summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2007-06-03 17:46:37 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2007-06-03 17:46:37 +0000
commit62bf8ed9e48c18169c43ae6c44f345f401bd4393 (patch)
tree61a58c5c24278a9013b23b2cea5605a1ee142cdb /src
parent59dbcced8de77b3b861cd2307543226f0abc10a6 (diff)
downloadvyos-strongswan-62bf8ed9e48c18169c43ae6c44f345f401bd4393.tar.gz
vyos-strongswan-62bf8ed9e48c18169c43ae6c44f345f401bd4393.zip
- Update to new upstream release.
Diffstat (limited to 'src')
-rw-r--r--src/Makefile.am2
-rw-r--r--src/Makefile.in17
-rw-r--r--src/_copyright/Makefile.in15
-rw-r--r--src/_updown/Makefile.in15
-rw-r--r--src/_updown_espmark/Makefile.in15
-rw-r--r--src/charon/Makefile.am195
-rw-r--r--src/charon/Makefile.in1933
-rw-r--r--src/charon/bus/bus.c73
-rw-r--r--src/charon/bus/bus.h11
-rw-r--r--src/charon/config/backend_manager.c229
-rw-r--r--src/charon/config/backend_manager.h124
-rw-r--r--src/charon/config/backends/backend.h96
-rw-r--r--src/charon/config/backends/local_backend.c274
-rw-r--r--src/charon/config/backends/local_backend.h60
-rw-r--r--src/charon/config/backends/writeable_backend.h64
-rw-r--r--src/charon/config/child_cfg.c449
-rw-r--r--src/charon/config/child_cfg.h251
-rwxr-xr-xsrc/charon/config/configuration.c162
-rwxr-xr-xsrc/charon/config/configuration.h102
-rw-r--r--src/charon/config/connections/connection.c404
-rw-r--r--src/charon/config/connections/connection.h292
-rwxr-xr-xsrc/charon/config/connections/connection_store.h118
-rw-r--r--src/charon/config/connections/local_connection_store.c237
-rw-r--r--src/charon/config/connections/local_connection_store.h62
-rw-r--r--src/charon/config/credentials/local_credential_store.c360
-rw-r--r--src/charon/config/credentials/local_credential_store.h3
-rw-r--r--src/charon/config/ike_cfg.c228
-rw-r--r--src/charon/config/ike_cfg.h151
-rw-r--r--src/charon/config/peer_cfg.c479
-rw-r--r--src/charon/config/peer_cfg.h368
-rw-r--r--src/charon/config/policies/local_policy_store.c282
-rw-r--r--src/charon/config/policies/local_policy_store.h60
-rw-r--r--src/charon/config/policies/policy.c635
-rw-r--r--src/charon/config/policies/policy.h413
-rwxr-xr-xsrc/charon/config/policies/policy_store.h119
-rw-r--r--src/charon/config/proposal.c103
-rw-r--r--src/charon/config/proposal.h12
-rw-r--r--src/charon/config/traffic_selector.c20
-rw-r--r--src/charon/control/interface_manager.c705
-rw-r--r--src/charon/control/interface_manager.h192
-rw-r--r--src/charon/control/interfaces/dbus_interface.c479
-rw-r--r--src/charon/control/interfaces/dbus_interface.h57
-rw-r--r--src/charon/control/interfaces/interface.h59
-rwxr-xr-xsrc/charon/control/interfaces/stroke_interface.c1728
-rw-r--r--src/charon/control/interfaces/stroke_interface.h (renamed from src/charon/threads/stroke_interface.h)31
-rw-r--r--src/charon/control/interfaces/xml_interface.c63
-rw-r--r--src/charon/control/interfaces/xml_interface.h57
-rw-r--r--src/charon/daemon.c107
-rw-r--r--src/charon/daemon.h156
-rw-r--r--src/charon/encoding/message.c81
-rw-r--r--src/charon/kernel/kernel_interface.c (renamed from src/charon/threads/kernel_interface.c)22
-rw-r--r--src/charon/kernel/kernel_interface.h (renamed from src/charon/threads/kernel_interface.h)8
-rw-r--r--src/charon/network/receiver.c (renamed from src/charon/threads/receiver.c)15
-rw-r--r--src/charon/network/receiver.h (renamed from src/charon/threads/receiver.h)4
-rw-r--r--src/charon/network/sender.c (renamed from src/charon/threads/sender.c)10
-rw-r--r--src/charon/network/sender.h (renamed from src/charon/threads/sender.h)4
-rw-r--r--src/charon/network/socket.c44
-rw-r--r--src/charon/processing/event_queue.c (renamed from src/charon/queues/event_queue.c)0
-rw-r--r--src/charon/processing/event_queue.h (renamed from src/charon/queues/event_queue.h)6
-rw-r--r--src/charon/processing/job_queue.c (renamed from src/charon/queues/job_queue.c)0
-rw-r--r--src/charon/processing/job_queue.h (renamed from src/charon/queues/job_queue.h)6
-rw-r--r--src/charon/processing/jobs/acquire_job.c (renamed from src/charon/queues/jobs/acquire_job.c)0
-rw-r--r--src/charon/processing/jobs/acquire_job.h (renamed from src/charon/queues/jobs/acquire_job.h)2
-rw-r--r--src/charon/processing/jobs/delete_child_sa_job.c (renamed from src/charon/queues/jobs/delete_child_sa_job.c)0
-rw-r--r--src/charon/processing/jobs/delete_child_sa_job.h (renamed from src/charon/queues/jobs/delete_child_sa_job.h)2
-rw-r--r--src/charon/processing/jobs/delete_ike_sa_job.c (renamed from src/charon/queues/jobs/delete_ike_sa_job.c)0
-rw-r--r--src/charon/processing/jobs/delete_ike_sa_job.h (renamed from src/charon/queues/jobs/delete_ike_sa_job.h)2
-rw-r--r--src/charon/processing/jobs/job.c (renamed from src/charon/queues/jobs/job.c)0
-rw-r--r--src/charon/processing/jobs/job.h (renamed from src/charon/queues/jobs/job.h)0
-rw-r--r--src/charon/processing/jobs/process_message_job.c (renamed from src/charon/queues/jobs/process_message_job.c)0
-rw-r--r--src/charon/processing/jobs/process_message_job.h (renamed from src/charon/queues/jobs/process_message_job.h)2
-rw-r--r--src/charon/processing/jobs/rekey_child_sa_job.c (renamed from src/charon/queues/jobs/rekey_child_sa_job.c)0
-rw-r--r--src/charon/processing/jobs/rekey_child_sa_job.h (renamed from src/charon/queues/jobs/rekey_child_sa_job.h)2
-rw-r--r--src/charon/processing/jobs/rekey_ike_sa_job.c (renamed from src/charon/queues/jobs/rekey_ike_sa_job.c)2
-rw-r--r--src/charon/processing/jobs/rekey_ike_sa_job.h (renamed from src/charon/queues/jobs/rekey_ike_sa_job.h)2
-rw-r--r--src/charon/processing/jobs/retransmit_job.c (renamed from src/charon/queues/jobs/retransmit_job.c)0
-rw-r--r--src/charon/processing/jobs/retransmit_job.h (renamed from src/charon/queues/jobs/retransmit_job.h)2
-rw-r--r--src/charon/processing/jobs/send_dpd_job.c (renamed from src/charon/queues/jobs/send_dpd_job.c)0
-rw-r--r--src/charon/processing/jobs/send_dpd_job.h (renamed from src/charon/queues/jobs/send_dpd_job.h)3
-rw-r--r--src/charon/processing/jobs/send_keepalive_job.c (renamed from src/charon/queues/jobs/send_keepalive_job.c)0
-rw-r--r--src/charon/processing/jobs/send_keepalive_job.h (renamed from src/charon/queues/jobs/send_keepalive_job.h)3
-rw-r--r--src/charon/processing/scheduler.c (renamed from src/charon/threads/scheduler.c)4
-rw-r--r--src/charon/processing/scheduler.h (renamed from src/charon/threads/scheduler.h)4
-rw-r--r--src/charon/processing/thread_pool.c (renamed from src/charon/threads/thread_pool.c)6
-rw-r--r--src/charon/processing/thread_pool.h (renamed from src/charon/threads/thread_pool.h)4
-rw-r--r--src/charon/queues/jobs/initiate_job.c112
-rw-r--r--src/charon/queues/jobs/initiate_job.h61
-rw-r--r--src/charon/queues/jobs/route_job.c125
-rw-r--r--src/charon/queues/jobs/route_job.h59
-rw-r--r--src/charon/sa/authenticators/eap/eap_method.c35
-rw-r--r--src/charon/sa/authenticators/eap/eap_sim.c104
-rw-r--r--src/charon/sa/authenticators/eap_authenticator.c58
-rw-r--r--src/charon/sa/authenticators/psk_authenticator.c10
-rw-r--r--src/charon/sa/authenticators/rsa_authenticator.c37
-rw-r--r--src/charon/sa/child_sa.c231
-rw-r--r--src/charon/sa/child_sa.h44
-rw-r--r--src/charon/sa/ike_sa.c713
-rw-r--r--src/charon/sa/ike_sa.h124
-rw-r--r--src/charon/sa/ike_sa_id.c28
-rw-r--r--src/charon/sa/ike_sa_manager.c24
-rw-r--r--src/charon/sa/task_manager.c22
-rw-r--r--src/charon/sa/task_manager.h40
-rw-r--r--src/charon/sa/tasks/child_create.c259
-rw-r--r--src/charon/sa/tasks/child_create.h6
-rw-r--r--src/charon/sa/tasks/child_delete.c22
-rw-r--r--src/charon/sa/tasks/child_rekey.c19
-rw-r--r--src/charon/sa/tasks/ike_auth.c66
-rw-r--r--src/charon/sa/tasks/ike_cert.c50
-rw-r--r--src/charon/sa/tasks/ike_config.c45
-rw-r--r--src/charon/sa/tasks/ike_config.h5
-rw-r--r--src/charon/sa/tasks/ike_delete.c3
-rw-r--r--src/charon/sa/tasks/ike_init.c137
-rw-r--r--src/charon/sa/tasks/ike_rekey.c77
-rwxr-xr-xsrc/charon/threads/stroke_interface.c1456
