summaryrefslogtreecommitdiff
path: root/src/starter
diff options
context:
space:
mode:
authorRené Mayrhofer <rene@mayrhofer.eu.org>2011-03-05 09:20:09 +0100
committerRené Mayrhofer <rene@mayrhofer.eu.org>2011-03-05 09:20:09 +0100
commit568905f488e63e28778f87ac0e38d845f45bae79 (patch)
treed9969a147e36413583ff4bc75542d34c955f8823 /src/starter
parentf73fba54dc8b30c6482e1e8abf15bbf455592fcd (diff)
downloadvyos-strongswan-568905f488e63e28778f87ac0e38d845f45bae79.tar.gz
vyos-strongswan-568905f488e63e28778f87ac0e38d845f45bae79.zip
Imported Upstream version 4.5.1
Diffstat (limited to 'src/starter')
-rw-r--r--src/starter/Makefile.am21
-rw-r--r--src/starter/Makefile.in126
-rw-r--r--src/starter/args.c2
-rw-r--r--src/starter/confread.c17
-rw-r--r--src/starter/confread.h2
-rw-r--r--src/starter/keywords.c288
-rw-r--r--src/starter/keywords.h6
-rw-r--r--src/starter/keywords.txt7
-rw-r--r--src/starter/starter.80
-rw-r--r--src/starter/starterstroke.c2
10 files changed, 212 insertions, 259 deletions
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index 75297f767..f05aeca22 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -25,7 +25,6 @@ AM_CFLAGS = \
starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB)
EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf
-dist_man_MANS = starter.8
MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c
PLUTODIR=$(top_srcdir)/src/pluto
@@ -59,14 +58,14 @@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h
$(COMPILE) -c -o $@ $(PLUTODIR)/defs.c
install-exec-local :
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
- test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
+ test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 446f183f1..f1c370ad9 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -39,8 +39,7 @@ ipsec_PROGRAMS = starter$(EXEEXT)
@USE_CHARON_TRUE@am__append_2 = -DSTART_CHARON
@USE_LOAD_WARNING_TRUE@am__append_3 = -DLOAD_WARNING
subdir = src/starter
-DIST_COMMON = README $(dist_man_MANS) $(srcdir)/Makefile.am \
- $(srcdir)/Makefile.in
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -56,7 +55,7 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)"
+am__installdirs = "$(DESTDIR)$(ipsecdir)"
PROGRAMS = $(ipsec_PROGRAMS)
am_starter_OBJECTS = y.tab.$(OBJEXT) netkey.$(OBJEXT) \
starterwhack.$(OBJEXT) starterstroke.$(OBJEXT) \
@@ -85,30 +84,6 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(starter_SOURCES)
DIST_SOURCES = $(starter_SOURCES)
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-man8dir = $(mandir)/man8
-NROFF = nroff
-MANS = $(dist_man_MANS)
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -231,9 +206,7 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
-ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
-ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -272,6 +245,8 @@ sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
@@ -304,7 +279,6 @@ AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \
$(am__append_2) $(am__append_3)
starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB)
EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf
