summaryrefslogtreecommitdiff
path: root/src/stroke
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2008-10-29 11:11:01 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2008-10-29 11:11:01 +0000
commit8b80ab5a6950ce6515f477624794defd7531642a (patch)
treeaa8303f3806c5615fbeafc4dc82febe3cd7c24dc /src/stroke
parentdb67c87db3c9089ea8d2e14f617bf3d9e2af261f (diff)
downloadvyos-strongswan-8b80ab5a6950ce6515f477624794defd7531642a.tar.gz
vyos-strongswan-8b80ab5a6950ce6515f477624794defd7531642a.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.2.8)
Diffstat (limited to 'src/stroke')
-rw-r--r--src/stroke/Makefile.in2
-rw-r--r--src/stroke/stroke.c29
-rw-r--r--src/stroke/stroke_keywords.c75
-rw-r--r--src/stroke/stroke_keywords.h7
-rw-r--r--src/stroke/stroke_keywords.txt5
-rw-r--r--src/stroke/stroke_msg.h35
6 files changed, 103 insertions, 50 deletions
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index 4f3373d23..06d9e07ef 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -179,6 +179,8 @@ localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index 55f98f751..d100c2107 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: stroke.c 3875 2008-04-25 12:41:37Z martin $
+ * RCSID $Id: stroke.c 4384 2008-10-08 07:00:13Z andreas $
*/
#include <stdlib.h>
@@ -158,6 +158,17 @@ static int terminate_connection(char *name)
return send_stroke_msg(&msg);
}
+static int terminate_connection_srcip(char *start, char *end)
+{
+ stroke_msg_t msg;
+
+ msg.type = STR_TERMINATE_SRCIP;
+ msg.length = offsetof(stroke_msg_t, buffer);
+ msg.terminate_srcip.start = push_string(&msg, start);
+ msg.terminate_srcip.end = push_string(&msg, end);
+ return send_stroke_msg(&msg);
+}
+
static int route_connection(char *name)
{
stroke_msg_t msg;
@@ -189,6 +200,7 @@ static int show_status(stroke_keyword_t kw, char *connection)
}
static int list_flags[] = {
+ LIST_PUBKEYS,
LIST_CERTS,
LIST_CACERTS,
LIST_OCSPCERTS,
@@ -198,6 +210,7 @@ static int list_flags[] = {
LIST_CAINFOS,
LIST_CRLS,
LIST_OCSP,
+ LIST_ALGS,
LIST_ALL
};
@@ -284,6 +297,9 @@ static void exit_usage(char *error)
printf(" Terminate a connection:\n");
printf(" stroke down NAME\n");
printf(" where: NAME is a connection name added with \"stroke add\"\n");
+ printf(" Terminate a connection by remote srcip:\n");
+ printf(" stroke down-srcip START [END]\n");
+ printf(" where: START and optional END define the clients source IP\n");
printf(" Set loglevel for a logging type:\n");
printf(" stroke loglevel TYPE LEVEL\n");
printf(" where: TYPE is any|dmn|mgr|ike|chd|job|cfg|knl|net|enc|lib\n");
@@ -294,6 +310,8 @@ static void exit_usage(char *error)
printf(" stroke listcacerts|listocspcerts|listaacerts|listacerts\n");
printf(" Show list of end entity certificates, ca info records and crls:\n");
printf(" stroke listcerts|listcainfos|listcrls|listall\n");
+ printf(" Show list of supported algorithms:\n");
+ printf(" stroke listalgs\n");
printf(" Reload authority and attribute certificates:\n");
printf(" stroke rereadcacerts|rereadocspcerts|rereadaacerts|rereadacerts\n");
printf(" Reload secrets and crls:\n");
@@ -354,6 +372,13 @@ int main(int argc, char *argv[])
}
res = terminate_connection(argv[2]);
break;
+ case STROKE_DOWN_SRCIP:
+ if (argc < 3)
+ {
+ exit_usage("\"down-srcip\" needs start and optional end address");
+ }
+ res = terminate_connection_srcip(argv[2], argc > 3 ? argv[3] : NULL);
+ break;
case STROKE_ROUTE:
if (argc < 3)
{
@@ -379,6 +404,7 @@ int main(int argc, char *argv[])
case STROKE_STATUSALL:
res = show_status(token->kw, argc > 2 ? argv[2] : NULL);
break;
+ case STROKE_LIST_PUBKEYS:
case STROKE_LIST_CERTS:
case STROKE_LIST_CACERTS:
case STROKE_LIST_OCSPCERTS:
@@ -387,6 +413,7 @@ int main(int argc, char *argv[])
case STROKE_LIST_CAINFOS:
case STROKE_LIST_CRLS:
case STROKE_LIST_OCSP:
+ case STROKE_LIST_ALGS:
case STROKE_LIST_ALL:
res = list(token->kw, argc > 2 && strcmp(argv[2], "--utc") == 0);
break;
diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c
index ad37732fa..17bcda47c 100644
--- a/src/stroke/stroke_keywords.c
+++ b/src/stroke/stroke_keywords.c
@@ -44,7 +44,7 @@ error "gperf generated tables don't work with this execution character set. Plea
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: stroke_keywords.txt 3271 2007-10-08 20:12:25Z andreas $
+ * RCSID $Id: stroke_keywords.txt 4384 2008-10-08 07:00:13Z andreas $
*/
#include <string.h>
@@ -56,12 +56,12 @@ struct stroke_token {
stroke_keyword_t kw;
};
-#define TOTAL_KEYWORDS 28
+#define TOTAL_KEYWORDS 31
#define MIN_WORD_LENGTH 2
#define MAX_WORD_LENGTH 15
#define MIN_HASH_VALUE 3
-#define MAX_HASH_VALUE 45
-/* maximum key range = 43, duplicates = 0 */
+#define MAX_HASH_VALUE 48
+/* maximum key range = 46, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -77,32 +77,32 @@ hash (str, len)
{
static const unsigned char asso_values[] =
{
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 0, 46, 5,
- 28, 0, 46, 0, 46, 20, 46, 46, 0, 46,
- 46, 20, 0, 46, 10, 10, 0, 10, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 0, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 0, 0, 5,
+ 28, 0, 49, 10, 49, 20, 49, 49, 0, 49,
+ 49, 20, 0, 49, 10, 10, 0, 10, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 49
};
register int hval = len;
@@ -134,13 +134,14 @@ static const struct stroke_token wordlist[] =
{"loglevel", STROKE_LOGLEVEL},
{""},
{"listacerts", STROKE_LIST_ACERTS},
- {""},
+ {"listpubkeys", STROKE_LIST_PUBKEYS},
{"up", STROKE_UP},
{"listcrls", STROKE_LIST_CRLS},
{"purgeocsp", STROKE_PURGE_OCSP},
{"route", STROKE_ROUTE},
{"listaacerts", STROKE_LIST_AACERTS},
- {""}, {""},
+ {""},
+ {"listalgs", STROKE_LIST_ALGS},
{"rereadall", STROKE_REREAD_ALL},
{""},
{"listcacerts", STROKE_LIST_CACERTS},
@@ -152,7 +153,7 @@ static const struct stroke_token wordlist[] =
{"unroute", STROKE_UNROUTE},
{"rereadcacerts", STROKE_REREAD_CACERTS},
{"statusall", STROKE_STATUSALL},
- {"listgroups", STROKE_LIST_GROUPS},
+ {""},
{"del", STROKE_DEL},
{"down", STROKE_DOWN},
{"rereadsecrets", STROKE_REREAD_SECRETS},
@@ -161,10 +162,14 @@ static const struct stroke_token wordlist[] =
{"listcainfos", STROKE_LIST_CAINFOS},
{""},
{"listocsp", STROKE_LIST_OCSP},
- {""}, {""}, {""}, {""},
+ {""},
+ {"listgroups", STROKE_LIST_GROUPS},
+ {""}, {""},
{"listocspcerts", STROKE_LIST_OCSPCERTS},
{""},
- {"rereadocspcerts", STROKE_REREAD_OCSPCERTS}
+ {"rereadocspcerts", STROKE_REREAD_OCSPCERTS},
+ {""}, {""},
+ {"down-srcip", STROKE_DOWN_SRCIP}
};
#ifdef __GNUC__
diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h
index e73aa5ca9..0ad221153 100644
--- a/src/stroke/stroke_keywords.h
+++ b/src/stroke/stroke_keywords.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: stroke_keywords.h 3271 2007-10-08 20:12:25Z andreas $
+ * RCSID $Id: stroke_keywords.h 4384 2008-10-08 07:00:13Z andreas $
*/
#ifndef _STROKE_KEYWORDS_H_
@@ -26,9 +26,11 @@ typedef enum {
STROKE_UNROUTE,
STROKE_UP,
STROKE_DOWN,
+ STROKE_DOWN_SRCIP,
STROKE_LOGLEVEL,
STROKE_STATUS,
STROKE_STATUSALL,
+ STROKE_LIST_PUBKEYS,
STROKE_LIST_CERTS,
STROKE_LIST_CACERTS,