-rw-r--r--src/include/Makefile.am2
-rw-r--r--src/include/Makefile.in358
-rw-r--r--src/include/linux/ipsec.h46
-rw-r--r--src/include/linux/netlink.h241
-rw-r--r--src/include/linux/pfkeyv2.h348
-rw-r--r--src/include/linux/rtnetlink.h1072
-rw-r--r--src/include/linux/udp.h63
-rw-r--r--src/include/linux/xfrm.h343
-rw-r--r--src/ipsec/Makefile.in15
-rwxr-xr-xsrc/ipsec/ipsec.in12
-rw-r--r--src/libcrypto/Makefile.am4
-rw-r--r--src/libcrypto/Makefile.in55
-rw-r--r--src/libcrypto/libdes/des_opts.c620
-rw-r--r--src/libcrypto/libdes/speed.c329
-rw-r--r--src/libfreeswan/Makefile.in15
-rw-r--r--src/libfreeswan/ipsec_ah.h124
-rw-r--r--src/libfreeswan/ipsec_encap.h88
-rw-r--r--src/libfreeswan/ipsec_eroute.h21
-rw-r--r--src/libfreeswan/ipsec_errs.h21
-rw-r--r--src/libfreeswan/ipsec_esp.h140
-rw-r--r--src/libfreeswan/ipsec_ipe4.h41
-rw-r--r--src/libfreeswan/ipsec_kversion.h36
-rw-r--r--src/libfreeswan/ipsec_life.h22
-rw-r--r--src/libfreeswan/ipsec_md5h.h57
-rw-r--r--src/libfreeswan/ipsec_rcv.h124
-rw-r--r--src/libfreeswan/ipsec_sa.h86
-rw-r--r--src/libfreeswan/ipsec_sha1.h47
-rw-r--r--src/libfreeswan/ipsec_tunnel.h139
-rw-r--r--src/libfreeswan/ipsec_xform.h190
-rw-r--r--src/libfreeswan/pfkey.h172
-rw-r--r--src/libfreeswan/pfkey_v2_debug.c49
-rw-r--r--src/libfreeswan/pfkey_v2_ext_bits.c65
-rw-r--r--src/libfreeswan/pfkey_v2_parse.c225
-rw-r--r--src/libfreeswan/radij.h79
-rw-r--r--src/libstrongswan/Makefile.am1
-rw-r--r--src/libstrongswan/Makefile.in26
-rw-r--r--src/libstrongswan/asn1/asn1.c40
-rw-r--r--src/libstrongswan/asn1/asn1.h2
-rw-r--r--src/libstrongswan/asn1/oid.c283
-rw-r--r--src/libstrongswan/asn1/oid.h112
-rw-r--r--src/libstrongswan/asn1/oid.txt7
-rw-r--r--src/libstrongswan/chunk.c1
-rwxr-xr-xsrc/libstrongswan/credential_store.h47
-rw-r--r--src/libstrongswan/crypto/ac.c665
-rw-r--r--src/libstrongswan/crypto/ac.h81
-rw-r--r--src/libstrongswan/crypto/ca.c179
-rw-r--r--src/libstrongswan/crypto/ca.h38
-rw-r--r--src/libstrongswan/crypto/certinfo.c48
-rwxr-xr-xsrc/libstrongswan/crypto/crl.c80
-rwxr-xr-xsrc/libstrongswan/crypto/crl.h9
-rw-r--r--src/libstrongswan/crypto/ocsp.c2
-rwxr-xr-xsrc/libstrongswan/crypto/x509.c261
-rwxr-xr-xsrc/libstrongswan/crypto/x509.h76
-rw-r--r--src/libstrongswan/library.h9
-rw-r--r--src/libstrongswan/printf_hook.h16
-rw-r--r--src/libstrongswan/utils/fetcher.c3
-rw-r--r--src/libstrongswan/utils/host.c2
-rw-r--r--src/libstrongswan/utils/identification.c16
-rw-r--r--src/openac/Makefile.in15
-rw-r--r--src/openac/build.c261
-rwxr-xr-xsrc/openac/openac.c628
-rw-r--r--src/pluto/Makefile.am3
-rw-r--r--src/pluto/Makefile.in18
-rw-r--r--src/pluto/crl.c14
-rw-r--r--src/pluto/crl.h1
-rw-r--r--src/pluto/fetch.c3
-rw-r--r--src/pluto/kernel_netlink.c4
-rw-r--r--src/pluto/keys.c2
-rw-r--r--src/pluto/linux26/netlink.h90
-rw-r--r--src/pluto/linux26/rtnetlink.h562
-rw-r--r--src/pluto/linux26/xfrm.h233
-rw-r--r--src/pluto/modecfg.c3
-rw-r--r--src/pluto/oid.c283
-rw-r--r--src/pluto/oid.h115
-rw-r--r--src/pluto/oid.txt1
-rw-r--r--src/pluto/plutomain.c29
-rw-r--r--src/pluto/vendor.c4
-rw-r--r--src/pluto/vendor.h2
-rw-r--r--src/pluto/xauth.c2
-rw-r--r--src/pluto/xauth.h2
-rw-r--r--src/scepclient/Makefile.in15
-rw-r--r--src/starter/Makefile.in15
-rw-r--r--src/starter/args.c8
-rw-r--r--src/starter/confread.h40
-rw-r--r--src/starter/invokecharon.c17
-rw-r--r--src/starter/invokepluto.c5
-rw-r--r--src/starter/ipsec.conf.518
-rw-r--r--src/starter/starterstroke.c3
-rw-r--r--src/starter/y.tab.c2
-rw-r--r--src/starter/y.tab.h2
-rw-r--r--src/stroke/Makefile.in15
-rw-r--r--src/stroke/stroke.c5
-rw-r--r--src/stroke/stroke.h23
-rw-r--r--src/stroke/stroke_keywords.c108
-rw-r--r--src/stroke/stroke_keywords.h5
-rw-r--r--src/stroke/stroke_keywords.txt5
-rw-r--r--src/whack/Makefile.in15
211 files changed, 14185 insertions, 11923 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index a3f90f39e..204a211e4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1 +1 @@
-SUBDIRS = libfreeswan libcrypto libstrongswan pluto whack charon stroke starter openac scepclient ipsec _updown _updown_espmark _copyright
+SUBDIRS = include libfreeswan libcrypto libstrongswan pluto whack charon stroke starter openac scepclient ipsec _updown _updown_espmark _copyright
diff --git a/src/Makefile.in b/src/Makefile.in
index 6fa95d413..9fb649725 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -99,6 +99,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -111,6 +112,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -121,8 +123,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -144,6 +150,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -153,6 +160,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -166,9 +175,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -183,7 +196,9 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
-SUBDIRS = libfreeswan libcrypto libstrongswan pluto whack charon stroke starter openac scepclient ipsec _updown _updown_espmark _copyright
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+SUBDIRS = include libfreeswan libcrypto libstrongswan pluto whack charon stroke starter openac scepclient ipsec _updown _updown_espmark _copyright
all: all-recursive
.SUFFIXES:
diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in
index 7e78b9185..68d2f0484 100644
--- a/src/_copyright/Makefile.in
+++ b/src/_copyright/Makefile.in
@@ -115,6 +115,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -127,6 +128,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -137,8 +139,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -160,6 +166,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -169,6 +176,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -182,9 +191,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -199,6 +212,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
_copyright_SOURCES = _copyright.c
dist_man8_MANS = _copyright.8
INCLUDES = -I$(top_srcdir)/src/libfreeswan
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in
index ccb176fbc..9118eef49 100644
--- a/src/_updown/Makefile.in
+++ b/src/_updown/Makefile.in
@@ -98,6 +98,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -110,6 +111,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -120,8 +122,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -143,6 +149,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -152,6 +159,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -165,9 +174,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -182,6 +195,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
dist_ipsec_SCRIPTS = _updown
dist_man8_MANS = _updown.8
all: all-am
diff --git a/src/_updown_espmark/Makefile.in b/src/_updown_espmark/Makefile.in
index 0286c8f58..da105b469 100644
--- a/src/_updown_espmark/Makefile.in
+++ b/src/_updown_espmark/Makefile.in
@@ -98,6 +98,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -110,6 +111,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -120,8 +122,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -143,6 +149,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -152,6 +159,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -165,9 +174,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -182,6 +195,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
dist_ipsec_SCRIPTS = _updown_espmark
dist_man8_MANS = _updown_espmark.8
all: all-am
diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am
index 9522b6e6d..a64d9fa70 100644
--- a/src/charon/Makefile.am
+++ b/src/charon/Makefile.am
@@ -1,87 +1,144 @@
-# SUBDIRS = . testing
-eap_LTLIBRARIES = libeapidentity.la
-
-# always build EAP Identity module
-libeapidentity_la_SOURCES = sa/authenticators/eap/eap_identity.h sa/authenticators/eap/eap_identity.c
-libeapidentity_la_LDFLAGS = -module
-
-# build optional EAP modules
-if BUILD_EAP_SIM
- eap_LTLIBRARIES += libeapsim.la
- libeapsim_la_SOURCES = sa/authenticators/eap/eap_sim.h sa/authenticators/eap/eap_sim.c
- libeapsim_la_LDFLAGS = -module
-endif
ipsec_PROGRAMS = charon
charon_SOURCES = \