-dist_man_MANS = starter.8
MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c
PLUTODIR = $(top_srcdir)/src/pluto
SCEPCLIENTDIR = $(top_srcdir)/src/scepclient
@@ -438,44 +412,6 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(dist_man_MANS)
- @$(NORMAL_INSTALL)
- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
- @list=''; test -n "$(man8dir)" || exit 0; \
- { for i in $$list; do echo "$$i"; done; \
- l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.8[a-z]*$$/p'; \
- } | while read p; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; echo "$$p"; \
- done | \
- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
- sed 'N;N;s,\n, ,g' | { \
- list=; while read file base inst; do \
- if test "$$base" = "$$inst"; then list="$$list $$file"; else \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
- fi; \
- done; \
- for i in $$list; do echo "$$i"; done | $(am__base_list) | \
- while read files; do \
- test -z "$$files" || { \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
- done; }
-
-uninstall-man8:
- @$(NORMAL_UNINSTALL)
- @list=''; test -n "$(man8dir)" || exit 0; \
- files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.8[a-z]*$$/p'; \
- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- test -z "$$files" || { \
- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
@@ -530,19 +466,6 @@ distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
- @list='$(MANS)'; if test -n "$$list"; then \
- list=`for p in $$list; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
- if test -n "$$list" && \
- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \
- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
- echo " typically \`make maintainer-clean' will remove them" >&2; \
- exit 1; \
- else :; fi; \
- else :; fi
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -574,9 +497,9 @@ distdir: $(DISTFILES)
done
check-am: all-am
check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS)
+all-am: Makefile $(PROGRAMS)
installdirs:
- for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)"; do \
+ for dir in "$(DESTDIR)$(ipsecdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -628,7 +551,7 @@ info: info-am
info-am:
-install-data-am: install-ipsecPROGRAMS install-man
+install-data-am: install-ipsecPROGRAMS
install-dvi: install-dvi-am
@@ -644,7 +567,7 @@ install-info: install-info-am
install-info-am:
-install-man: install-man8
+install-man:
install-pdf: install-pdf-am
@@ -674,9 +597,7 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-ipsecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man8
+uninstall-am: uninstall-ipsecPROGRAMS
.MAKE: install-am install-strip
@@ -687,13 +608,12 @@ uninstall-man: uninstall-man8
install install-am install-data install-data-am install-dvi \
install-dvi-am install-exec install-exec-am install-exec-local \
install-html install-html-am install-info install-info-am \
- install-ipsecPROGRAMS install-man install-man8 install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs maintainer-clean \
+ install-ipsecPROGRAMS install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-ipsecPROGRAMS \
