diff options
| author | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-03-05 09:29:19 +0100 |
|---|---|---|
| committer | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-03-05 09:29:19 +0100 |
| commit | 365e71f706b40c32173fa06c6feaac48c1527520 (patch) | |
| tree | 54fa72a914d18c9430eaa54f3de4a2d4419198af /src/libhydra/plugins/kernel_netlink | |
| parent | 5d7669b7b3563c50b3c86903e0a49373d597b8a0 (diff) | |
| parent | 568905f488e63e28778f87ac0e38d845f45bae79 (diff) | |
| download | vyos-strongswan-365e71f706b40c32173fa06c6feaac48c1527520.tar.gz vyos-strongswan-365e71f706b40c32173fa06c6feaac48c1527520.zip | |
Fixed merge, don't know why this didn't happen automatically - maybe a leftover from the svn->git conversion
Diffstat (limited to 'src/libhydra/plugins/kernel_netlink')
3 files changed, 82 insertions, 0 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in index d41ee1456..d293347cf 100644 --- a/src/libhydra/plugins/kernel_netlink/Makefile.in +++ b/src/libhydra/plugins/kernel_netlink/Makefile.in @@ -224,9 +224,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,6 +269,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index 8cc9a6283..bd3f4a122 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -58,8 +58,13 @@ #endif /*IPV6_XFRM_POLICY*/ /** default priority of installed policies */ +<<<<<<< HEAD #define PRIO_LOW 3000 #define PRIO_HIGH 2000 +======= +#define PRIO_LOW 1024 +#define PRIO_HIGH 512 +>>>>>>> upstream/4.5.1 /** * map the limit for bytes and packets to XFRM_INF per default @@ -866,7 +871,11 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, METHOD(kernel_ipsec_t, add_sa, status_t, private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, +<<<<<<< HEAD lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +======= + u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +>>>>>>> upstream/4.5.1 u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, traffic_selector_t* src_ts, traffic_selector_t* dst_ts) @@ -882,7 +891,11 @@ METHOD(kernel_ipsec_t, add_sa, status_t, if (ipcomp != IPCOMP_NONE && cpi != 0) { lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}}; +<<<<<<< HEAD add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, +======= + add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, tfc, +>>>>>>> upstream/4.5.1 &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty, mode, ipcomp, 0, FALSE, inbound, NULL, NULL); ipcomp = IPCOMP_NONE; @@ -920,6 +933,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t, sa->flags |= XFRM_STATE_AF_UNSPEC; break; case MODE_BEET: +<<<<<<< HEAD +======= + case MODE_TRANSPORT: +>>>>>>> upstream/4.5.1 if(src_ts && dst_ts) { sa->sel = ts2selector(src_ts, dst_ts); @@ -1153,6 +1170,27 @@ METHOD(kernel_ipsec_t, add_sa, status_t, rthdr = XFRM_RTA_NEXT(rthdr); } +<<<<<<< HEAD +======= + if (tfc) + { + u_int32_t *tfcpad; + + rthdr->rta_type = XFRMA_TFCPAD; + rthdr->rta_len = RTA_LENGTH(sizeof(u_int32_t)); + + hdr->nlmsg_len += rthdr->rta_len; + if (hdr->nlmsg_len > sizeof(request)) + { + return FAILED; + } + + tfcpad = (u_int32_t*)RTA_DATA(rthdr); + *tfcpad = tfc; + rthdr = XFRM_RTA_NEXT(rthdr); + } + +>>>>>>> upstream/4.5.1 if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { if (mark.value) @@ -1687,11 +1725,24 @@ METHOD(kernel_ipsec_t, add_policy, status_t, policy_info = (struct xfrm_userpolicy_info*)NLMSG_DATA(hdr); policy_info->sel = policy->sel; policy_info->dir = policy->direction; +<<<<<<< HEAD /* calculate priority based on source selector size, small size = high prio */ policy_info->priority = routed ? PRIO_LOW : PRIO_HIGH; policy_info->priority -= policy->sel.prefixlen_s * 10; policy_info->priority -= policy->sel.proto ? 2 : 0; policy_info->priority -= policy->sel.sport_mask ? 1 : 0; +======= + + /* calculate priority based on selector size, small size = high prio */ + policy_info->priority = routed ? PRIO_LOW : PRIO_HIGH; + policy_info->priority -= policy->sel.prefixlen_s; + policy_info->priority -= policy->sel.prefixlen_d; + policy_info->priority <<= 2; /* make some room for the two flags */ + policy_info->priority += policy->sel.sport_mask || + policy->sel.dport_mask ? 0 : 2; + policy_info->priority += policy->sel.proto ? 0 : 1; + +>>>>>>> upstream/4.5.1 policy_info->action = type != POLICY_DROP ? XFRM_POLICY_ALLOW : XFRM_POLICY_BLOCK; policy_info->share = XFRM_SHARE_ANY; @@ -1813,6 +1864,11 @@ METHOD(kernel_ipsec_t, add_policy, status_t, if (route->if_name) { +<<<<<<< HEAD +======= + DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s", + src_ts, route->gateway, route->src_ip, route->if_name); +>>>>>>> upstream/4.5.1 switch (hydra->kernel_interface->add_route( hydra->kernel_interface, route->dst_net, route->prefixlen, route->gateway, diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c index 212675d1a..b75a2be80 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c @@ -33,10 +33,15 @@ struct private_kernel_netlink_plugin_t { kernel_netlink_plugin_t public; }; +<<<<<<< HEAD /** * Implementation of plugin_t.destroy */ static void destroy(private_kernel_netlink_plugin_t *this) +======= +METHOD(plugin_t, destroy, void, + private_kernel_netlink_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_netlink_ipsec_create); @@ -50,10 +55,22 @@ static void destroy(private_kernel_netlink_plugin_t *this) */ plugin_t *kernel_netlink_plugin_create() { +<<<<<<< HEAD private_kernel_netlink_plugin_t *this = malloc_thing(private_kernel_netlink_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= + private_kernel_netlink_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); +>>>>>>> upstream/4.5.1 hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_netlink_ipsec_create); hydra->kernel_interface->add_net_interface(hydra->kernel_interface, |