static bool process_dpd(private_task_manager_t *this, message_t *message) { notify_payload_t *notify; notify_type_t type; - u_int32_t seq; + uint32_t seq; chunk_t data; type = DPD_R_U_THERE; @@ -910,7 +911,7 @@ static bool process_dpd(private_task_manager_t *this, message_t *message) * Check if we already have a quick mode task queued for the exchange with the * given message ID */ -static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid) +static bool have_quick_mode_task(private_task_manager_t *this, uint32_t mid) { enumerator_t *enumerator; quick_mode_t *qm; @@ -935,9 +936,9 @@ static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid) } /** - * Check if we still have an aggressive mode task queued + * Check if we still have a specific task queued */ -static bool have_aggressive_mode_task(private_task_manager_t *this) +static bool have_task_queued(private_task_manager_t *this, task_type_t type) { enumerator_t *enumerator; task_t *task; @@ -946,7 +947,7 @@ static bool have_aggressive_mode_task(private_task_manager_t *this) enumerator = this->passive_tasks->create_enumerator(this->passive_tasks); while (enumerator->enumerate(enumerator, &task)) { - if (task->get_type(task) == TASK_AGGRESSIVE_MODE) + if (task->get_type(task) == type) { found = TRUE; break; @@ -1180,6 +1181,12 @@ static status_t process_response(private_task_manager_t *this, } enumerator->destroy(enumerator); + if (this->initiating.retransmitted) + { + packet_t *packet = NULL; + array_get(this->initiating.packets, 0, &packet); + charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet); + } this->initiating.type = EXCHANGE_TYPE_UNDEFINED; clear_packets(this->initiating.packets); @@ -1305,7 +1312,7 @@ static status_t queue_message(private_task_manager_t *this, message_t *msg) METHOD(task_manager_t, process_message, status_t, private_task_manager_t *this, message_t *msg) { - u_int32_t hash, mid, i; + uint32_t hash, mid, i; host_t *me, *other; status_t status; @@ -1405,7 +1412,7 @@ METHOD(task_manager_t, process_message, status_t, /* drop XAuth/Mode Config/Quick Mode messages until we received the last * Aggressive Mode message. since Informational messages are not * retransmitted we queue them. */ - if (have_aggressive_mode_task(this)) + if (have_task_queued(this, TASK_AGGRESSIVE_MODE)) { if (msg->get_exchange_type(msg) == INFORMATIONAL_V1) { @@ -1427,6 +1434,13 @@ METHOD(task_manager_t, process_message, status_t, return queue_message(this, msg); } + /* some peers send INITIAL_CONTACT notifies during XAuth, cache it */ + if (have_task_queued(this, TASK_XAUTH) && + msg->get_exchange_type(msg) == INFORMATIONAL_V1) + { + return queue_message(this, msg); + } + msg->set_request(msg, TRUE); charon->bus->message(charon->bus, msg, TRUE, FALSE); status = parse_message(this, msg); @@ -1499,8 +1513,8 @@ static bool has_queued(private_task_manager_t *this, task_type_t type) return found; } -METHOD(task_manager_t, queue_task, void, - private_task_manager_t *this, task_t *task) +METHOD(task_manager_t, queue_task_delayed, void, + private_task_manager_t *this, task_t *task, uint32_t delay) { task_type_t type = task->get_type(task); @@ -1521,6 +1535,12 @@ METHOD(task_manager_t, queue_task, void, this->queued_tasks->insert_last(this->queued_tasks, task); } +METHOD(task_manager_t, queue_task, void, + private_task_manager_t *this, task_t *task) +{ + queue_task_delayed(this, task, 0); +} + METHOD(task_manager_t, queue_ike, void, private_task_manager_t *this) { @@ -1660,7 +1680,7 @@ METHOD(task_manager_t, queue_mobike, void, } METHOD(task_manager_t, queue_child, void, - private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid, + private_task_manager_t *this, child_cfg_t *cfg, uint32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr) { quick_mode_t *task; @@ -1739,7 +1759,7 @@ static traffic_selector_t* get_first_ts(child_sa_t *child_sa, bool local) } METHOD(task_manager_t, queue_child_rekey, void, - private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi) + private_task_manager_t *this, protocol_id_t protocol, uint32_t