- uninstall-man uninstall-man8
+ tags uninstall uninstall-am uninstall-ipsecPROGRAMS
lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h y.tab.h
@@ -712,16 +632,16 @@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h
$(COMPILE) -c -o $@ $(PLUTODIR)/defs.c
install-exec-local :
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
- test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
+ test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/starter/args.c b/src/starter/args.c
index 37d600283..87307f1aa 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -239,6 +239,7 @@ static const token_info_t token_info[] =
{ ARG_MISC, 0, NULL /* KW_MARK */ },
{ ARG_MISC, 0, NULL /* KW_MARK_IN */ },
{ ARG_MISC, 0, NULL /* KW_MARK_OUT */ },
+ { ARG_MISC, 0, NULL /* KW_TFC */ },
/* ca section keywords */
{ ARG_STR, offsetof(starter_ca_t, name), NULL },
@@ -272,6 +273,7 @@ static const token_info_t token_info[] =
{ ARG_STR, offsetof(starter_end_t, rsakey), NULL },
{ ARG_STR, offsetof(starter_end_t, cert), NULL },
{ ARG_STR, offsetof(starter_end_t, cert2), NULL },
+ { ARG_STR, offsetof(starter_end_t, cert_policy), NULL },
{ ARG_ENUM, offsetof(starter_end_t, sendcert), LST_sendcert },
{ ARG_STR, offsetof(starter_end_t, ca), NULL },
{ ARG_STR, offsetof(starter_end_t, ca2), NULL },
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 3367616ca..1e7daa6a9 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -705,6 +705,23 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
cfg->err++;
}
break;
+ case KW_TFC:
+ if (streq(kw->value, "%mtu"))
+ {
+ conn->tfc = -1;
+ }
+ else
+ {
+ char *endptr;
+
+ conn->tfc = strtoul(kw->value, &endptr, 10);
+ if (*endptr != '\0')
+ {
+ plog("# bad integer value: %s=%s", kw->entry->name, kw->value);
+ cfg->err++;
+ }
+ }
+ break;
case KW_KEYINGTRIES:
if (streq(kw->value, "%forever"))
{
diff --git a/src/starter/confread.h b/src/starter/confread.h
index 982d1d206..4f9c5f7d0 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -64,6 +64,7 @@ struct starter_end {
char *ca;
char *ca2;
char *groups;
+ char *cert_policy;
char *iface;
ip_address addr;
u_int ikeport;
@@ -125,6 +126,7 @@ struct starter_conn {
u_int32_t reqid;
mark_t mark_in;
mark_t mark_out;
+ u_int32_t tfc;
sa_family_t addr_family;
sa_family_t tunnel_addr_family;
bool install_policy;
diff --git a/src/starter/keywords.c b/src/starter/keywords.c
index 0c24c7dcf..340b7131d 100644
--- a/src/starter/keywords.c
+++ b/src/starter/keywords.c
@@ -54,12 +54,12 @@ struct kw_entry {
kw_token_t token;
};
-#define TOTAL_KEYWORDS 127
+#define TOTAL_KEYWORDS 130
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 17
-#define MIN_HASH_VALUE 12
-#define MAX_HASH_VALUE 238
-/* maximum key range = 227, duplicates = 0 */
+#define MIN_HASH_VALUE 18
+#define MAX_HASH_VALUE 249
+/* maximum key range = 232, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -75,32 +75,32 @@ hash (str, len)
{
static const unsigned char asso_values[] =
{
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 2,
- 104, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 15, 239, 20, 14, 58,