bus/bus.c bus/bus.h \
-bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
bus/listeners/file_logger.c bus/listeners/file_logger.h \
-config/connections/connection.c config/connections/connection.h \
-config/connections/local_connection_store.c config/connections/local_connection_store.h config/connections/connection_store.h \
-config/policies/policy.c config/policies/policy.h \
-config/policies/local_policy_store.c config/policies/policy_store.h config/policies/local_policy_store.h \
+bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
+config/backends/backend.h config/backends/writeable_backend.h \
+config/backend_manager.c config/backend_manager.h \
+config/child_cfg.c config/child_cfg.h \
config/credentials/local_credential_store.c config/credentials/local_credential_store.h \
+config/ike_cfg.c config/ike_cfg.h \
+config/peer_cfg.c config/peer_cfg.h \
+config/proposal.c config/proposal.h \
config/traffic_selector.c config/traffic_selector.h \
-config/proposal.c config/proposal.h config/configuration.c config/configuration.h \
-sa/authenticators/eap_authenticator.h sa/authenticators/eap_authenticator.c \
-sa/authenticators/eap/eap_method.h sa/authenticators/eap/eap_method.c \
-sa/child_sa.c sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_manager.c sa/ike_sa_manager.h \
-sa/ike_sa_id.c sa/ike_sa_id.h sa/tasks/task.c sa/tasks/task.h \
-sa/tasks/ike_init.c sa/tasks/ike_init.h \
-sa/tasks/ike_natd.c sa/tasks/ike_natd.h \
+control/interfaces/interface.h \
+control/interface_manager.c control/interface_manager.h \
+daemon.c daemon.h \
+encoding/generator.c encoding/generator.h \
+encoding/message.c encoding/message.h \
+encoding/parser.c encoding/parser.h \
+encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \
+encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \
+encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \
+encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \
+encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
+encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
+encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
+encoding/payloads/encodings.c encoding/payloads/encodings.h \
+encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \
+encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
+encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
+encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
+encoding/payloads/nonce_payload.c encoding/payloads/nonce_payload.h \
+encoding/payloads/notify_payload.c encoding/payloads/notify_payload.h \
+encoding/payloads/payload.c encoding/payloads/payload.h \
+encoding/payloads/proposal_substructure.c encoding/payloads/proposal_substructure.h \
+encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
+encoding/payloads/traffic_selector_substructure.c encoding/payloads/traffic_selector_substructure.h \
+encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \
+encoding/payloads/transform_substructure.c encoding/payloads/transform_substructure.h \
+encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
+encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \
+encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \
+kernel/kernel_interface.c kernel/kernel_interface.h \
+network/packet.c network/packet.h \
+network/receiver.c network/receiver.h \
+network/sender.c network/sender.h \
+network/socket.c network/socket.h \
+processing/event_queue.c processing/event_queue.h \
+processing/job_queue.c processing/job_queue.h \
+processing/jobs/acquire_job.c processing/jobs/acquire_job.h \
+processing/jobs/delete_child_sa_job.c processing/jobs/delete_child_sa_job.h \
+processing/jobs/delete_ike_sa_job.c processing/jobs/delete_ike_sa_job.h \
+processing/jobs/job.c processing/jobs/job.h \
+processing/jobs/process_message_job.c processing/jobs/process_message_job.h \
+processing/jobs/rekey_child_sa_job.c processing/jobs/rekey_child_sa_job.h \
+processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \
+processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \
+processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
+processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \
+processing/scheduler.c processing/scheduler.h \
+processing/thread_pool.c processing/thread_pool.h \
+sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
+sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
+sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
+sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
+sa/authenticators/rsa_authenticator.c sa/authenticators/rsa_authenticator.h \
+sa/child_sa.c sa/child_sa.h \
+sa/ike_sa.c sa/ike_sa.h \
+sa/ike_sa_id.c sa/ike_sa_id.h \
+sa/ike_sa_manager.c sa/ike_sa_manager.h \
+sa/task_manager.c sa/task_manager.h \
+sa/tasks/child_create.c sa/tasks/child_create.h \
+sa/tasks/child_delete.c sa/tasks/child_delete.h \
+sa/tasks/child_rekey.c sa/tasks/child_rekey.h \
sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
-sa/tasks/ike_config.c sa/tasks/ike_config.h \
sa/tasks/ike_cert.c sa/tasks/ike_cert.h \
-sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
+sa/tasks/ike_config.c sa/tasks/ike_config.h \
sa/tasks/ike_delete.c sa/tasks/ike_delete.h \
sa/tasks/ike_dpd.c sa/tasks/ike_dpd.h \
-sa/tasks/child_create.c sa/tasks/child_create.h \
-sa/tasks/child_delete.c sa/tasks/child_delete.h \
-sa/tasks/child_rekey.c sa/tasks/child_rekey.h \
-sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
-sa/authenticators/rsa_authenticator.c sa/authenticators/rsa_authenticator.h \
-sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
-sa/task_manager.c sa/task_manager.h encoding/payloads/encryption_payload.c \
-encoding/payloads/cert_payload.c encoding/payloads/payload.h encoding/payloads/traffic_selector_substructure.c \
-encoding/payloads/configuration_attribute.h encoding/payloads/proposal_substructure.h \
-encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \
-encoding/payloads/configuration_attribute.c encoding/payloads/transform_substructure.c \
-encoding/payloads/encryption_payload.h encoding/payloads/auth_payload.c encoding/payloads/ike_header.c \
-encoding/payloads/transform_substructure.h encoding/payloads/nonce_payload.c encoding/payloads/cert_payload.h \
-encoding/payloads/eap_payload.c encoding/payloads/ike_header.h encoding/payloads/auth_payload.h \
-encoding/payloads/ts_payload.c encoding/payloads/traffic_selector_substructure.h encoding/payloads/nonce_payload.h \
-encoding/payloads/notify_payload.c encoding/payloads/eap_payload.h encoding/payloads/notify_payload.h \
-encoding/payloads/ts_payload.h encoding/payloads/id_payload.c encoding/payloads/ke_payload.c \
-encoding/payloads/unknown_payload.c encoding/payloads/encodings.c encoding/payloads/id_payload.h \
-encoding/payloads/cp_payload.c encoding/payloads/delete_payload.c encoding/payloads/sa_payload.c \
-encoding/payloads/ke_payload.h encoding/payloads/unknown_payload.h encoding/payloads/encodings.h \
-encoding/payloads/certreq_payload.c encoding/payloads/cp_payload.h encoding/payloads/delete_payload.h \
-encoding/payloads/sa_payload.h encoding/payloads/vendor_id_payload.c encoding/payloads/certreq_payload.h \
-encoding/payloads/vendor_id_payload.h encoding/payloads/proposal_substructure.c encoding/payloads/payload.c \
-encoding/parser.h encoding/message.c encoding/generator.c encoding/message.h encoding/generator.h \
-encoding/parser.c daemon.c daemon.h network/packet.c \
-network/socket.c network/packet.h network/socket.h queues/jobs/job.h queues/jobs/job.c \
-queues/jobs/retransmit_job.h queues/jobs/initiate_job.h \
-queues/jobs/process_message_job.h queues/jobs/process_message_job.c \
-queues/jobs/delete_ike_sa_job.c queues/jobs/delete_ike_sa_job.h \
-queues/jobs/retransmit_job.c queues/jobs/initiate_job.c \
-queues/jobs/send_keepalive_job.c queues/jobs/send_keepalive_job.h \
-queues/jobs/rekey_child_sa_job.c queues/jobs/rekey_child_sa_job.h queues/jobs/delete_child_sa_job.c queues/jobs/delete_child_sa_job.h \