spi) { child_sa_t *child_sa; child_cfg_t *cfg; @@ -1754,6 +1774,7 @@ METHOD(task_manager_t, queue_child_rekey, void, { if (is_redundant(this, child_sa)) { + child_sa->set_state(child_sa, CHILD_REKEYED); queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol, spi, FALSE, FALSE)); } @@ -1774,7 +1795,7 @@ METHOD(task_manager_t, queue_child_rekey, void, } METHOD(task_manager_t, queue_child_delete, void, - private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi, + private_task_manager_t *this, protocol_id_t protocol, uint32_t spi, bool expired) { queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol, @@ -1785,7 +1806,7 @@ METHOD(task_manager_t, queue_dpd, void, private_task_manager_t *this) { peer_cfg_t *peer_cfg; - u_int32_t t, retransmit; + uint32_t t, retransmit; queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE, this->dpd_send++)); @@ -1798,7 +1819,7 @@ METHOD(task_manager_t, queue_dpd, void, /* use the same timeout as a retransmitting IKE message would have */ for (retransmit = 0; retransmit <= this->retransmit_tries; retransmit++) { - t += (u_int32_t)(this->retransmit_timeout * 1000.0 * + t += (uint32_t)(this->retransmit_timeout * 1000.0 * pow(this->retransmit_base, retransmit)); } } @@ -1871,7 +1892,7 @@ METHOD(task_manager_t, incr_mid, void, } METHOD(task_manager_t, reset, void, - private_task_manager_t *this, u_int32_t initiate, u_int32_t respond) + private_task_manager_t *this, uint32_t initiate, uint32_t respond) { enumerator_t *enumerator; task_t *task; @@ -1960,6 +1981,7 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa) .task_manager = { .process_message = _process_message, .queue_task = _queue_task, + .queue_task_delayed = _queue_task_delayed, .queue_ike = _queue_ike, .queue_ike_rekey = _queue_ike_rekey, .queue_ike_reauth = _queue_ike_reauth, diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 710bf1cd2..9b5f676a3 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -77,7 +77,7 @@ struct private_aggressive_mode_t { /** * Negotiated SA lifetime */ - u_int32_t lifetime; + uint32_t lifetime; /** * Negotiated authentication method @@ -164,7 +164,7 @@ static status_t send_notify(private_aggressive_mode_t *this, notify_type_t type) { notify_payload_t *notify; ike_sa_id_t *ike_sa_id; - u_int64_t spi_i, spi_r; + uint64_t spi_i, spi_r; chunk_t spi; notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, @@ -219,7 +219,7 @@ METHOD(task_t, build_i, status_t, linked_list_t *proposals; identification_t *id; packet_t *packet; - u_int16_t group; + uint16_t group; DBG0(DBG_IKE, "initiating Aggressive Mode IKE_SA %s[%d] to %H", this->ike_sa->get_name(this->ike_sa), @@ -377,7 +377,8 @@ METHOD(task_t, process_r, status_t, id_payload_t *id_payload; identification_t *id; linked_list_t *list; - u_int16_t group; + uint16_t group; + bool prefer_configured; this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "%H is initiating a Aggressive Mode IKE_SA", @@ -401,8 +402,10 @@ METHOD(task_t, process_r, status_t, } list = sa_payload->get_proposals(sa_payload); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, FALSE); + list, FALSE, prefer_configured); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { @@ -629,7 +632,7 @@ METHOD(task_t, process_i, status_t, id_payload_t *id_payload; identification_t *id, *cid; linked_list_t *list; - u_int32_t lifetime; + uint32_t lifetime; sa_payload = (sa_payload_t*)message->get_payload(message, PLV1_SECURITY_ASSOCIATION); @@ -640,7 +643,7 @@ METHOD(task_t, process_i, status_t, } list = sa_payload->get_proposals(sa_payload); this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, FALSE); + list, FALSE, TRUE); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c index a56805afb..df0293d4f 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c @@ -81,7 +81,7 @@ METHOD(task_t, process_r, status_t, payload_t *payload; delete_payload_t *delete_payload; ike_sa_id_t *id; - u_int64_t spi_i, spi_r; + uint64_t spi_i, spi_r; bool found = FALSE; /* some peers send DELETE payloads for other IKE_SAs, e.g. those for expired diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c index 5522e9221..840d352b1 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c @@ -33,7 +33,7 @@ struct private_isakmp_dpd_t { /** * Sequence number. */ - u_int32_t seqnr; + uint32_t seqnr; /** * DPD notify type @@ -51,8 +51,8 @@ METHOD(task_t, build, status_t, { notify_payload_t *notify; ike_sa_id_t *ike_sa_id; - u_int64_t spi_i, spi_r; - u_int32_t seqnr; + uint64_t spi_i, spi_r; + uint32_t seqnr; chunk_t spi; notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, @@ -100,7 +100,7 @@ METHOD(task_t, destroy, void, * Described in header. */ isakmp_dpd_t *isakmp_dpd_create(ike_sa_t *ike_sa, notify_type_t type, - u_int32_t seqnr) + uint32_t seqnr) { private_isakmp_dpd_t *this; diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h index 06a0175eb..9a69b423c 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h +++ b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h @@ -47,6 +47,6 @@ struct isakmp_dpd_t { * @return ISAKMP_DPD task to handle by the task_manager */ isakmp_dpd_t *isakmp_dpd_create(ike_sa_t *ike_sa, notify_type_t type, - u_int32_t seqnr); + uint32_t seqnr); #endif /** ISAKMP_DPD_H_ @}*/ diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c index cb1a31371..d17948cd0 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c @@ -129,8 +129,8 @@ static chunk_t generate_natd_hash(private_isakmp_natd_t *this, { hasher_t *hasher; chunk_t natd_chunk, natd_hash; - u_int64_t spi_i, spi_r; - u_int16_t port; + uint64_t spi_i, spi_r; + uint16_t port; hasher = this->keymat->get_hasher(this->keymat); if (!hasher) diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c index 0162fd84e..f28b83e8a 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c @@ -170,7 +170,7 @@ static struct { * for fragmentation of base ISAKMP messages (Cisco adds that and thus sends * 0xc0000000) */ -static const u_int32_t fragmentation_ike = 0x80000000; +static const uint32_t fragmentation_ike = 0x80000000; static bool is_known_vid(chunk_t data, int i) { diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 3ea4a2a85..628ea0de8 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -77,7 +77,7 @@ struct private_main_mode_t { /** * Negotiated SA lifetime */ - u_int32_t lifetime; + uint32_t lifetime; /** * Negotiated authentication method @@ -173,7 +173,7 @@ static status_t send_notify(private_main_mode_t *this, notify_type_t type) { notify_payload_t *notify; ike_sa_id_t *ike_sa_id; - u_int64_t spi_i, spi_r; + uint64_t spi_i, spi_r; chunk_t spi; notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, @@ -215,7 +215,7 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message, host_t *host; notify_payload_t *notify; ike_sa_id_t *ike_sa_id; - u_int64_t spi_i, spi_r; + uint64_t spi_i, spi_r; chunk_t spi; idr = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE); @@ -303,7 +303,7 @@ METHOD(task_t, build_i, status_t, } case MM_SA: { - u_int16_t group; + uint16_t group; if (!this->ph1->create_hasher(this->ph1)) { @@ -367,7 +367,7 @@ METHOD(task_t, process_r, status_t, { linked_list_t *list; sa_payload_t *sa_payload; - bool private; + bool private, prefer_configured; this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "%H is initiating a Main Mode IKE_SA", @@ -392,9 +392,11 @@ METHOD(task_t, process_r, status_t, list = sa_payload->get_proposals(sa_payload); private = this->ike_sa->supports_extension(this->ike_sa, - EXT_STRONGSWAN); + EXT_STRONGSWAN); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, private); + list, private, prefer_configured); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { @@ -411,7 +413,7 @@ METHOD(task_t, process_r, status_t, } case MM_SA: { - u_int16_t group; + uint16_t group; if (!this->ph1->create_hasher(this->ph1)) { @@ -627,7 +629,7 @@ METHOD(task_t, process_i, status_t, linked_list_t *list; sa_payload_t *sa_payload; auth_method_t method; - u_int32_t lifetime; + uint32_t lifetime; bool private; sa_payload = (sa_payload_t*)message->get_payload(message, @@ -641,7 +643,7 @@ METHOD(task_t, process_i, status_t, private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, private); + list, private, TRUE); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c index b9f924009..7098d24a2 100644 --- a/src/libcharon/sa/ikev1/tasks/mode_config.c +++ b/src/libcharon/sa/ikev1/tasks/mode_config.c @@ -58,7 +58,7 @@ struct private_mode_config_t { /** * Identifier to include in response */ - u_int16_t identifier; + uint16_t identifier; }; /** diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.c b/src/libcharon/sa/ikev1/tasks/quick_delete.c index ade59a2dd..66ef50811 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_delete.c +++ b/src/libcharon/sa/ikev1/tasks/quick_delete.c @@ -69,7 +69,7 @@ struct private_quick_delete_t { /** * Inbound SPI of CHILD_SA to delete */ - u_int32_t spi; + uint32_t spi; /** * Send delete even if SA does not exist @@ -86,9 +86,9 @@ struct private_quick_delete_t { * Delete the specified CHILD_SA, if found */ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol, - u_int32_t spi, bool remote_close) + uint32_t spi, bool remote_close) { - u_int64_t bytes_in, bytes_out; + uint64_t bytes_in, bytes_out; child_sa_t *child_sa; linked_list_t *my_ts, *other_ts; child_cfg_t *child_cfg; @@ -200,7 +200,7 @@ METHOD(task_t, process_r, status_t, payload_t *payload; delete_payload_t *delete_payload; protocol_id_t protocol; - u_int32_t spi; + uint32_t spi; payloads = message->create_payload_enumerator(message); while (payloads->enumerate(payloads, &payload)) @@ -260,7 +260,7 @@ METHOD(task_t, destroy, void, * Described in header. */ quick_delete_t *quick_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi, bool force, bool expired) + uint32_t spi, bool force, bool expired) { private_quick_delete_t *this; diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.h b/src/libcharon/sa/ikev1/tasks/quick_delete.h index 4df30c8fe..6227b364b 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_delete.h +++ b/src/libcharon/sa/ikev1/tasks/quick_delete.h @@ -50,6 +50,6 @@ struct quick_delete_t { * @return quick_delete task to handle by the task_manager */ quick_delete_t *quick_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi, bool force, bool expired); + uint32_t spi, bool force, bool expired); #endif /** QUICK_DELETE_H_ @}*/ diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index b4fe04663..bbd1cb09f 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -98,22 +98,22 @@ struct private_quick_mode_t { /** * Initiators ESP SPI */ - u_int32_t spi_i; + uint32_t spi_i; /** * Responder ESP SPI */ - u_int32_t spi_r; + uint32_t spi_r; /** * Initiators IPComp CPI */ - u_int16_t cpi_i; + uint16_t cpi_i; /** * Responders IPComp CPI */ - u_int16_t cpi_r; + uint16_t cpi_r; /** * selected CHILD_SA proposal @@ -143,17 +143,17 @@ struct private_quick_mode_t { /** * Negotiated lifetime of new SA */ - u_int32_t lifetime; + uint32_t lifetime; /** - * Negotaited lifebytes of new SA + * Negotiated lifebytes of new SA */ - u_int64_t lifebytes; + uint64_t lifebytes; /** * Reqid to use, 0 for auto-allocate */ - u_int32_t reqid; + uint32_t reqid; /** * Explicit inbound mark value to use, if any @@ -168,7 +168,7 @@ struct private_quick_mode_t { /** * SPI of SA we rekey */ - u_int32_t rekey; + uint32_t rekey; /** * Delete old child after successful rekey @@ -193,7 +193,7 @@ struct private_quick_mode_t { /** * Message ID of handled quick mode exchange */ - u_int32_t mid; + uint32_t mid; /** states of quick mode */ enum { @@ -207,7 +207,7 @@ struct private_quick_mode_t { */ static void schedule_inactivity_timeout(private_quick_mode_t *this) { - u_int32_t timeout; + uint32_t timeout; bool close_ike; timeout = this->config->get_inactivity(this->config); @@ -722,12 +722,12 @@ static void get_lifetimes(private_quick_mode_t *this) { lifetime_cfg_t *lft; - lft = this->config->get_lifetime(this->config); + lft = this->config->get_lifetime(this->config, TRUE); if (lft->time.life) { this->lifetime = lft->time.life; } - else if (lft->bytes.life) + if (lft->bytes.life) { this->lifebytes = lft->bytes.life; } @@ -739,8 +739,8 @@ static void