- 51, 1, 7, 1, 81, 1, 239, 132, 47, 4,
- 1, 49, 10, 9, 23, 1, 20, 48, 4, 239,
- 239, 35, 1, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239, 239, 239, 239, 239,
- 239, 239, 239, 239, 239, 239
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 11,
+ 125, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 20, 250, 18, 6, 55,
+ 59, 3, 9, 3, 92, 3, 250, 147, 71, 12,
+ 29, 83, 38, 4, 13, 3, 8, 80, 3, 250,
+ 250, 12, 9, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250, 250, 250, 250, 250,
+ 250, 250, 250, 250, 250, 250
};
register int hval = len;
@@ -124,160 +124,164 @@ hash (str, len)
static const struct kw_entry wordlist[] =
{
{"pfs", KW_PFS},
- {"uniqueids", KW_UNIQUEIDS},
- {"rightgroups", KW_RIGHTGROUPS},
- {"lifetime", KW_KEYLIFE},
- {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN},
- {"rightnatip", KW_RIGHTNATIP},
- {"esp", KW_ESP},
- {"rightnexthop", KW_RIGHTNEXTHOP},
- {"rightsourceip", KW_RIGHTSOURCEIP},
{"right", KW_RIGHT},
- {"leftupdown", KW_LEFTUPDOWN},
- {"leftnexthop", KW_LEFTNEXTHOP},
+ {"rightgroups", KW_RIGHTGROUPS},
{"left", KW_LEFT},
- {"keep_alive", KW_KEEP_ALIVE},
+ {"lifetime", KW_KEYLIFE},
{"rightsubnet", KW_RIGHTSUBNET},
{"rightikeport", KW_RIGHTIKEPORT},
{"rightsendcert", KW_RIGHTSENDCERT},
- {"leftcert", KW_LEFTCERT,},
- {"interfaces", KW_INTERFACES},
- {"lifepackets", KW_LIFEPACKETS},
- {"leftsendcert", KW_LEFTSENDCERT},
- {"leftgroups", KW_LEFTGROUPS},
- {"eap", KW_EAP},
- {"rightprotoport", KW_RIGHTPROTOPORT},
- {"leftnatip", KW_LEFTNATIP},
+ {"leftcert", KW_LEFTCERT},
{"keyingtries", KW_KEYINGTRIES},
- {"type", KW_TYPE},
{"keylife", KW_KEYLIFE},
- {"mark_in", KW_MARK_IN},
+ {"leftsendcert", KW_LEFTSENDCERT},
{"lifebytes", KW_LIFEBYTES},
- {"leftca", KW_LEFTCA},
- {"margintime", KW_REKEYMARGIN},
- {"marginbytes", KW_MARGINBYTES},
+ {"keep_alive", KW_KEEP_ALIVE},
+ {"leftgroups", KW_LEFTGROUPS},
{"leftrsasigkey", KW_LEFTRSASIGKEY},
- {"marginpackets", KW_MARGINPACKETS},
+ {"leftcertpolicy", KW_LEFTCERTPOLICY},
{"certuribase", KW_CERTURIBASE},
- {"virtual_private", KW_VIRTUAL_PRIVATE},
- {"rightid", KW_RIGHTID},
- {"rightupdown", KW_RIGHTUPDOWN},
- {"compress", KW_COMPRESS},
+ {"lifepackets", KW_LIFEPACKETS},
+ {"rightrsasigkey", KW_RIGHTRSASIGKEY},
{"leftprotoport", KW_LEFTPROTOPORT},
- {"overridemtu", KW_OVERRIDEMTU},
+ {"uniqueids", KW_UNIQUEIDS},
+ {"rightallowany", KW_RIGHTALLOWANY},
+ {"virtual_private", KW_VIRTUAL_PRIVATE},
+ {"leftca", KW_LEFTCA},
+ {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN},
+ {"strictcrlpolicy", KW_STRICTCRLPOLICY},
+ {"type", KW_TYPE},
+ {"interfaces", KW_INTERFACES},
+ {"rightsourceip", KW_RIGHTSOURCEIP},
+ {"leftnexthop", KW_LEFTNEXTHOP},
+ {"rightprotoport", KW_RIGHTPROTOPORT},
+ {"mark_in", KW_MARK_IN},
{"reqid", KW_REQID},
{"inactivity", KW_INACTIVITY},
+ {"margintime", KW_REKEYMARGIN},
+ {"marginbytes", KW_MARGINBYTES},
+ {"rightid", KW_RIGHTID},
+ {"marginpackets", KW_MARGINPACKETS},
+ {"leftnatip", KW_LEFTNATIP},
+ {"rightcert", KW_RIGHTCERT},
+ {"ocspuri", KW_OCSPURI},
+ {"esp", KW_ESP},
+ {"rightnatip", KW_RIGHTNATIP},