-queues/jobs/send_dpd_job.c queues/jobs/send_dpd_job.h queues/jobs/route_job.c queues/jobs/route_job.h \
-queues/jobs/acquire_job.c queues/jobs/acquire_job.h queues/jobs/rekey_ike_sa_job.c queues/jobs/rekey_ike_sa_job.h \
-queues/job_queue.c queues/event_queue.c queues/job_queue.h queues/event_queue.h \
-threads/kernel_interface.c threads/thread_pool.c threads/scheduler.c threads/sender.c \
-threads/sender.h threads/kernel_interface.h threads/scheduler.h threads/receiver.c threads/stroke_interface.c \
-threads/thread_pool.h threads/receiver.h threads/stroke_interface.h
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke
-AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\"
+sa/tasks/ike_init.c sa/tasks/ike_init.h \
+sa/tasks/ike_natd.c sa/tasks/ike_natd.h \
+sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
+sa/tasks/task.c sa/tasks/task.h
+
+
+INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke
+AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_PIDDIR=\"${piddir}\" \
+ -DIPSEC_EAPDIR=\"${eapdir}\" -DIPSEC_BACKENDDIR=\"${backenddir}\" -DIPSEC_INTERFACEDIR=\"${interfacedir}\"
charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lgmp -lpthread -lm -ldl
if USE_LIBCURL
- charon_LDADD += -lcurl
+ charon_LDADD += -lcurl
+endif
+
+
+# build EAP plugins, EAP-Identity is always built
+#################################################
+eap_LTLIBRARIES =
+
+eap_LTLIBRARIES += libeapidentity.la
+libeapidentity_la_SOURCES = sa/authenticators/eap/eap_identity.h sa/authenticators/eap/eap_identity.c
+libeapidentity_la_LDFLAGS = -module
+
+if BUILD_EAP_SIM
+ eap_LTLIBRARIES += libeapsim.la
+ libeapsim_la_SOURCES = sa/authenticators/eap/eap_sim.h sa/authenticators/eap/eap_sim.c
+ libeapsim_la_LDFLAGS = -module
+endif
+
+# build backends, local backend is always built
+###############################################
+backend_LTLIBRARIES =
+
+backend_LTLIBRARIES += liblocal.la
+liblocal_la_SOURCES = config/backends/local_backend.h config/backends/local_backend.c
+liblocal_la_LDFLAGS = -module
+
+# build control interfaces, stroke interface is always built
+############################################################
+interface_LTLIBRARIES =
+
+interface_LTLIBRARIES += libstroke.la
+libstroke_la_SOURCES = control/interfaces/stroke_interface.h control/interfaces/stroke_interface.c
+libstroke_la_LDFLAGS = -module
+
+if USE_LIBDBUS
+ interface_LTLIBRARIES += libdbus.la
+ libdbus_la_SOURCES = control/interfaces/dbus_interface.h control/interfaces/dbus_interface.c
+ libdbus_la_LDFLAGS = -module
+ libdbus_la_LIBADD = ${dbus_LIBS}
+ INCLUDES += ${dbus_CFLAGS}
+endif
+
+if USE_LIBXML
+ interface_LTLIBRARIES += libxml.la
+ libxml_la_SOURCES = control/interfaces/xml_interface.h control/interfaces/xml_interface.c
+ libxml_la_LDFLAGS = -module
+ libxml_la_LIBADD = ${xml_LIBS}
+ INCLUDES += ${xml_CFLAGS}
endif
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index 0f2979d32..9f4177f60 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -14,8 +14,6 @@
@SET_MAKE@
-# SUBDIRS = . testing
-
srcdir = @srcdir@
top_srcdir = @top_srcdir@
@@ -39,11 +37,13 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-
-# build optional EAP modules
-@BUILD_EAP_SIM_TRUE@am__append_1 = libeapsim.la
ipsec_PROGRAMS = charon$(EXEEXT)
-@USE_LIBCURL_TRUE@am__append_2 = -lcurl
+@USE_LIBCURL_TRUE@am__append_1 = -lcurl
+@BUILD_EAP_SIM_TRUE@am__append_2 = libeapsim.la
+@USE_LIBDBUS_TRUE@am__append_3 = libdbus.la
+@USE_LIBDBUS_TRUE@am__append_4 = ${dbus_CFLAGS}
+@USE_LIBXML_TRUE@am__append_5 = libxml.la
+@USE_LIBXML_TRUE@am__append_6 = ${xml_CFLAGS}
subdir = src/charon
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -58,9 +58,20 @@ am__vpath_adj = case $$p in \
*) f=$$p;; \
esac;
am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(eapdir)" "$(DESTDIR)$(ipsecdir)"
+am__installdirs = "$(DESTDIR)$(backenddir)" "$(DESTDIR)$(eapdir)" \
+ "$(DESTDIR)$(interfacedir)" "$(DESTDIR)$(ipsecdir)"
+backendLTLIBRARIES_INSTALL = $(INSTALL)
eapLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(eap_LTLIBRARIES)
+interfaceLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(backend_LTLIBRARIES) $(eap_LTLIBRARIES) \
+ $(interface_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+@USE_LIBDBUS_TRUE@libdbus_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
+am__libdbus_la_SOURCES_DIST = control/interfaces/dbus_interface.h \
+ control/interfaces/dbus_interface.c
+@USE_LIBDBUS_TRUE@am_libdbus_la_OBJECTS = dbus_interface.lo
+libdbus_la_OBJECTS = $(am_libdbus_la_OBJECTS)
+@USE_LIBDBUS_TRUE@am_libdbus_la_rpath = -rpath $(interfacedir)
libeapidentity_la_LIBADD =
am_libeapidentity_la_OBJECTS = eap_identity.lo
libeapidentity_la_OBJECTS = $(am_libeapidentity_la_OBJECTS)
@@ -70,49 +81,56 @@ am__libeapsim_la_SOURCES_DIST = sa/authenticators/eap/eap_sim.h \
@BUILD_EAP_SIM_TRUE@am_libeapsim_la_OBJECTS = eap_sim.lo
libeapsim_la_OBJECTS = $(am_libeapsim_la_OBJECTS)
@BUILD_EAP_SIM_TRUE@am_libeapsim_la_rpath = -rpath $(eapdir)
+liblocal_la_LIBADD =
+am_liblocal_la_OBJECTS = local_backend.lo
+liblocal_la_OBJECTS = $(am_liblocal_la_OBJECTS)
+libstroke_la_LIBADD =
+am_libstroke_la_OBJECTS = stroke_interface.lo
+libstroke_la_OBJECTS = $(am_libstroke_la_OBJECTS)
+@USE_LIBXML_TRUE@libxml_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
+am__libxml_la_SOURCES_DIST = control/interfaces/xml_interface.h \
+ control/interfaces/xml_interface.c
+@USE_LIBXML_TRUE@am_libxml_la_OBJECTS = xml_interface.lo
+libxml_la_OBJECTS = $(am_libxml_la_OBJECTS)
+@USE_LIBXML_TRUE@am_libxml_la_rpath = -rpath $(interfacedir)
ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(ipsec_PROGRAMS)
-am_charon_OBJECTS = bus.$(OBJEXT) sys_logger.$(OBJEXT) \
- file_logger.$(OBJEXT) connection.$(OBJEXT) \
- local_connection_store.$(OBJEXT) policy.$(OBJEXT) \
- local_policy_store.$(OBJEXT) local_credential_store.$(OBJEXT) \
- traffic_selector.$(OBJEXT) proposal.$(OBJEXT) \
- configuration.$(OBJEXT) eap_authenticator.$(OBJEXT) \
- eap_method.$(OBJEXT) child_sa.$(OBJEXT) ike_sa.$(OBJEXT) \
- ike_sa_manager.$(OBJEXT) ike_sa_id.$(OBJEXT) task.$(OBJEXT) \
- ike_init.$(OBJEXT) ike_natd.$(OBJEXT) ike_auth.$(OBJEXT) \
- ike_config.$(OBJEXT) ike_cert.$(OBJEXT) ike_rekey.$(OBJEXT) \
- ike_delete.$(OBJEXT) ike_dpd.$(OBJEXT) child_create.$(OBJEXT) \
+am_charon_OBJECTS = bus.$(OBJEXT) file_logger.$(OBJEXT) \
+ sys_logger.$(OBJEXT) backend_manager.$(OBJEXT) \
+ child_cfg.$(OBJEXT) local_credential_store.$(OBJEXT) \
+ ike_cfg.$(OBJEXT) peer_cfg.$(OBJEXT) proposal.$(OBJEXT) \
+ traffic_selector.$(OBJEXT) interface_manager.$(OBJEXT) \
+ daemon.$(OBJEXT) generator.$(OBJEXT) message.$(OBJEXT) \
+ parser.$(OBJEXT) auth_payload.$(OBJEXT) cert_payload.$(OBJEXT) \
+ certreq_payload.$(OBJEXT) configuration_attribute.$(OBJEXT) \
+ cp_payload.$(OBJEXT) delete_payload.$(OBJEXT) \
+ eap_payload.$(OBJEXT) encodings.$(OBJEXT) \
+ encryption_payload.$(OBJEXT) id_payload.$(OBJEXT) \
+ ike_header.$(OBJEXT) ke_payload.$(OBJEXT) \
+ nonce_payload.$(OBJEXT) notify_payload.$(OBJEXT) \
+ payload.$(OBJEXT) proposal_substructure.$(OBJEXT) \
+ sa_payload.$(OBJEXT) traffic_selector_substructure.$(OBJEXT) \
+ transform_attribute.$(OBJEXT) transform_substructure.$(OBJEXT) \
+ ts_payload.$(OBJEXT) unknown_payload.$(OBJEXT) \
+ vendor_id_payload.$(OBJEXT) kernel_interface.$(OBJEXT) \
+ packet.$(OBJEXT) receiver.$(OBJEXT) sender.$(OBJEXT) \
+ socket.$(OBJEXT) event_queue.$(OBJEXT) job_queue.$(OBJEXT) \
+ acquire_job.$(OBJEXT) delete_child_sa_job.$(OBJEXT) \
+ delete_ike_sa_job.$(OBJEXT) job.$(OBJEXT) \
+ process_message_job.$(OBJEXT) rekey_child_sa_job.$(OBJEXT) \
+ rekey_ike_sa_job.$(OBJEXT) retransmit_job.$(OBJEXT) \
+ send_dpd_job.$(OBJEXT) send_keepalive_job.$(OBJEXT) \
+ scheduler.$(OBJEXT) thread_pool.$(OBJEXT) \
+ authenticator.$(OBJEXT) eap_authenticator.$(OBJEXT) \
+ eap_method.$(OBJEXT) psk_authenticator.$(OBJEXT) \
+ rsa_authenticator.$(OBJEXT) child_sa.$(OBJEXT) \