get_lifetimes(private_quick_mode_t *this) */ static void apply_lifetimes(private_quick_mode_t *this, sa_payload_t *sa_payload) { - u_int32_t lifetime; - u_int64_t lifebytes; + uint32_t lifetime; + uint64_t lifebytes; lifetime = sa_payload->get_lifetime(sa_payload); lifebytes = sa_payload->get_lifebytes(sa_payload); @@ -863,7 +863,7 @@ METHOD(task_t, build_i, status_t, if (group != MODP_NONE) { proposal_t *proposal; - u_int16_t preferred_group; + uint16_t preferred_group; proposal = this->ike_sa->get_proposal(this->ike_sa); proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, @@ -1007,7 +1007,6 @@ static void check_for_rekeyed_child(private_quick_mode_t *this) { case CHILD_INSTALLED: case CHILD_REKEYING: - case CHILD_REKEYED: policies = child_sa->create_policy_enumerator(child_sa); if (policies->enumerate(policies, &local, &remote) && local->equals(local, this->tsr) && @@ -1026,9 +1025,10 @@ static void check_for_rekeyed_child(private_quick_mode_t *this) child_sa->get_unique_id(child_sa)); } policies->destroy(policies); - break; - default: - break; + break; + case CHILD_REKEYED: + default: + break; } } } @@ -1050,8 +1050,8 @@ METHOD(task_t, process_r, status_t, sa_payload_t *sa_payload; linked_list_t *tsi, *tsr, *hostsi, *hostsr, *list = NULL; peer_cfg_t *peer_cfg; - u_int16_t group; - bool private; + uint16_t group; + bool private, prefer_configured; sa_payload = (sa_payload_t*)message->get_payload(message, PLV1_SECURITY_ASSOCIATION); @@ -1109,8 +1109,10 @@ METHOD(task_t, process_r, status_t, } private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); - this->proposal = this->config->select_proposal(this->config, - list, FALSE, private); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); + this->proposal = this->config->select_proposal(this->config, list, + FALSE, private, prefer_configured); list->destroy_offset(list, offsetof(proposal_t, destroy)); get_lifetimes(this); @@ -1323,8 +1325,8 @@ METHOD(task_t, process_i, status_t, } private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); - this->proposal = this->config->select_proposal(this->config, - list, FALSE, private); + this->proposal = this->config->select_proposal(this->config, list, + FALSE, private, TRUE); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { @@ -1365,14 +1367,14 @@ METHOD(task_t, get_type, task_type_t, return TASK_QUICK_MODE; } -METHOD(quick_mode_t, get_mid, u_int32_t, +METHOD(quick_mode_t, get_mid, uint32_t, private_quick_mode_t *this) { return this->mid; } METHOD(quick_mode_t, use_reqid, void, - private_quick_mode_t *this, u_int32_t reqid) + private_quick_mode_t *this, uint32_t reqid) { this->reqid = reqid; } @@ -1385,7 +1387,7 @@ METHOD(quick_mode_t, use_marks, void, } METHOD(quick_mode_t, rekey, void, - private_quick_mode_t *this, u_int32_t spi) + private_quick_mode_t *this, uint32_t spi) { this->rekey = spi; } diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.h b/src/libcharon/sa/ikev1/tasks/quick_mode.h index 062d63465..fe684568a 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.h +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.h @@ -46,14 +46,14 @@ struct quick_mode_t { * * @return message ID, or 0 (not defined yet or as initiator) */ - u_int32_t (*get_mid)(quick_mode_t *this); + uint32_t (*get_mid)(quick_mode_t *this); /** * Use a specific reqid to install this CHILD_SA. * * @param reqid reqid to use */ - void (*use_reqid)(quick_mode_t *this, u_int32_t reqid); + void (*use_reqid)(quick_mode_t *this, uint32_t reqid); /** * Use specific mark values, overriding configuration. @@ -68,7 +68,7 @@ struct quick_mode_t { * * @param spi spi of SA to rekey */ - void (*rekey)(quick_mode_t *this, u_int32_t spi); + void (*rekey)(quick_mode_t *this, uint32_t spi); }; /** diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c index ecdfc780d..968b4386c 100644 --- a/src/libcharon/sa/ikev1/tasks/xauth.c +++ b/src/libcharon/sa/ikev1/tasks/xauth.c @@ -68,7 +68,7 @@ struct private_xauth_t { /** * received identifier */ - u_int16_t identifier; + uint16_t identifier; /** * status of Xauth exchange |