+ {"keyexchange", KW_KEYEXCHANGE},
+ {"rightnexthop", KW_RIGHTNEXTHOP},
+ {"rightca", KW_RIGHTCA},
+ {"rightcertpolicy", KW_RIGHTCERTPOLICY},
+ {"leftupdown", KW_LEFTUPDOWN},
+ {"ocspuri1", KW_OCSPURI},
+ {"mediated_by", KW_MEDIATED_BY},
+ {"me_peerid", KW_ME_PEERID},
+ {"cacert", KW_CACERT},
+ {"crluri", KW_CRLURI},
+ {"eap", KW_EAP},
{"leftfirewall", KW_LEFTFIREWALL},
{"rightfirewall", KW_RIGHTFIREWALL},
- {"rightallowany", KW_RIGHTALLOWANY},
+ {"overridemtu", KW_OVERRIDEMTU},
{"mobike", KW_MOBIKE},
- {"lefthostaccess", KW_LEFTHOSTACCESS},
- {"leftsubnetwithin", KW_LEFTSUBNETWITHIN},
- {"rightrsasigkey", KW_RIGHTRSASIGKEY},
- {"pfsgroup", KW_PFSGROUP},
- {"me_peerid", KW_ME_PEERID},
- {"crluri", KW_CRLURI},
- {"leftsourceip", KW_LEFTSOURCEIP},
+ {"packetdefault", KW_PACKETDEFAULT},
{"crluri1", KW_CRLURI},
+ {"ldapbase", KW_LDAPBASE},
+ {"leftallowany", KW_LEFTALLOWANY},
{"mediation", KW_MEDIATION},
- {"dumpdir", KW_DUMPDIR},
- {"forceencaps", KW_FORCEENCAPS},
+ {"compress", KW_COMPRESS},
{"leftsubnet", KW_LEFTSUBNET},
- {"rightca", KW_RIGHTCA},
- {"rightcert", KW_RIGHTCERT},
- {"ocspuri", KW_OCSPURI},
- {"dpdaction", KW_DPDACTION},
- {"ocspuri1", KW_OCSPURI},
+ {"lefthostaccess", KW_LEFTHOSTACCESS},
+ {"forceencaps", KW_FORCEENCAPS},
+ {"dumpdir", KW_DUMPDIR},
+ {"righthostaccess", KW_RIGHTHOSTACCESS},
+ {"authby", KW_AUTHBY},
+ {"aaa_identity", KW_AAA_IDENTITY},
+ {"tfc", KW_TFC},
+ {"nat_traversal", KW_NAT_TRAVERSAL},
+ {"rightauth", KW_RIGHTAUTH},
+ {"rightupdown", KW_RIGHTUPDOWN},
{"dpdtimeout", KW_DPDTIMEOUT},
{"installpolicy", KW_INSTALLPOLICY},
- {"righthostaccess", KW_RIGHTHOSTACCESS},
- {"ldapbase", KW_LDAPBASE},
- {"also", KW_ALSO},
- {"leftallowany", KW_LEFTALLOWANY},
+ {"mark_out", KW_MARK_OUT},
+ {"fragicmp", KW_FRAGICMP},
{"force_keepalive", KW_FORCE_KEEPALIVE},
- {"keyexchange", KW_KEYEXCHANGE},
- {"hidetos", KW_HIDETOS},
- {"klipsdebug", KW_KLIPSDEBUG},
- {"plutostderrlog", KW_PLUTOSTDERRLOG},
- {"rightauth", KW_RIGHTAUTH},
- {"strictcrlpolicy", KW_STRICTCRLPOLICY},
- {"charondebug", KW_CHARONDEBUG},
- {"rightid2", KW_RIGHTID2},
{"leftid", KW_LEFTID},
- {"mediated_by", KW_MEDIATED_BY},
- {"fragicmp", KW_FRAGICMP},
- {"mark_out", KW_MARK_OUT},
- {"auto", KW_AUTO},
- {"leftcert2", KW_LEFTCERT2,},
- {"nat_traversal", KW_NAT_TRAVERSAL},
- {"cacert", KW_CACERT},
- {"plutostart", KW_PLUTOSTART},
+ {"leftsubnetwithin", KW_LEFTSUBNETWITHIN},
{"eap_identity", KW_EAP_IDENTITY},
- {"prepluto", KW_PREPLUTO},
- {"packetdefault", KW_PACKETDEFAULT},
+ {"cachecrls", KW_CACHECRLS},
+ {"pfsgroup", KW_PFSGROUP},
+ {"rightid2", KW_RIGHTID2},
+ {"dpdaction", KW_DPDACTION},
{"xauth_identity", KW_XAUTH_IDENTITY},
+ {"leftsourceip", KW_LEFTSOURCEIP},
+ {"klipsdebug", KW_KLIPSDEBUG},
+ {"leftcert2", KW_LEFTCERT2},
+ {"charondebug", KW_CHARONDEBUG},
+ {"hidetos", KW_HIDETOS},
+ {"ike", KW_IKE},
{"charonstart", KW_CHARONSTART},
- {"crlcheckinterval", KW_CRLCHECKINTERVAL},
{"rightauth2", KW_RIGHTAUTH2},
- {"ike", KW_IKE},
- {"aaa_identity", KW_AAA_IDENTITY},
+ {"also", KW_ALSO},
{"leftca2", KW_LEFTCA2},
- {"authby", KW_AUTHBY},
- {"leftauth", KW_LEFTAUTH},