+ ike_sa.$(OBJEXT) ike_sa_id.$(OBJEXT) ike_sa_manager.$(OBJEXT) \
+ task_manager.$(OBJEXT) child_create.$(OBJEXT) \
child_delete.$(OBJEXT) child_rekey.$(OBJEXT) \
- authenticator.$(OBJEXT) rsa_authenticator.$(OBJEXT) \
- psk_authenticator.$(OBJEXT) task_manager.$(OBJEXT) \
- encryption_payload.$(OBJEXT) cert_payload.$(OBJEXT) \
- traffic_selector_substructure.$(OBJEXT) \
- transform_attribute.$(OBJEXT) \
- configuration_attribute.$(OBJEXT) \
- transform_substructure.$(OBJEXT) auth_payload.$(OBJEXT) \
- ike_header.$(OBJEXT) nonce_payload.$(OBJEXT) \
- eap_payload.$(OBJEXT) ts_payload.$(OBJEXT) \
- notify_payload.$(OBJEXT) id_payload.$(OBJEXT) \
- ke_payload.$(OBJEXT) unknown_payload.$(OBJEXT) \
- encodings.$(OBJEXT) cp_payload.$(OBJEXT) \
- delete_payload.$(OBJEXT) sa_payload.$(OBJEXT) \
- certreq_payload.$(OBJEXT) vendor_id_payload.$(OBJEXT) \
- proposal_substructure.$(OBJEXT) payload.$(OBJEXT) \
- message.$(OBJEXT) generator.$(OBJEXT) parser.$(OBJEXT) \
- daemon.$(OBJEXT) packet.$(OBJEXT) socket.$(OBJEXT) \
- job.$(OBJEXT) process_message_job.$(OBJEXT) \
- delete_ike_sa_job.$(OBJEXT) retransmit_job.$(OBJEXT) \
- initiate_job.$(OBJEXT) send_keepalive_job.$(OBJEXT) \
- rekey_child_sa_job.$(OBJEXT) delete_child_sa_job.$(OBJEXT) \
- send_dpd_job.$(OBJEXT) route_job.$(OBJEXT) \
- acquire_job.$(OBJEXT) rekey_ike_sa_job.$(OBJEXT) \
- job_queue.$(OBJEXT) event_queue.$(OBJEXT) \
- kernel_interface.$(OBJEXT) thread_pool.$(OBJEXT) \
- scheduler.$(OBJEXT) sender.$(OBJEXT) receiver.$(OBJEXT) \
- stroke_interface.$(OBJEXT)
+ ike_auth.$(OBJEXT) ike_cert.$(OBJEXT) ike_config.$(OBJEXT) \
+ ike_delete.$(OBJEXT) ike_dpd.$(OBJEXT) ike_init.$(OBJEXT) \
+ ike_natd.$(OBJEXT) ike_rekey.$(OBJEXT) task.$(OBJEXT)
charon_OBJECTS = $(am_charon_OBJECTS)
-am__DEPENDENCIES_1 =
charon_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(am__DEPENDENCIES_1)
@@ -127,10 +145,13 @@ LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
CCLD = $(CC)
LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
-SOURCES = $(libeapidentity_la_SOURCES) $(libeapsim_la_SOURCES) \
- $(charon_SOURCES)
-DIST_SOURCES = $(libeapidentity_la_SOURCES) \
- $(am__libeapsim_la_SOURCES_DIST) $(charon_SOURCES)
+SOURCES = $(libdbus_la_SOURCES) $(libeapidentity_la_SOURCES) \
+ $(libeapsim_la_SOURCES) $(liblocal_la_SOURCES) \
+ $(libstroke_la_SOURCES) $(libxml_la_SOURCES) $(charon_SOURCES)
+DIST_SOURCES = $(am__libdbus_la_SOURCES_DIST) \
+ $(libeapidentity_la_SOURCES) $(am__libeapsim_la_SOURCES_DIST) \
+ $(liblocal_la_SOURCES) $(libstroke_la_SOURCES) \
+ $(am__libxml_la_SOURCES_DIST) $(charon_SOURCES)
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -178,6 +199,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -190,6 +212,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -200,8 +223,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -223,6 +250,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -232,6 +260,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -245,9 +275,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -262,79 +296,125 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
-eap_LTLIBRARIES = libeapidentity.la $(am__append_1)
-
-# always build EAP Identity module
-libeapidentity_la_SOURCES = sa/authenticators/eap/eap_identity.h sa/authenticators/eap/eap_identity.c
-libeapidentity_la_LDFLAGS = -module
-@BUILD_EAP_SIM_TRUE@libeapsim_la_SOURCES = sa/authenticators/eap/eap_sim.h sa/authenticators/eap/eap_sim.c
-@BUILD_EAP_SIM_TRUE@libeapsim_la_LDFLAGS = -module
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
charon_SOURCES = \
bus/bus.c bus/bus.h \
-bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
bus/listeners/file_logger.c bus/listeners/file_logger.h \
-config/connections/connection.c config/connections/connection.h \
-config/connections/local_connection_store.c config/connections/local_connection_store.h config/connections/connection_store.h \
-config/policies/policy.c config/policies/policy.h \
-config/policies/local_policy_store.c config/policies/policy_store.h config/policies/local_policy_store.h \
+bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
+config/backends/backend.h config/backends/writeable_backend.h \
+config/backend_manager.c config/backend_manager.h \
+config/child_cfg.c config/child_cfg.h \
config/credentials/local_credential_store.c config/credentials/local_credential_store.h \
+config/ike_cfg.c config/ike_cfg.h \
+config/peer_cfg.c config/peer_cfg.h \
+config/proposal.c config/proposal.h \
config/traffic_selector.c config/traffic_selector.h \
-config/proposal.c config/proposal.h config/configuration.c config/configuration.h \
-sa/authenticators/eap_authenticator.h sa/authenticators/eap_authenticator.c \
-sa/authenticators/eap/eap_method.h sa/authenticators/eap/eap_method.c \
-sa/child_sa.c sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_manager.c sa/ike_sa_manager.h \
-sa/ike_sa_id.c sa/ike_sa_id.h sa/tasks/task.c sa/tasks/task.h \
-sa/tasks/ike_init.c sa/tasks/ike_init.h \
-sa/tasks/ike_natd.c sa/tasks/ike_natd.h \
+control/interfaces/interface.h \
+control/interface_manager.c control/interface_manager.h \
+daemon.c daemon.h \
+encoding/generator.c encoding/generator.h \
+encoding/message.c encoding/message.h \
+encoding/parser.c encoding/parser.h \
+encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \
+encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \
+encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \
+encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \
+encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
+encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
+encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
+encoding/payloads/encodings.c encoding/payloads/encodings.h \
+encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \
+encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
+encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
+encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
+encoding/payloads/nonce_payload.c encoding/payloads/nonce_payload.h \
+encoding/payloads/notify_payload.c encoding/payloads/notify_payload.h \
+encoding/payloads/payload.c encoding/payloads/payload.h \
+encoding/payloads/proposal_substructure.c encoding/payloads/proposal_substructure.h \
+encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
+encoding/payloads/traffic_selector_substructure.c encoding/payloads/traffic_selector_substructure.h \
+encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \
+encoding/payloads/transform_substructure.c encoding/payloads/transform_substructure.h \
+encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
+encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \
+encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \
+kernel/kernel_interface.c kernel/kernel_interface.h \
+network/packet.c network/packet.h \
+network/receiver.c network/receiver.h \
+network/sender.c network/sender.h \
+network/socket.c network/socket.h \
+processing/event_queue.c processing/event_queue.h \
+processing/job_queue.c processing/job_queue.h \
+processing/jobs/acquire_job.c processing/jobs/acquire_job.h \
+processing/jobs/delete_child_sa_job.c processing/jobs/delete_child_sa_job.h \
+processing/jobs/delete_ike_sa_job.c processing/jobs/delete_ike_sa_job.h \
+processing/jobs/job.c processing/jobs/job.h \
+processing/jobs/process_message_job.c processing/jobs/process_message_job.h \
+processing/jobs/rekey_child_sa_job.c processing/jobs/rekey_child_sa_job.h \
+processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \
+processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \
+processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
+processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \
+processing/scheduler.c processing/scheduler.h \
+processing/thread_pool.c processing/thread_pool.h \
+sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
+sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
+sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
+sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
+sa/authenticators/rsa_authenticator.c sa/authenticators/rsa_authenticator.h \
+sa/child_sa.c sa/child_sa.h \
+sa/ike_sa.c sa/ike_sa.h \
+sa/ike_sa_id.c sa/ike_sa_id.h \
+sa/ike_sa_manager.c sa/ike_sa_manager.h \
+sa/task_manager.c sa/task_manager.h \
+sa/tasks/child_create.c sa/tasks/child_create.h \
+sa/tasks/child_delete.c sa/tasks/child_delete.h \
+sa/tasks/child_rekey.c sa/tasks/child_rekey.h \
sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
-sa/tasks/ike_config.c sa/tasks/ike_config.h \
sa/tasks/ike_cert.c sa/tasks/ike_cert.h \
-sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
+sa/tasks/ike_config.c sa/tasks/ike_config.h \
sa/tasks/ike_delete.c sa/tasks/ike_delete.h \
sa/tasks/ike_dpd.c sa/tasks/ike_dpd.h \
-sa/tasks/child_create.c sa/tasks/child_create.h \
-sa/tasks/child_delete.c sa/tasks/child_delete.h \
-sa/tasks/child_rekey.c sa/tasks/child_rekey.h \
-sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
-sa/authenticators/rsa_authenticator.c sa/authenticators/rsa_authenticator.h \
-sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
-sa/task_manager.c sa/task_manager.h encoding/payloads/encryption_payload.c \
-encoding/payloads/cert_payload.c encoding/payloads/payload.h encoding/payloads/traffic_selector_substructure.c \
-encoding/payloads/configuration_attribute.h encoding/payloads/proposal_substructure.h \
-encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \
-encoding/payloads/configuration_attribute.c encoding/payloads/transform_substructure.c \
-encoding/payloads/encryption_payload.h encoding/payloads/auth_payload.c encoding/payloads/ike_header.c \
-encoding/payloads/transform_substructure.h encoding/payloads/nonce_payload.c encoding/payloads/cert_payload.h \
-encoding/payloads/eap_payload.c encoding/payloads/ike_header.h encoding/payloads/auth_payload.h \
-encoding/payloads/ts_payload.c encoding/payloads/traffic_selector_substructure.h encoding/payloads/nonce_payload.h \
-encoding/payloads/notify_payload.c encoding/payloads/eap_payload.h encoding/payloads/notify_payload.h \
-encoding/payloads/ts_payload.h encoding/payloads/id_payload.c encoding/payloads/ke_payload.c \
-encoding/payloads/unknown_payload.c encoding/payloads/encodings.c encoding/payloads/id_payload.h \
-encoding/payloads/cp_payload.c encoding/payloads/delete_payload.c encoding/payloads/sa_payload.c \
-encoding/payloads/ke_payload.h encoding/payloads/unknown_payload.h encoding/payloads/encodings.h \
-encoding/payloads/certreq_payload.c encoding/payloads/cp_payload.h encoding/payloads/delete_payload.h \
-encoding/payloads/sa_payload.h encoding/payloads/vendor_id_payload.c encoding/payloads/certreq_payload.h \
-encoding/payloads/vendor_id_payload.h encoding/payloads/proposal_substructure.c encoding/payloads/payload.c \
-encoding/parser.h encoding/message.c encoding/generator.c encoding/message.h encoding/generator.h \
-encoding/parser.c daemon.c daemon.h network/packet.c \
-network/socket.c network/packet.h network/socket.h queues/jobs/job.h queues/jobs/job.c \
-queues/jobs/retransmit_job.h queues/jobs/initiate_job.h \
-queues/jobs/process_message_job.h queues/jobs/process_message_job.c \
-queues/jobs/delete_ike_sa_job.c queues/jobs/delete_ike_sa_job.h \
-queues/jobs/retransmit_job.c queues/jobs/initiate_job.c \
-queues/jobs/send_keepalive_job.c queues/jobs/send_keepalive_job.h \
-queues/jobs/rekey_child_sa_job.c queues/jobs/rekey_child_sa_job.h queues/jobs/delete_child_sa_job.c queues/jobs/delete_child_sa_job.h \
-queues/jobs/send_dpd_job.c queues/jobs/send_dpd_job.h queues/jobs/route_job.c queues/jobs/route_job.h \
-queues/jobs/acquire_job.c queues/jobs/acquire_job.h queues/jobs/rekey_ike_sa_job.c queues/jobs/rekey_ike_sa_job.h \
-queues/job_queue.c queues/event_queue.c queues/job_queue.h queues/event_queue.h \
-threads/kernel_interface.c threads/thread_pool.c threads/scheduler.c threads/sender.c \
-threads/sender.h threads/kernel_interface.h threads/scheduler.h threads/receiver.c threads/stroke_interface.c \
-threads/thread_pool.h threads/receiver.h threads/stroke_interface.h
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke
-AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\"
+sa/tasks/ike_init.c sa/tasks/ike_init.h \
+sa/tasks/ike_natd.c sa/tasks/ike_natd.h \
+sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
+sa/tasks/task.c sa/tasks/task.h
+
+INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke \
+ $(am__append_4) $(am__append_6)
+AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_PIDDIR=\"${piddir}\" \
+ -DIPSEC_EAPDIR=\"${eapdir}\" -DIPSEC_BACKENDDIR=\"${backenddir}\" -DIPSEC_INTERFACEDIR=\"${interfacedir}\"
+
charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
- -lgmp -lpthread -lm -ldl $(am__append_2)
+ -lgmp -lpthread -lm -ldl $(am__append_1)
+
+# build EAP plugins, EAP-Identity is always built
+#################################################
+eap_LTLIBRARIES = libeapidentity.la $(am__append_2)
+libeapidentity_la_SOURCES = sa/authenticators/eap/eap_identity.h sa/authenticators/eap/eap_identity.c
+libeapidentity_la_LDFLAGS = -module
+@BUILD_EAP_SIM_TRUE@libeapsim_la_SOURCES = sa/authenticators/eap/eap_sim.h sa/authenticators/eap/eap_sim.c
+@BUILD_EAP_SIM_TRUE@libeapsim_la_LDFLAGS = -module
+
+# build backends, local backend is always built
+###############################################
+backend_LTLIBRARIES = liblocal.la
+liblocal_la_SOURCES = config/backends/local_backend.h config/backends/local_backend.c
+liblocal_la_LDFLAGS = -module
+
+# build control interfaces, stroke interface is always built
+############################################################
+interface_LTLIBRARIES = libstroke.la $(am__append_3) $(am__append_5)
+libstroke_la_SOURCES = control/interfaces/stroke_interface.h control/interfaces/stroke_interface.c
+libstroke_la_LDFLAGS = -module
+@USE_LIBDBUS_TRUE@libdbus_la_SOURCES = control/interfaces/dbus_interface.h control/interfaces/dbus_interface.c
+@USE_LIBDBUS_TRUE@libdbus_la_LDFLAGS = -module
+@USE_LIBDBUS_TRUE@libdbus_la_LIBADD = ${dbus_LIBS}
+@USE_LIBXML_TRUE@libxml_la_SOURCES = control/interfaces/xml_interface.h control/interfaces/xml_interface.c
+@USE_LIBXML_TRUE@libxml_la_LDFLAGS = -module
+@USE_LIBXML_TRUE@libxml_la_LIBADD = ${xml_LIBS}
all: all-am
.SUFFIXES:
@@ -368,6 +448,33 @@ $(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-backendLTLIBRARIES: $(backend_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(backenddir)" || $(mkdir_p) "$(DESTDIR)$(backenddir)"
+ @list='$(backend_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(backendLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(backenddir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(backendLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(backenddir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-backendLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @set -x; list='$(backend_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(backenddir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(backenddir)/$$p"; \
+ done
+
+clean-backendLTLIBRARIES:
+ -test -z "$(backend_LTLIBRARIES)" || rm -f $(backend_LTLIBRARIES)
+ @list='$(backend_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
install-eapLTLIBRARIES: $(eap_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(eapdir)" || $(mkdir_p) "$(DESTDIR)$(eapdir)"
@@ -395,10 +502,45 @@ clean-eapLTLIBRARIES:
echo "rm -f \"$${dir}/so_locations\""; \
rm -f "$${dir}/so_locations"; \
done
+install-interfaceLTLIBRARIES: $(interface_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(interfacedir)" || $(mkdir_p) "$(DESTDIR)$(interfacedir)"
