[svn-upgrade] Integrating new upstream version, strongswan (4.2.4)

author: Rene Mayrhofer <rene@mayrhofer.eu.org> 2008-07-09 21:02:41 +0000
committer: Rene Mayrhofer <rene@mayrhofer.eu.org> 2008-07-09 21:02:41 +0000
commit: db67c87db3c9089ea8d2e14f617bf3d9e2af261f (patch)
tree: 665c0caea83d34c11c1517c4c57137bb58cba6fb /src/stroke
parent: 1c088a8b6237ec67f63c23f97a0f2dc4e99af869 (diff)
download: vyos-strongswan-db67c87db3c9089ea8d2e14f617bf3d9e2af261f.tar.gz
vyos-strongswan-db67c87db3c9089ea8d2e14f617bf3d9e2af261f.zip
5 files changed, 65 insertions, 77 deletions
diff --git a/src/stroke/Makefile.am b/src/stroke/Makefile.am
index 6ea64753c..aaedfc787 100644
--- a/src/stroke/Makefile.am
+++ b/src/stroke/Makefile.am
@@ -1,9 +1,10 @@
 ipsec_PROGRAMS = stroke
 
-stroke_SOURCES = stroke.c stroke.h stroke_keywords.c stroke_keywords.h
+stroke_SOURCES = stroke.c stroke_msg.h stroke_keywords.c stroke_keywords.h
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 EXTRA_DIST = stroke_keywords.txt
 MAINTAINERCLEANFILES = stroke_keywords.c
+AM_CFLAGS = -DIPSEC_PIDDIR=\"${piddir}\"
 
 stroke_keywords.c:	stroke_keywords.txt stroke_keywords.h
 		$(GPERF) -C -G -t < stroke_keywords.txt > stroke_keywords.c
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index ad3df98d5..4f3373d23 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -83,6 +83,7 @@ CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
@@ -112,6 +113,7 @@ LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAKEINFO = @MAKEINFO@
 MKDIR_P = @MKDIR_P@
+NMEDIT = @NMEDIT@
 OBJEXT = @OBJEXT@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
@@ -142,7 +144,6 @@ am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
 am__tar = @am__tar@
 am__untar = @am__untar@
-backenddir = @backenddir@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
@@ -153,12 +154,11 @@ builddir = @builddir@
 confdir = @confdir@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbus_CFLAGS = @dbus_CFLAGS@
-dbus_LIBS = @dbus_LIBS@
 docdir = @docdir@
 dvidir = @dvidir@
-eapdir = @eapdir@
 exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
@@ -168,12 +168,12 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-interfacedir = @interfacedir@
 ipsecdir = @ipsecdir@
-ipsecgid = @ipsecgid@
-ipsecuid = @ipsecuid@
+ipsecgroup = @ipsecgroup@
+ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libstrongswan_plugins = @libstrongswan_plugins@
 linuxdir = @linuxdir@
 localedir = @localedir@
 localstatedir = @localstatedir@
@@ -186,20 +186,23 @@ plugindir = @plugindir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
+resolv_conf = @resolv_conf@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 simreader = @simreader@
 srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-stroke_SOURCES = stroke.c stroke.h stroke_keywords.c stroke_keywords.h
+stroke_SOURCES = stroke.c stroke_msg.h stroke_keywords.c stroke_keywords.h
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 EXTRA_DIST = stroke_keywords.txt
 MAINTAINERCLEANFILES = stroke_keywords.c
+AM_CFLAGS = -DIPSEC_PIDDIR=\"${piddir}\"
 all: all-am
 
 .SUFFIXES:
@@ -242,8 +245,8 @@ install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
 	     || test -f $$p1 \
 	  ; then \
 	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \
+	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \
+	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \
 	  else :; fi; \
 	done
 
@@ -306,8 +309,8 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
 	unique=`for i in $$list; do \
 	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
 	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
+	  $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
 	mkid -fID $$unique
 tags: TAGS
 
@@ -319,8 +322,8 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	unique=`for i in $$list; do \
 	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
 	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
 	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
 	  test -n "$$unique" || unique=$$empty_fix; \
 	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
@@ -330,13 +333,12 @@ ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
 	tags=; \
-	here=`pwd`; \
 	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
 	unique=`for i in $$list; do \
 	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
 	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
 	test -z "$(CTAGS_ARGS)$$tags$$unique" \
 	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
 	     $$tags $$unique
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index af06c8890..55f98f751 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -13,7 +13,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: stroke.c 3271 2007-10-08 20:12:25Z andreas $
+ * RCSID $Id: stroke.c 3875 2008-04-25 12:41:37Z martin $
  */
 