- {"cachecrls", KW_CACHECRLS},
+ {"rekey", KW_REKEY},
+ {"plutostderrlog", KW_PLUTOSTDERRLOG},
+ {"plutostart", KW_PLUTOSTART},
+ {"ikelifetime", KW_IKELIFETIME},
+ {"crlcheckinterval", KW_CRLCHECKINTERVAL},
+ {"auto", KW_AUTO},
{"ldaphost", KW_LDAPHOST},
- {"rekeymargin", KW_REKEYMARGIN},
{"rekeyfuzz", KW_REKEYFUZZ},
- {"dpddelay", KW_DPDDELAY},
- {"ikelifetime", KW_IKELIFETIME},
- {"auth", KW_AUTH},
- {"xauth", KW_XAUTH},
- {"postpluto", KW_POSTPLUTO},
- {"plutodebug", KW_PLUTODEBUG},
- {"modeconfig", KW_MODECONFIG},
- {"nocrsend", KW_NOCRSEND},
- {"leftauth2", KW_LEFTAUTH2},
- {"leftid2", KW_LEFTID2},
{"leftikeport", KW_LEFTIKEPORT},
+ {"mark", KW_MARK},
+ {"auth", KW_AUTH},
+ {"prepluto", KW_PREPLUTO},
+ {"dpddelay", KW_DPDDELAY},
+ {"leftauth", KW_LEFTAUTH},
{"rightca2", KW_RIGHTCA2},
- {"rekey", KW_REKEY},
+ {"xauth", KW_XAUTH},
{"rightcert2", KW_RIGHTCERT2},
- {"mark", KW_MARK},
- {"crluri2", KW_CRLURI2},
- {"reauth", KW_REAUTH},
+ {"rekeymargin", KW_REKEYMARGIN},
+ {"leftid2", KW_LEFTID2},
{"ocspuri2", KW_OCSPURI2},
+ {"nocrsend", KW_NOCRSEND},
+ {"reauth", KW_REAUTH},
+ {"crluri2", KW_CRLURI2},
+ {"plutodebug", KW_PLUTODEBUG},
+ {"leftauth2", KW_LEFTAUTH2},
{"pkcs11module", KW_PKCS11MODULE},
{"pkcs11initargs", KW_PKCS11INITARGS},
{"pkcs11keepstate", KW_PKCS11KEEPSTATE},
- {"pkcs11proxy", KW_PKCS11PROXY}
+ {"pkcs11proxy", KW_PKCS11PROXY},
+ {"modeconfig", KW_MODECONFIG},
+ {"postpluto", KW_POSTPLUTO}
};
static const short lookup[] =
{
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, 0, 1, -1, 2, -1, -1, 3, -1,
- -1, 4, -1, 5, 6, 7, 8, 9, -1, 10,
- 11, -1, 12, 13, 14, 15, 16, 17, -1, 18,
- 19, 20, 21, 22, -1, -1, 23, 24, -1, 25,
- 26, 27, 28, 29, 30, 31, 32, 33, 34, 35,
- 36, 37, 38, 39, 40, 41, 42, 43, 44, 45,
- 46, 47, 48, 49, 50, 51, -1, 52, 53, 54,
- 55, -1, 56, 57, -1, 58, 59, 60, -1, 61,
- 62, 63, 64, -1, -1, 65, -1, 66, -1, 67,
- 68, 69, 70, 71, -1, -1, 72, -1, -1, 73,
- 74, 75, 76, 77, 78, 79, 80, -1, 81, 82,
- 83, 84, 85, 86, 87, -1, 88, -1, 89, 90,
- -1, 91, 92, 93, 94, -1, 95, 96, 97, 98,
- -1, -1, -1, -1, 99, 100, 101, -1, 102, 103,
- 104, 105, 106, 107, 108, 109, -1, 110, -1, -1,
- 111, -1, -1, -1, -1, -1, -1, 112, -1, 113,
- 114, 115, 116, 117, 118, -1, -1, -1, -1, 119,
- -1, -1, 120, -1, -1, -1, -1, -1, -1, 121,
- -1, -1, -1, -1, 122, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, 123, -1, 124, 125, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, 126
+ -1, -1, -1, -1, -1, -1, -1, -1, 0, 1,
+ -1, -1, -1, 2, 3, -1, 4, -1, 5, 6,
+ 7, 8, 9, -1, 10, 11, 12, 13, 14, -1,
+ 15, 16, -1, 17, 18, 19, 20, 21, -1, 22,
+ -1, -1, 23, -1, 24, 25, 26, 27, -1, 28,
+ 29, -1, -1, -1, 30, -1, 31, -1, -1, -1,
+ 32, 33, 34, 35, 36, 37, 38, 39, 40, -1,
+ -1, 41, 42, 43, 44, 45, 46, -1, 47, 48,
+ 49, -1, -1, 50, 51, 52, 53, 54, 55, 56,
+ 57, 58, 59, -1, -1, 60, 61, 62, 63, 64,
+ 65, -1, 66, 67, -1, 68, 69, -1, 70, 71,
+ -1, -1, 72, 73, -1, 74, 75, 76, 77, -1,
+ 78, -1, 79, -1, 80, -1, 81, 82, -1, 83,
+ 84, 85, 86, 87, 88, 89, 90, -1, -1, 91,
+ -1, -1, -1, 92, -1, 93, 94, -1, 95, 96,
+ -1, 97, 98, -1, -1, -1, -1, 99, -1, -1,