STROKE_LIST_OCSPCERTS,
@@ -38,6 +40,7 @@ typedef enum {
STROKE_LIST_CAINFOS,
STROKE_LIST_CRLS,
STROKE_LIST_OCSP,
+ STROKE_LIST_ALGS,
STROKE_LIST_ALL,
STROKE_REREAD_SECRETS,
STROKE_REREAD_CACERTS,
@@ -49,7 +52,7 @@ typedef enum {
STROKE_PURGE_OCSP
} stroke_keyword_t;
-#define STROKE_LIST_FIRST STROKE_LIST_CERTS
+#define STROKE_LIST_FIRST STROKE_LIST_PUBKEYS
#define STROKE_REREAD_FIRST STROKE_REREAD_SECRETS
#define STROKE_PURGE_FIRST STROKE_PURGE_OCSP
diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt
index f36beb19a..ba35e8bcc 100644
--- a/src/stroke/stroke_keywords.txt
+++ b/src/stroke/stroke_keywords.txt
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: stroke_keywords.txt 3271 2007-10-08 20:12:25Z andreas $
+ * RCSID $Id: stroke_keywords.txt 4384 2008-10-08 07:00:13Z andreas $
*/
#include <string.h>
@@ -33,9 +33,11 @@ route, STROKE_ROUTE
unroute, STROKE_UNROUTE
up, STROKE_UP
down, STROKE_DOWN
+down-srcip, STROKE_DOWN_SRCIP
loglevel, STROKE_LOGLEVEL
status, STROKE_STATUS
statusall, STROKE_STATUSALL
+listpubkeys, STROKE_LIST_PUBKEYS
listcerts, STROKE_LIST_CERTS
listcacerts, STROKE_LIST_CACERTS
listocspcerts, STROKE_LIST_OCSPCERTS
@@ -45,6 +47,7 @@ listgroups, STROKE_LIST_GROUPS
listcainfos, STROKE_LIST_CAINFOS
listcrls, STROKE_LIST_CRLS
listocsp, STROKE_LIST_OCSP
+listalgs, STROKE_LIST_ALGS
listall, STROKE_LIST_ALL
rereadsecrets, STROKE_REREAD_SECRETS
rereadcacerts, STROKE_REREAD_CACERTS
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index 6aa5d8a49..4d2fb1071 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -19,7 +19,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: stroke_msg.h 3920 2008-05-08 16:19:11Z tobias $
+ * RCSID $Id: stroke_msg.h 4384 2008-10-08 07:00:13Z andreas $
*/
#ifndef STROKE_MSG_H_
@@ -43,26 +43,30 @@ typedef enum list_flag_t list_flag_t;
enum list_flag_t {
/** don't list anything */
LIST_NONE = 0x0000,
+ /** list all raw public keys */
+ LIST_PUBKEYS = 0x0001,
/** list all host/user certs */
- LIST_CERTS = 0x0001,
+ LIST_CERTS = 0x0002,
/** list all ca certs */
- LIST_CACERTS = 0x0002,
+ LIST_CACERTS = 0x0004,
/** list all ocsp signer certs */
- LIST_OCSPCERTS = 0x0004,
+ LIST_OCSPCERTS = 0x0008,
/** list all aa certs */
- LIST_AACERTS = 0x0008,
+ LIST_AACERTS = 0x0010,
/** list all attribute certs */
- LIST_ACERTS = 0x0010,
+ LIST_ACERTS = 0x0020,
/** list all access control groups */
- LIST_GROUPS = 0x0020,
+ LIST_GROUPS = 0x0040,
/** list all ca information records */
- LIST_CAINFOS = 0x0040,
+ LIST_CAINFOS = 0x0080,
/** list all crls */
- LIST_CRLS = 0x0080,
+ LIST_CRLS = 0x0100,
/** list all ocsp cache entries */
- LIST_OCSP = 0x0100,
+ LIST_OCSP = 0x0200,
+ /** list all supported algorithms */
+ LIST_ALGS = 0x0400,
/** all list options */
- LIST_ALL = 0x01FF,
+ LIST_ALL = 0x07FF,
};
typedef enum reread_flag_t reread_flag_t;
@@ -158,6 +162,8 @@ struct stroke_msg_t {
STR_DEL_CONN,
/* terminate connection */
STR_TERMINATE,
+ /* terminate connection by peers srcip/virtual ip */
+ STR_TERMINATE_SRCIP,
/* show connection status */
STR_STATUS,
/* show verbose connection status */
@@ -187,6 +193,12 @@ struct stroke_msg_t {
struct {
char *name;
} initiate, route, unroute, terminate, status, del_conn, del_ca;
+
+ /* data for STR_TERMINATE_SRCIP */
+ struct {
+ char *start;
+ char *end;
+ } terminate_srcip;
/* data for STR_ADD_CONN */
struct {
@@ -195,6 +207,7 @@ struct stroke_msg_t {
int auth_method;
u_int32_t eap_type;
u_int32_t eap_vendor;
+ char *eap_identity;
int mode;
int mobike;
int force_encap;