 #include <stdlib.h>
@@ -28,7 +28,7 @@
 #include <stdio.h>
 #include <stddef.h>
 
-#include "stroke.h"
+#include "stroke_msg.h"
 #include "stroke_keywords.h"
 
 struct stroke_token {
@@ -100,66 +100,30 @@ static int send_stroke_msg (stroke_msg_t *msg)
 static int add_connection(char *name,
 						  char *my_id, char *other_id, 
 						  char *my_addr, char *other_addr,
-						  char *my_net, char *other_net,
-						  u_int my_netmask, u_int other_netmask)
+						  char *my_nets, char *other_nets)
 {
 	stroke_msg_t msg;
 	
+	memset(&msg, 0, sizeof(msg));
 	msg.length = offsetof(stroke_msg_t, buffer);
 	msg.type = STR_ADD_CONN;
 	
 	msg.add_conn.name = push_string(&msg, name);
 	msg.add_conn.ikev2 = 1;
 	msg.add_conn.auth_method = 2;
-	msg.add_conn.eap_type = 0;
 	msg.add_conn.mode = 1;
 	msg.add_conn.mobike = 1;
-	msg.add_conn.force_encap = 0;
-	
-	msg.add_conn.rekey.reauth = 0;
-	msg.add_conn.rekey.ipsec_lifetime = 0;
-	msg.add_conn.rekey.ike_lifetime = 0;
-	msg.add_conn.rekey.margin = 0;
-	msg.add_conn.rekey.tries = 0;
-	msg.add_conn.rekey.fuzz = 0;
-	
-	msg.add_conn.algorithms.ike = NULL;
-	msg.add_conn.algorithms.esp = NULL;
-	
-	msg.add_conn.dpd.delay = 0;
 	msg.add_conn.dpd.action = 1;
 	
-	msg.add_conn.p2p.mediation = 0;
-	msg.add_conn.p2p.mediated_by = NULL;
-	msg.add_conn.p2p.peerid = NULL;
-	
 	msg.add_conn.me.id = push_string(&msg, my_id);
 	msg.add_conn.me.address = push_string(&msg, my_addr);
-	msg.add_conn.me.subnet = push_string(&msg, my_net);
-	msg.add_conn.me.subnet_mask = my_netmask;
-	msg.add_conn.me.sourceip = NULL;
-	msg.add_conn.me.virtual_ip = 0;
-	msg.add_conn.me.cert = NULL;
-	msg.add_conn.me.ca = NULL;
+	msg.add_conn.me.subnets = push_string(&msg, my_nets);
 	msg.add_conn.me.sendcert = 1;
-	msg.add_conn.me.hostaccess = 0;
-	msg.add_conn.me.tohost = 0;
-	msg.add_conn.me.protocol = 0;
-	msg.add_conn.me.port = 0;
 	
 	msg.add_conn.other.id = push_string(&msg, other_id);
 	msg.add_conn.other.address = push_string(&msg, other_addr);
-	msg.add_conn.other.subnet = push_string(&msg, other_net);
-	msg.add_conn.other.subnet_mask = other_netmask;
-	msg.add_conn.other.sourceip = NULL;
-	msg.add_conn.other.virtual_ip = 0;
-	msg.add_conn.other.cert = NULL;
-	msg.add_conn.other.ca = NULL;
+	msg.add_conn.other.subnets = push_string(&msg, other_nets);
 	msg.add_conn.other.sendcert = 1;
-	msg.add_conn.other.hostaccess = 0;
-	msg.add_conn.other.tohost = 0;
-	msg.add_conn.other.protocol = 0;
-	msg.add_conn.other.port = 0;
 	
 	return send_stroke_msg(&msg);
 }
@@ -310,8 +274,7 @@ static void exit_usage(char *error)
 	printf("           MY_NET OTHER_NET MY_NETBITS OTHER_NETBITS\n");
 	printf("    where: ID is any IKEv2 ID \n");
 	printf("           ADDR is a IPv4 address\n");
-	printf("           NET is a IPv4 address of the subnet to tunnel\n");
-	printf("           NETBITS is the size of the subnet, as the \"24\" in 192.168.0.0/24\n");
+	printf("           NET is a IPv4 subnet in CIDR notation\n");
 	printf("  Delete a connection:\n");
 	printf("    stroke delete NAME\n");
 	printf("    where: NAME is a connection name added with \"stroke add\"\n");
@@ -367,8 +330,7 @@ int main(int argc, char *argv[])
 			res = add_connection(argv[2],
 								 argv[3], argv[4], 
 								 argv[5], argv[6], 
-								 argv[7], argv[8], 
-								 atoi(argv[9]), atoi(argv[10]));
+								 argv[7], argv[8]);
 			break;
 		case STROKE_DELETE:
 		case STROKE_DEL:
diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c
index 5143cba2e..ad37732fa 100644
--- a/src/stroke/stroke_keywords.c
+++ b/src/stroke/stroke_keywords.c
@@ -1,4 +1,4 @@
-/* C code produced by gperf version 3.0.1 */
+/* C code produced by gperf version 3.0.3 */
 /* Command-line: /usr/bin/gperf -C -G -t  */
 /* Computed positions: -k'1,5,7' */
 