+ -1, 100, 101, 102, 103, 104, 105, 106, 107, -1,
+ -1, -1, 108, -1, 109, -1, -1, 110, 111, -1,
+ -1, -1, 112, -1, 113, 114, 115, -1, -1, -1,
+ -1, -1, 116, 117, 118, -1, -1, -1, 119, -1,
+ -1, 120, -1, -1, -1, -1, -1, -1, -1, 121,
+ -1, -1, -1, 122, -1, -1, 123, -1, 124, -1,
+ 125, 126, -1, -1, -1, -1, 127, -1, 128, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, 129
};
#ifdef __GNUC__
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 1dae65a99..9f46a8b4b 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -102,9 +102,10 @@ typedef enum {
KW_MARK,
KW_MARK_IN,
KW_MARK_OUT,
+ KW_TFC,
#define KW_CONN_FIRST KW_CONN_SETUP
-#define KW_CONN_LAST KW_MARK_OUT
+#define KW_CONN_LAST KW_TFC
/* ca section keywords */
KW_CA_NAME,
@@ -141,6 +142,7 @@ typedef enum {
KW_RSASIGKEY,
KW_CERT,
KW_CERT2,
+ KW_CERTPOLICY,
KW_SENDCERT,
KW_CA,
KW_CA2,
@@ -170,6 +172,7 @@ typedef enum {
KW_LEFTRSASIGKEY,
KW_LEFTCERT,
KW_LEFTCERT2,
+ KW_LEFTCERTPOLICY,
KW_LEFTSENDCERT,
KW_LEFTCA,
KW_LEFTCA2,
@@ -198,6 +201,7 @@ typedef enum {
KW_RIGHTRSASIGKEY,
KW_RIGHTCERT,
KW_RIGHTCERT2,
+ KW_RIGHTCERTPOLICY,
KW_RIGHTSENDCERT,
KW_RIGHTCA,
KW_RIGHTCA2,
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index 06705635a..2c0e5de3d 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -93,6 +93,7 @@ reqid, KW_REQID
mark, KW_MARK
mark_in, KW_MARK_IN
mark_out, KW_MARK_OUT
+tfc, KW_TFC
cacert, KW_CACERT
ldaphost, KW_LDAPHOST
ldapbase, KW_LDAPBASE
@@ -120,8 +121,9 @@ leftid2, KW_LEFTID2
leftauth, KW_LEFTAUTH
leftauth2, KW_LEFTAUTH2
leftrsasigkey, KW_LEFTRSASIGKEY
-leftcert, KW_LEFTCERT,
-leftcert2, KW_LEFTCERT2,
+leftcert, KW_LEFTCERT
+leftcert2, KW_LEFTCERT2
+leftcertpolicy, KW_LEFTCERTPOLICY
leftsendcert, KW_LEFTSENDCERT
leftca, KW_LEFTCA
leftca2, KW_LEFTCA2
@@ -145,6 +147,7 @@ rightauth2, KW_RIGHTAUTH2
rightrsasigkey, KW_RIGHTRSASIGKEY
rightcert, KW_RIGHTCERT
rightcert2, KW_RIGHTCERT2
+rightcertpolicy, KW_RIGHTCERTPOLICY
rightsendcert, KW_RIGHTSENDCERT
rightca, KW_RIGHTCA
rightca2, KW_RIGHTCA2
diff --git a/src/starter/starter.8 b/src/starter/starter.8
deleted file mode 100644
index e69de29bb..000000000
--- a/src/starter/starter.8
+++ /dev/null
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 9ba569d47..f251667c7 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -171,6 +171,7 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
msg_end->id2 = push_string(msg, conn_end->id2);
msg_end->cert = push_string(msg, conn_end->cert);
msg_end->cert2 = push_string(msg, conn_end->cert2);
+ msg_end->cert_policy = push_string(msg, conn_end->cert_policy);
msg_end->ca = push_string(msg, conn_end->ca);
msg_end->ca2 = push_string(msg, conn_end->ca2);
msg_end->groups = push_string(msg, conn_end->groups);
@@ -266,6 +267,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
msg.add_conn.mark_in.mask = conn->mark_in.mask;
msg.add_conn.mark_out.value = conn->mark_out.value;
msg.add_conn.mark_out.mask = conn->mark_out.mask;
+ msg.add_conn.tfc = conn->tfc;
starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left);
starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right);