+ @list='$(interface_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(interfaceLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(interfacedir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(interfaceLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(interfacedir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-interfaceLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @set -x; list='$(interface_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(interfacedir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(interfacedir)/$$p"; \
+ done
+
+clean-interfaceLTLIBRARIES:
+ -test -z "$(interface_LTLIBRARIES)" || rm -f $(interface_LTLIBRARIES)
+ @list='$(interface_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libdbus.la: $(libdbus_la_OBJECTS) $(libdbus_la_DEPENDENCIES)
+ $(LINK) $(am_libdbus_la_rpath) $(libdbus_la_LDFLAGS) $(libdbus_la_OBJECTS) $(libdbus_la_LIBADD) $(LIBS)
libeapidentity.la: $(libeapidentity_la_OBJECTS) $(libeapidentity_la_DEPENDENCIES)
$(LINK) -rpath $(eapdir) $(libeapidentity_la_LDFLAGS) $(libeapidentity_la_OBJECTS) $(libeapidentity_la_LIBADD) $(LIBS)
libeapsim.la: $(libeapsim_la_OBJECTS) $(libeapsim_la_DEPENDENCIES)
$(LINK) $(am_libeapsim_la_rpath) $(libeapsim_la_LDFLAGS) $(libeapsim_la_OBJECTS) $(libeapsim_la_LIBADD) $(LIBS)
+liblocal.la: $(liblocal_la_OBJECTS) $(liblocal_la_DEPENDENCIES)
+ $(LINK) -rpath $(backenddir) $(liblocal_la_LDFLAGS) $(liblocal_la_OBJECTS) $(liblocal_la_LIBADD) $(LIBS)
+libstroke.la: $(libstroke_la_OBJECTS) $(libstroke_la_DEPENDENCIES)
+ $(LINK) -rpath $(interfacedir) $(libstroke_la_LDFLAGS) $(libstroke_la_OBJECTS) $(libstroke_la_LIBADD) $(LIBS)
+libxml.la: $(libxml_la_OBJECTS) $(libxml_la_DEPENDENCIES)
+ $(LINK) $(am_libxml_la_rpath) $(libxml_la_LDFLAGS) $(libxml_la_OBJECTS) $(libxml_la_LIBADD) $(LIBS)
install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
@$(NORMAL_INSTALL)
test -z "$(ipsecdir)" || $(mkdir_p) "$(DESTDIR)$(ipsecdir)"
@@ -440,18 +582,19 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/acquire_job.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_payload.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authenticator.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/backend_manager.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bus.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_payload.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certreq_payload.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_cfg.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_create.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_delete.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_rekey.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_sa.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/configuration.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/configuration_attribute.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/connection.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cp_payload.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/daemon.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dbus_interface.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_child_sa_job.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_ike_sa_job.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_payload.Po@am__quote@
@@ -468,6 +611,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id_payload.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cert.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cfg.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_config.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_delete.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_dpd.Po@am__quote@
@@ -478,21 +622,20 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_id.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initiate_job.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/interface_manager.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/job.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/job_queue.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ke_payload.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_interface.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/local_connection_store.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/local_backend.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/local_credential_store.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/local_policy_store.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/message.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nonce_payload.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/notify_payload.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parser.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/policy.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/peer_cfg.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/process_message_job.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal_substructure.Po@am__quote@
@@ -501,7 +644,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_child_sa_job.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_ike_sa_job.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/retransmit_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/route_job.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa_authenticator.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sa_payload.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scheduler.Po@am__quote@
@@ -509,7 +651,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_keepalive_job.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sender.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_interface.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_interface.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sys_logger.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task_manager.Po@am__quote@
@@ -521,6 +663,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ts_payload.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unknown_payload.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vendor_id_payload.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xml_interface.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
@@ -543,6 +686,13 @@ distclean-compile:
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+dbus_interface.lo: control/interfaces/dbus_interface.c
+@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT dbus_interface.lo -MD -MP -MF "$(DEPDIR)/dbus_interface.Tpo" -c -o dbus_interface.lo `test -f 'control/interfaces/dbus_interface.c' || echo '$(srcdir)/'`control/interfaces/dbus_interface.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/dbus_interface.Tpo" "$(DEPDIR)/dbus_interface.Plo"; else rm -f "$(DEPDIR)/dbus_interface.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='control/interfaces/dbus_interface.c' object='dbus_interface.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o dbus_interface.lo `test -f 'control/interfaces/dbus_interface.c' || echo '$(srcdir)/'`control/interfaces/dbus_interface.c
+
eap_identity.lo: sa/authenticators/eap/eap_identity.c
@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_identity.lo -MD -MP -MF "$(DEPDIR)/eap_identity.Tpo" -c -o eap_identity.lo `test -f 'sa/authenticators/eap/eap_identity.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_identity.c; \
@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/eap_identity.Tpo" "$(DEPDIR)/eap_identity.Plo"; else rm -f "$(DEPDIR)/eap_identity.Tpo"; exit 1; fi
@@ -557,6 +707,27 @@ eap_sim.lo: sa/authenticators/eap/eap_sim.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_sim.lo `test -f 'sa/authenticators/eap/eap_sim.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_sim.c
+local_backend.lo: config/backends/local_backend.c