@@ -169,6 +169,9 @@ static const struct stroke_token wordlist[] =
 
 #ifdef __GNUC__
 __inline
+#ifdef __GNUC_STDC_INLINE__
+__attribute__ ((__gnu_inline__))
+#endif
 #endif
 const struct stroke_token *
 in_word_set (str, len)
diff --git a/src/stroke/stroke.h b/src/stroke/stroke_msg.h
index ca4e397e4..6aa5d8a49 100644
--- a/src/stroke/stroke.h
+++ b/src/stroke/stroke_msg.h
@@ -1,5 +1,5 @@
 /**
- * @file stroke.h
+ * @file stroke_msg.h
  *
  * @brief Definition of stroke_msg_t.
  *
@@ -19,18 +19,18 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: stroke.h 3394 2007-12-13 17:31:21Z martin $
+ * RCSID $Id: stroke_msg.h 3920 2008-05-08 16:19:11Z tobias $
  */
 
-#ifndef STROKE_H_
-#define STROKE_H_
+#ifndef STROKE_MSG_H_
+#define STROKE_MSG_H_
 
 #include <sys/types.h>
 
 /**
  * Socket which is used to communicate between charon and stroke
  */
-#define STROKE_SOCKET "/var/run/charon.ctl"
+#define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl"
 
 #define STROKE_BUF_LEN		2048
 
@@ -103,6 +103,16 @@ enum purge_flag_t {
 	PURGE_OCSP =		0x0001,
 };
 
+/**
+ * CRL certificate validation policy
+ */
+typedef enum {
+	CRL_STRICT_NO,
+	CRL_STRICT_YES,
+	CRL_STRICT_IFURI,
+} crl_policy_t;
+
+
 typedef struct stroke_end_t stroke_end_t;
 
 /**
@@ -116,9 +126,8 @@ struct stroke_end_t {
 	char *updown;
 	char *address;
 	char *sourceip;
-	u_int8_t virtual_ip;
-	char *subnet;
-	int subnet_mask;
+	int sourceip_size;
+	char *subnets;
 	int sendcert;
 	int hostaccess;
 	int tohost;
@@ -159,6 +168,8 @@ struct stroke_msg_t {
 		STR_DEL_CA,
 		/* set a log type to log/not log */
 		STR_LOGLEVEL,
+		/* configure global options for stroke */
+		STR_CONFIG,
 		/* list various objects */
 		STR_LIST,
 		/* reread various objects */
@@ -187,6 +198,9 @@ struct stroke_msg_t {
 			int mode;
 			int mobike;
 			int force_encap;
+			int ipcomp;
+			crl_policy_t crl_policy;
+			int unique;
 			struct {
 				char *ike;
 				char *esp;
@@ -207,7 +221,7 @@ struct stroke_msg_t {
 				int mediation;
 				char *mediated_by;
 				char *peerid;
-			} p2p;
+			} ikeme;
 			stroke_end_t me, other;
 		} add_conn;
 
@@ -219,6 +233,7 @@ struct stroke_msg_t {
 			char *crluri2;
 			char *ocspuri;
 			char *ocspuri2;
+			char *certuribase;
 		} add_ca;
 
 		/* data for STR_LOGLEVEL */
@@ -226,6 +241,11 @@ struct stroke_msg_t {
 			char *type;
 			int level;
 		} loglevel;
+		
+		/* data for STR_CONFIG */
+		struct {
+			int cachecrl;
+		} config;
 
 		/* data for STR_LIST */
 		struct {
@@ -246,4 +266,4 @@ struct stroke_msg_t {
 	char buffer[STROKE_BUF_LEN];
 };
 
-#endif /* STROKE_H_ */
+#endif /* STROKE_MSG_H_ */
author	Rene Mayrhofer <rene@mayrhofer.eu.org>	2008-07-09 21:02:41 +0000
committer	Rene Mayrhofer <rene@mayrhofer.eu.org>	2008-07-09 21:02:41 +0000
commit	db67c87db3c9089ea8d2e14f617bf3d9e2af261f (patch)
tree	665c0caea83d34c11c1517c4c57137bb58cba6fb /src/stroke
parent	1c088a8b6237ec67f63c23f97a0f2dc4e99af869 (diff)
download	vyos-strongswan-db67c87db3c9089ea8d2e14f617bf3d9e2af261f.tar.gz vyos-strongswan-db67c87db3c9089ea8d2e14f617bf3d9e2af261f.zip