diff options
author | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-03-05 09:20:09 +0100 |
---|---|---|
committer | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-03-05 09:20:09 +0100 |
commit | 568905f488e63e28778f87ac0e38d845f45bae79 (patch) | |
tree | d9969a147e36413583ff4bc75542d34c955f8823 /src/starter | |
parent | f73fba54dc8b30c6482e1e8abf15bbf455592fcd (diff) | |
download | vyos-strongswan-568905f488e63e28778f87ac0e38d845f45bae79.tar.gz vyos-strongswan-568905f488e63e28778f87ac0e38d845f45bae79.zip |
Imported Upstream version 4.5.1
Diffstat (limited to 'src/starter')
-rw-r--r-- | src/starter/Makefile.am | 21 | ||||
-rw-r--r-- | src/starter/Makefile.in | 126 | ||||
-rw-r--r-- | src/starter/args.c | 2 | ||||
-rw-r--r-- | src/starter/confread.c | 17 | ||||
-rw-r--r-- | src/starter/confread.h | 2 | ||||
-rw-r--r-- | src/starter/keywords.c | 288 | ||||
-rw-r--r-- | src/starter/keywords.h | 6 | ||||
-rw-r--r-- | src/starter/keywords.txt | 7 | ||||
-rw-r--r-- | src/starter/starter.8 | 0 | ||||
-rw-r--r-- | src/starter/starterstroke.c | 2 |
10 files changed, 212 insertions, 259 deletions
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index 75297f767..f05aeca22 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -25,7 +25,6 @@ AM_CFLAGS = \ starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB) EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf -dist_man_MANS = starter.8 MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c PLUTODIR=$(top_srcdir)/src/pluto @@ -59,14 +58,14 @@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) -c -o $@ $(PLUTODIR)/defs.c install-exec-local : - test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true - test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true + test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 446f183f1..f1c370ad9 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -39,8 +39,7 @@ ipsec_PROGRAMS = starter$(EXEEXT) @USE_CHARON_TRUE@am__append_2 = -DSTART_CHARON @USE_LOAD_WARNING_TRUE@am__append_3 = -DLOAD_WARNING subdir = src/starter -DIST_COMMON = README $(dist_man_MANS) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in +DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -56,7 +55,7 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)" +am__installdirs = "$(DESTDIR)$(ipsecdir)" PROGRAMS = $(ipsec_PROGRAMS) am_starter_OBJECTS = y.tab.$(OBJEXT) netkey.$(OBJEXT) \ starterwhack.$(OBJEXT) starterstroke.$(OBJEXT) \ @@ -85,30 +84,6 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(starter_SOURCES) DIST_SOURCES = $(starter_SOURCES) -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -man8dir = $(mandir)/man8 -NROFF = nroff -MANS = $(dist_man_MANS) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -231,9 +206,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -272,6 +245,8 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -304,7 +279,6 @@ AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \ $(am__append_2) $(am__append_3) starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB) EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf -dist_man_MANS = starter.8 MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c PLUTODIR = $(top_srcdir)/src/pluto SCEPCLIENTDIR = $(top_srcdir)/src/scepclient @@ -438,44 +412,6 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-man8: $(dist_man_MANS) - @$(NORMAL_INSTALL) - test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list=''; test -n "$(man8dir)" || exit 0; \ - { for i in $$list; do echo "$$i"; done; \ - l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ - sed -n '/\.8[a-z]*$$/p'; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ - done | \ - sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ - sed 'N;N;s,\n, ,g' | { \ - list=; while read file base inst; do \ - if test "$$base" = "$$inst"; then list="$$list $$file"; else \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ - fi; \ - done; \ - for i in $$list; do echo "$$i"; done | $(am__base_list) | \ - while read files; do \ - test -z "$$files" || { \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ - done; } - -uninstall-man8: - @$(NORMAL_UNINSTALL) - @list=''; test -n "$(man8dir)" || exit 0; \ - files=`{ for i in $$list; do echo "$$i"; done; \ - l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ - test -z "$$files" || { \ - echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -530,19 +466,6 @@ distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) - @list='$(MANS)'; if test -n "$$list"; then \ - list=`for p in $$list; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ - if test -n "$$list" && \ - grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ - echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ - grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ - echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ - echo " typically \`make maintainer-clean' will remove them" >&2; \ - exit 1; \ - else :; fi; \ - else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -574,9 +497,9 @@ distdir: $(DISTFILES) done check-am: all-am check: check-am -all-am: Makefile $(PROGRAMS) $(MANS) +all-am: Makefile $(PROGRAMS) installdirs: - for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)"; do \ + for dir in "$(DESTDIR)$(ipsecdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -628,7 +551,7 @@ info: info-am info-am: -install-data-am: install-ipsecPROGRAMS install-man +install-data-am: install-ipsecPROGRAMS install-dvi: install-dvi-am @@ -644,7 +567,7 @@ install-info: install-info-am install-info-am: -install-man: install-man8 +install-man: install-pdf: install-pdf-am @@ -674,9 +597,7 @@ ps: ps-am ps-am: -uninstall-am: uninstall-ipsecPROGRAMS uninstall-man - -uninstall-man: uninstall-man8 +uninstall-am: uninstall-ipsecPROGRAMS .MAKE: install-am install-strip @@ -687,13 +608,12 @@ uninstall-man: uninstall-man8 install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-exec-local \ install-html install-html-am install-info install-info-am \ - install-ipsecPROGRAMS install-man install-man8 install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ + install-ipsecPROGRAMS install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-ipsecPROGRAMS \ - uninstall-man uninstall-man8 + tags uninstall uninstall-am uninstall-ipsecPROGRAMS lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h y.tab.h @@ -712,16 +632,16 @@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) -c -o $@ $(PLUTODIR)/defs.c install-exec-local : - test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true - test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true + test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/starter/args.c b/src/starter/args.c index 37d600283..87307f1aa 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -239,6 +239,7 @@ static const token_info_t token_info[] = { ARG_MISC, 0, NULL /* KW_MARK */ }, { ARG_MISC, 0, NULL /* KW_MARK_IN */ }, { ARG_MISC, 0, NULL /* KW_MARK_OUT */ }, + { ARG_MISC, 0, NULL /* KW_TFC */ }, /* ca section keywords */ { ARG_STR, offsetof(starter_ca_t, name), NULL }, @@ -272,6 +273,7 @@ static const token_info_t token_info[] = { ARG_STR, offsetof(starter_end_t, rsakey), NULL }, { ARG_STR, offsetof(starter_end_t, cert), NULL }, { ARG_STR, offsetof(starter_end_t, cert2), NULL }, + { ARG_STR, offsetof(starter_end_t, cert_policy), NULL }, { ARG_ENUM, offsetof(starter_end_t, sendcert), LST_sendcert }, { ARG_STR, offsetof(starter_end_t, ca), NULL }, { ARG_STR, offsetof(starter_end_t, ca2), NULL }, diff --git a/src/starter/confread.c b/src/starter/confread.c index 3367616ca..1e7daa6a9 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -705,6 +705,23 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg cfg->err++; } break; + case KW_TFC: + if (streq(kw->value, "%mtu")) + { + conn->tfc = -1; + } + else + { + char *endptr; + + conn->tfc = strtoul(kw->value, &endptr, 10); + if (*endptr != '\0') + { + plog("# bad integer value: %s=%s", kw->entry->name, kw->value); + cfg->err++; + } + } + break; case KW_KEYINGTRIES: if (streq(kw->value, "%forever")) { diff --git a/src/starter/confread.h b/src/starter/confread.h index 982d1d206..4f9c5f7d0 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -64,6 +64,7 @@ struct starter_end { char *ca; char *ca2; char *groups; + char *cert_policy; char *iface; ip_address addr; u_int ikeport; @@ -125,6 +126,7 @@ struct starter_conn { u_int32_t reqid; mark_t mark_in; mark_t mark_out; + u_int32_t tfc; sa_family_t addr_family; sa_family_t tunnel_addr_family; bool install_policy; diff --git a/src/starter/keywords.c b/src/starter/keywords.c index 0c24c7dcf..340b7131d 100644 --- a/src/starter/keywords.c +++ b/src/starter/keywords.c @@ -54,12 +54,12 @@ struct kw_entry { kw_token_t token; }; -#define TOTAL_KEYWORDS 127 +#define TOTAL_KEYWORDS 130 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 -#define MIN_HASH_VALUE 12 -#define MAX_HASH_VALUE 238 -/* maximum key range = 227, duplicates = 0 */ +#define MIN_HASH_VALUE 18 +#define MAX_HASH_VALUE 249 +/* maximum key range = 232, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -75,32 +75,32 @@ hash (str, len) { static const unsigned char asso_values[] = { - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 2, - 104, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 15, 239, 20, 14, 58, - 51, 1, 7, 1, 81, 1, 239, 132, 47, 4, - 1, 49, 10, 9, 23, 1, 20, 48, 4, 239, - 239, 35, 1, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239 + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 11, + 125, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 20, 250, 18, 6, 55, + 59, 3, 9, 3, 92, 3, 250, 147, 71, 12, + 29, 83, 38, 4, 13, 3, 8, 80, 3, 250, + 250, 12, 9, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250 }; register int hval = len; @@ -124,160 +124,164 @@ hash (str, len) static const struct kw_entry wordlist[] = { {"pfs", KW_PFS}, - {"uniqueids", KW_UNIQUEIDS}, - {"rightgroups", KW_RIGHTGROUPS}, - {"lifetime", KW_KEYLIFE}, - {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN}, - {"rightnatip", KW_RIGHTNATIP}, - {"esp", KW_ESP}, - {"rightnexthop", KW_RIGHTNEXTHOP}, - {"rightsourceip", KW_RIGHTSOURCEIP}, {"right", KW_RIGHT}, - {"leftupdown", KW_LEFTUPDOWN}, - {"leftnexthop", KW_LEFTNEXTHOP}, + {"rightgroups", KW_RIGHTGROUPS}, {"left", KW_LEFT}, - {"keep_alive", KW_KEEP_ALIVE}, + {"lifetime", KW_KEYLIFE}, {"rightsubnet", KW_RIGHTSUBNET}, {"rightikeport", KW_RIGHTIKEPORT}, {"rightsendcert", KW_RIGHTSENDCERT}, - {"leftcert", KW_LEFTCERT,}, - {"interfaces", KW_INTERFACES}, - {"lifepackets", KW_LIFEPACKETS}, - {"leftsendcert", KW_LEFTSENDCERT}, - {"leftgroups", KW_LEFTGROUPS}, - {"eap", KW_EAP}, - {"rightprotoport", KW_RIGHTPROTOPORT}, - {"leftnatip", KW_LEFTNATIP}, + {"leftcert", KW_LEFTCERT}, {"keyingtries", KW_KEYINGTRIES}, - {"type", KW_TYPE}, {"keylife", KW_KEYLIFE}, - {"mark_in", KW_MARK_IN}, + {"leftsendcert", KW_LEFTSENDCERT}, {"lifebytes", KW_LIFEBYTES}, - {"leftca", KW_LEFTCA}, - {"margintime", KW_REKEYMARGIN}, - {"marginbytes", KW_MARGINBYTES}, + {"keep_alive", KW_KEEP_ALIVE}, + {"leftgroups", KW_LEFTGROUPS}, {"leftrsasigkey", KW_LEFTRSASIGKEY}, - {"marginpackets", KW_MARGINPACKETS}, + {"leftcertpolicy", KW_LEFTCERTPOLICY}, {"certuribase", KW_CERTURIBASE}, - {"virtual_private", KW_VIRTUAL_PRIVATE}, - {"rightid", KW_RIGHTID}, - {"rightupdown", KW_RIGHTUPDOWN}, - {"compress", KW_COMPRESS}, + {"lifepackets", KW_LIFEPACKETS}, + {"rightrsasigkey", KW_RIGHTRSASIGKEY}, {"leftprotoport", KW_LEFTPROTOPORT}, - {"overridemtu", KW_OVERRIDEMTU}, + {"uniqueids", KW_UNIQUEIDS}, + {"rightallowany", KW_RIGHTALLOWANY}, + {"virtual_private", KW_VIRTUAL_PRIVATE}, + {"leftca", KW_LEFTCA}, + {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN}, + {"strictcrlpolicy", KW_STRICTCRLPOLICY}, + {"type", KW_TYPE}, + {"interfaces", KW_INTERFACES}, + {"rightsourceip", KW_RIGHTSOURCEIP}, + {"leftnexthop", KW_LEFTNEXTHOP}, + {"rightprotoport", KW_RIGHTPROTOPORT}, + {"mark_in", KW_MARK_IN}, {"reqid", KW_REQID}, {"inactivity", KW_INACTIVITY}, + {"margintime", KW_REKEYMARGIN}, + {"marginbytes", KW_MARGINBYTES}, + {"rightid", KW_RIGHTID}, + {"marginpackets", KW_MARGINPACKETS}, + {"leftnatip", KW_LEFTNATIP}, + {"rightcert", KW_RIGHTCERT}, + {"ocspuri", KW_OCSPURI}, + {"esp", KW_ESP}, + {"rightnatip", KW_RIGHTNATIP}, + {"keyexchange", KW_KEYEXCHANGE}, + {"rightnexthop", KW_RIGHTNEXTHOP}, + {"rightca", KW_RIGHTCA}, + {"rightcertpolicy", KW_RIGHTCERTPOLICY}, + {"leftupdown", KW_LEFTUPDOWN}, + {"ocspuri1", KW_OCSPURI}, + {"mediated_by", KW_MEDIATED_BY}, + {"me_peerid", KW_ME_PEERID}, + {"cacert", KW_CACERT}, + {"crluri", KW_CRLURI}, + {"eap", KW_EAP}, {"leftfirewall", KW_LEFTFIREWALL}, {"rightfirewall", KW_RIGHTFIREWALL}, - {"rightallowany", KW_RIGHTALLOWANY}, + {"overridemtu", KW_OVERRIDEMTU}, {"mobike", KW_MOBIKE}, - {"lefthostaccess", KW_LEFTHOSTACCESS}, - {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, - {"rightrsasigkey", KW_RIGHTRSASIGKEY}, - {"pfsgroup", KW_PFSGROUP}, - {"me_peerid", KW_ME_PEERID}, - {"crluri", KW_CRLURI}, - {"leftsourceip", KW_LEFTSOURCEIP}, + {"packetdefault", KW_PACKETDEFAULT}, {"crluri1", KW_CRLURI}, + {"ldapbase", KW_LDAPBASE}, + {"leftallowany", KW_LEFTALLOWANY}, {"mediation", KW_MEDIATION}, - {"dumpdir", KW_DUMPDIR}, - {"forceencaps", KW_FORCEENCAPS}, + {"compress", KW_COMPRESS}, {"leftsubnet", KW_LEFTSUBNET}, - {"rightca", KW_RIGHTCA}, - {"rightcert", KW_RIGHTCERT}, - {"ocspuri", KW_OCSPURI}, - {"dpdaction", KW_DPDACTION}, - {"ocspuri1", KW_OCSPURI}, + {"lefthostaccess", KW_LEFTHOSTACCESS}, + {"forceencaps", KW_FORCEENCAPS}, + {"dumpdir", KW_DUMPDIR}, + {"righthostaccess", KW_RIGHTHOSTACCESS}, + {"authby", KW_AUTHBY}, + {"aaa_identity", KW_AAA_IDENTITY}, + {"tfc", KW_TFC}, + {"nat_traversal", KW_NAT_TRAVERSAL}, + {"rightauth", KW_RIGHTAUTH}, + {"rightupdown", KW_RIGHTUPDOWN}, {"dpdtimeout", KW_DPDTIMEOUT}, {"installpolicy", KW_INSTALLPOLICY}, - {"righthostaccess", KW_RIGHTHOSTACCESS}, - {"ldapbase", KW_LDAPBASE}, - {"also", KW_ALSO}, - {"leftallowany", KW_LEFTALLOWANY}, + {"mark_out", KW_MARK_OUT}, + {"fragicmp", KW_FRAGICMP}, {"force_keepalive", KW_FORCE_KEEPALIVE}, - {"keyexchange", KW_KEYEXCHANGE}, - {"hidetos", KW_HIDETOS}, - {"klipsdebug", KW_KLIPSDEBUG}, - {"plutostderrlog", KW_PLUTOSTDERRLOG}, - {"rightauth", KW_RIGHTAUTH}, - {"strictcrlpolicy", KW_STRICTCRLPOLICY}, - {"charondebug", KW_CHARONDEBUG}, - {"rightid2", KW_RIGHTID2}, {"leftid", KW_LEFTID}, - {"mediated_by", KW_MEDIATED_BY}, - {"fragicmp", KW_FRAGICMP}, - {"mark_out", KW_MARK_OUT}, - {"auto", KW_AUTO}, - {"leftcert2", KW_LEFTCERT2,}, - {"nat_traversal", KW_NAT_TRAVERSAL}, - {"cacert", KW_CACERT}, - {"plutostart", KW_PLUTOSTART}, + {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, {"eap_identity", KW_EAP_IDENTITY}, - {"prepluto", KW_PREPLUTO}, - {"packetdefault", KW_PACKETDEFAULT}, + {"cachecrls", KW_CACHECRLS}, + {"pfsgroup", KW_PFSGROUP}, + {"rightid2", KW_RIGHTID2}, + {"dpdaction", KW_DPDACTION}, {"xauth_identity", KW_XAUTH_IDENTITY}, + {"leftsourceip", KW_LEFTSOURCEIP}, + {"klipsdebug", KW_KLIPSDEBUG}, + {"leftcert2", KW_LEFTCERT2}, + {"charondebug", KW_CHARONDEBUG}, + {"hidetos", KW_HIDETOS}, + {"ike", KW_IKE}, {"charonstart", KW_CHARONSTART}, - {"crlcheckinterval", KW_CRLCHECKINTERVAL}, {"rightauth2", KW_RIGHTAUTH2}, - {"ike", KW_IKE}, - {"aaa_identity", KW_AAA_IDENTITY}, + {"also", KW_ALSO}, {"leftca2", KW_LEFTCA2}, - {"authby", KW_AUTHBY}, - {"leftauth", KW_LEFTAUTH}, - {"cachecrls", KW_CACHECRLS}, + {"rekey", KW_REKEY}, + {"plutostderrlog", KW_PLUTOSTDERRLOG}, + {"plutostart", KW_PLUTOSTART}, + {"ikelifetime", KW_IKELIFETIME}, + {"crlcheckinterval", KW_CRLCHECKINTERVAL}, + {"auto", KW_AUTO}, {"ldaphost", KW_LDAPHOST}, - {"rekeymargin", KW_REKEYMARGIN}, {"rekeyfuzz", KW_REKEYFUZZ}, - {"dpddelay", KW_DPDDELAY}, - {"ikelifetime", KW_IKELIFETIME}, - {"auth", KW_AUTH}, - {"xauth", KW_XAUTH}, - {"postpluto", KW_POSTPLUTO}, - {"plutodebug", KW_PLUTODEBUG}, - {"modeconfig", KW_MODECONFIG}, - {"nocrsend", KW_NOCRSEND}, - {"leftauth2", KW_LEFTAUTH2}, - {"leftid2", KW_LEFTID2}, {"leftikeport", KW_LEFTIKEPORT}, + {"mark", KW_MARK}, + {"auth", KW_AUTH}, + {"prepluto", KW_PREPLUTO}, + {"dpddelay", KW_DPDDELAY}, + {"leftauth", KW_LEFTAUTH}, {"rightca2", KW_RIGHTCA2}, - {"rekey", KW_REKEY}, + {"xauth", KW_XAUTH}, {"rightcert2", KW_RIGHTCERT2}, - {"mark", KW_MARK}, - {"crluri2", KW_CRLURI2}, - {"reauth", KW_REAUTH}, + {"rekeymargin", KW_REKEYMARGIN}, + {"leftid2", KW_LEFTID2}, {"ocspuri2", KW_OCSPURI2}, + {"nocrsend", KW_NOCRSEND}, + {"reauth", KW_REAUTH}, + {"crluri2", KW_CRLURI2}, + {"plutodebug", KW_PLUTODEBUG}, + {"leftauth2", KW_LEFTAUTH2}, {"pkcs11module", KW_PKCS11MODULE}, {"pkcs11initargs", KW_PKCS11INITARGS}, {"pkcs11keepstate", KW_PKCS11KEEPSTATE}, - {"pkcs11proxy", KW_PKCS11PROXY} + {"pkcs11proxy", KW_PKCS11PROXY}, + {"modeconfig", KW_MODECONFIG}, + {"postpluto", KW_POSTPLUTO} }; static const short lookup[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 0, 1, -1, 2, -1, -1, 3, -1, - -1, 4, -1, 5, 6, 7, 8, 9, -1, 10, - 11, -1, 12, 13, 14, 15, 16, 17, -1, 18, - 19, 20, 21, 22, -1, -1, 23, 24, -1, 25, - 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, - 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, - 46, 47, 48, 49, 50, 51, -1, 52, 53, 54, - 55, -1, 56, 57, -1, 58, 59, 60, -1, 61, - 62, 63, 64, -1, -1, 65, -1, 66, -1, 67, - 68, 69, 70, 71, -1, -1, 72, -1, -1, 73, - 74, 75, 76, 77, 78, 79, 80, -1, 81, 82, - 83, 84, 85, 86, 87, -1, 88, -1, 89, 90, - -1, 91, 92, 93, 94, -1, 95, 96, 97, 98, - -1, -1, -1, -1, 99, 100, 101, -1, 102, 103, - 104, 105, 106, 107, 108, 109, -1, 110, -1, -1, - 111, -1, -1, -1, -1, -1, -1, 112, -1, 113, - 114, 115, 116, 117, 118, -1, -1, -1, -1, 119, - -1, -1, 120, -1, -1, -1, -1, -1, -1, 121, - -1, -1, -1, -1, 122, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 123, -1, 124, 125, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 126 + -1, -1, -1, -1, -1, -1, -1, -1, 0, 1, + -1, -1, -1, 2, 3, -1, 4, -1, 5, 6, + 7, 8, 9, -1, 10, 11, 12, 13, 14, -1, + 15, 16, -1, 17, 18, 19, 20, 21, -1, 22, + -1, -1, 23, -1, 24, 25, 26, 27, -1, 28, + 29, -1, -1, -1, 30, -1, 31, -1, -1, -1, + 32, 33, 34, 35, 36, 37, 38, 39, 40, -1, + -1, 41, 42, 43, 44, 45, 46, -1, 47, 48, + 49, -1, -1, 50, 51, 52, 53, 54, 55, 56, + 57, 58, 59, -1, -1, 60, 61, 62, 63, 64, + 65, -1, 66, 67, -1, 68, 69, -1, 70, 71, + -1, -1, 72, 73, -1, 74, 75, 76, 77, -1, + 78, -1, 79, -1, 80, -1, 81, 82, -1, 83, + 84, 85, 86, 87, 88, 89, 90, -1, -1, 91, + -1, -1, -1, 92, -1, 93, 94, -1, 95, 96, + -1, 97, 98, -1, -1, -1, -1, 99, -1, -1, + -1, 100, 101, 102, 103, 104, 105, 106, 107, -1, + -1, -1, 108, -1, 109, -1, -1, 110, 111, -1, + -1, -1, 112, -1, 113, 114, 115, -1, -1, -1, + -1, -1, 116, 117, 118, -1, -1, -1, 119, -1, + -1, 120, -1, -1, -1, -1, -1, -1, -1, 121, + -1, -1, -1, 122, -1, -1, 123, -1, 124, -1, + 125, 126, -1, -1, -1, -1, 127, -1, 128, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 129 }; #ifdef __GNUC__ diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 1dae65a99..9f46a8b4b 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -102,9 +102,10 @@ typedef enum { KW_MARK, KW_MARK_IN, KW_MARK_OUT, + KW_TFC, #define KW_CONN_FIRST KW_CONN_SETUP -#define KW_CONN_LAST KW_MARK_OUT +#define KW_CONN_LAST KW_TFC /* ca section keywords */ KW_CA_NAME, @@ -141,6 +142,7 @@ typedef enum { KW_RSASIGKEY, KW_CERT, KW_CERT2, + KW_CERTPOLICY, KW_SENDCERT, KW_CA, KW_CA2, @@ -170,6 +172,7 @@ typedef enum { KW_LEFTRSASIGKEY, KW_LEFTCERT, KW_LEFTCERT2, + KW_LEFTCERTPOLICY, KW_LEFTSENDCERT, KW_LEFTCA, KW_LEFTCA2, @@ -198,6 +201,7 @@ typedef enum { KW_RIGHTRSASIGKEY, KW_RIGHTCERT, KW_RIGHTCERT2, + KW_RIGHTCERTPOLICY, KW_RIGHTSENDCERT, KW_RIGHTCA, KW_RIGHTCA2, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index 06705635a..2c0e5de3d 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -93,6 +93,7 @@ reqid, KW_REQID mark, KW_MARK mark_in, KW_MARK_IN mark_out, KW_MARK_OUT +tfc, KW_TFC cacert, KW_CACERT ldaphost, KW_LDAPHOST ldapbase, KW_LDAPBASE @@ -120,8 +121,9 @@ leftid2, KW_LEFTID2 leftauth, KW_LEFTAUTH leftauth2, KW_LEFTAUTH2 leftrsasigkey, KW_LEFTRSASIGKEY -leftcert, KW_LEFTCERT, -leftcert2, KW_LEFTCERT2, +leftcert, KW_LEFTCERT +leftcert2, KW_LEFTCERT2 +leftcertpolicy, KW_LEFTCERTPOLICY leftsendcert, KW_LEFTSENDCERT leftca, KW_LEFTCA leftca2, KW_LEFTCA2 @@ -145,6 +147,7 @@ rightauth2, KW_RIGHTAUTH2 rightrsasigkey, KW_RIGHTRSASIGKEY rightcert, KW_RIGHTCERT rightcert2, KW_RIGHTCERT2 +rightcertpolicy, KW_RIGHTCERTPOLICY rightsendcert, KW_RIGHTSENDCERT rightca, KW_RIGHTCA rightca2, KW_RIGHTCA2 diff --git a/src/starter/starter.8 b/src/starter/starter.8 deleted file mode 100644 index e69de29bb..000000000 --- a/src/starter/starter.8 +++ /dev/null diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 9ba569d47..f251667c7 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -171,6 +171,7 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta msg_end->id2 = push_string(msg, conn_end->id2); msg_end->cert = push_string(msg, conn_end->cert); msg_end->cert2 = push_string(msg, conn_end->cert2); + msg_end->cert_policy = push_string(msg, conn_end->cert_policy); msg_end->ca = push_string(msg, conn_end->ca); msg_end->ca2 = push_string(msg, conn_end->ca2); msg_end->groups = push_string(msg, conn_end->groups); @@ -266,6 +267,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.mark_in.mask = conn->mark_in.mask; msg.add_conn.mark_out.value = conn->mark_out.value; msg.add_conn.mark_out.mask = conn->mark_out.mask; + msg.add_conn.tfc = conn->tfc; starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left); starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right); |