+@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT local_backend.lo -MD -MP -MF "$(DEPDIR)/local_backend.Tpo" -c -o local_backend.lo `test -f 'config/backends/local_backend.c' || echo '$(srcdir)/'`config/backends/local_backend.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/local_backend.Tpo" "$(DEPDIR)/local_backend.Plo"; else rm -f "$(DEPDIR)/local_backend.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/backends/local_backend.c' object='local_backend.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o local_backend.lo `test -f 'config/backends/local_backend.c' || echo '$(srcdir)/'`config/backends/local_backend.c
+
+stroke_interface.lo: control/interfaces/stroke_interface.c
+@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT stroke_interface.lo -MD -MP -MF "$(DEPDIR)/stroke_interface.Tpo" -c -o stroke_interface.lo `test -f 'control/interfaces/stroke_interface.c' || echo '$(srcdir)/'`control/interfaces/stroke_interface.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/stroke_interface.Tpo" "$(DEPDIR)/stroke_interface.Plo"; else rm -f "$(DEPDIR)/stroke_interface.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='control/interfaces/stroke_interface.c' object='stroke_interface.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o stroke_interface.lo `test -f 'control/interfaces/stroke_interface.c' || echo '$(srcdir)/'`control/interfaces/stroke_interface.c
+
+xml_interface.lo: control/interfaces/xml_interface.c
+@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT xml_interface.lo -MD -MP -MF "$(DEPDIR)/xml_interface.Tpo" -c -o xml_interface.lo `test -f 'control/interfaces/xml_interface.c' || echo '$(srcdir)/'`control/interfaces/xml_interface.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/xml_interface.Tpo" "$(DEPDIR)/xml_interface.Plo"; else rm -f "$(DEPDIR)/xml_interface.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='control/interfaces/xml_interface.c' object='xml_interface.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o xml_interface.lo `test -f 'control/interfaces/xml_interface.c' || echo '$(srcdir)/'`control/interfaces/xml_interface.c
+
bus.o: bus/bus.c
@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bus.o -MD -MP -MF "$(DEPDIR)/bus.Tpo" -c -o bus.o `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c; \
@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/bus.Tpo" "$(DEPDIR)/bus.Po"; else rm -f "$(DEPDIR)/bus.Tpo"; exit 1; fi
@@ -571,20 +742,6 @@ bus.obj: bus/bus.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bus.obj `if test -f 'bus/bus.c'; then $(CYGPATH_W) 'bus/bus.c'; else $(CYGPATH_W) '$(srcdir)/bus/bus.c'; fi`
-sys_logger.o: bus/listeners/sys_logger.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.o -MD -MP -MF "$(DEPDIR)/sys_logger.Tpo" -c -o sys_logger.o `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sys_logger.Tpo" "$(DEPDIR)/sys_logger.Po"; else rm -f "$(DEPDIR)/sys_logger.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/sys_logger.c' object='sys_logger.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.o `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c
-
-sys_logger.obj: bus/listeners/sys_logger.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.obj -MD -MP -MF "$(DEPDIR)/sys_logger.Tpo" -c -o sys_logger.obj `if test -f 'bus/listeners/sys_logger.c'; then $(CYGPATH_W) 'bus/listeners/sys_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/sys_logger.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sys_logger.Tpo" "$(DEPDIR)/sys_logger.Po"; else rm -f "$(DEPDIR)/sys_logger.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/sys_logger.c' object='sys_logger.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.obj `if test -f 'bus/listeners/sys_logger.c'; then $(CYGPATH_W) 'bus/listeners/sys_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/sys_logger.c'; fi`
-
file_logger.o: bus/listeners/file_logger.c
@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT file_logger.o -MD -MP -MF "$(DEPDIR)/file_logger.Tpo" -c -o file_logger.o `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c; \
@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/file_logger.Tpo" "$(DEPDIR)/file_logger.Po"; else rm -f "$(DEPDIR)/file_logger.Tpo"; exit 1; fi
@@ -599,61 +756,47 @@ file_logger.obj: bus/listeners/file_logger.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o file_logger.obj `if test -f 'bus/listeners/file_logger.c'; then $(CYGPATH_W) 'bus/listeners/file_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/file_logger.c'; fi`
-connection.o: config/connections/connection.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT connection.o -MD -MP -MF "$(DEPDIR)/connection.Tpo" -c -o connection.o `test -f 'config/connections/connection.c' || echo '$(srcdir)/'`config/connections/connection.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/connection.Tpo" "$(DEPDIR)/connection.Po"; else rm -f "$(DEPDIR)/connection.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/connections/connection.c' object='connection.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o connection.o `test -f 'config/connections/connection.c' || echo '$(srcdir)/'`config/connections/connection.c
-
-connection.obj: config/connections/connection.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT connection.obj -MD -MP -MF "$(DEPDIR)/connection.Tpo" -c -o connection.obj `if test -f 'config/connections/connection.c'; then $(CYGPATH_W) 'config/connections/connection.c'; else $(CYGPATH_W) '$(srcdir)/config/connections/connection.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/connection.Tpo" "$(DEPDIR)/connection.Po"; else rm -f "$(DEPDIR)/connection.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/connections/connection.c' object='connection.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o connection.obj `if test -f 'config/connections/connection.c'; then $(CYGPATH_W) 'config/connections/connection.c'; else $(CYGPATH_W) '$(srcdir)/config/connections/connection.c'; fi`
-
-local_connection_store.o: config/connections/local_connection_store.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT local_connection_store.o -MD -MP -MF "$(DEPDIR)/local_connection_store.Tpo" -c -o local_connection_store.o `test -f 'config/connections/local_connection_store.c' || echo '$(srcdir)/'`config/connections/local_connection_store.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/local_connection_store.Tpo" "$(DEPDIR)/local_connection_store.Po"; else rm -f "$(DEPDIR)/local_connection_store.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/connections/local_connection_store.c' object='local_connection_store.o' libtool=no @AMDEPBACKSLASH@
+sys_logger.o: bus/listeners/sys_logger.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.o -MD -MP -MF "$(DEPDIR)/sys_logger.Tpo" -c -o sys_logger.o `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sys_logger.Tpo" "$(DEPDIR)/sys_logger.Po"; else rm -f "$(DEPDIR)/sys_logger.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/sys_logger.c' object='sys_logger.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o local_connection_store.o `test -f 'config/connections/local_connection_store.c' || echo '$(srcdir)/'`config/connections/local_connection_store.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.o `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c
-local_connection_store.obj: config/connections/local_connection_store.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT local_connection_store.obj -MD -MP -MF "$(DEPDIR)/local_connection_store.Tpo" -c -o local_connection_store.obj `if test -f 'config/connections/local_connection_store.c'; then $(CYGPATH_W) 'config/connections/local_connection_store.c'; else $(CYGPATH_W) '$(srcdir)/config/connections/local_connection_store.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/local_connection_store.Tpo" "$(DEPDIR)/local_connection_store.Po"; else rm -f "$(DEPDIR)/local_connection_store.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/connections/local_connection_store.c' object='local_connection_store.obj' libtool=no @AMDEPBACKSLASH@
+sys_logger.obj: bus/listeners/sys_logger.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.obj -MD -MP -MF "$(DEPDIR)/sys_logger.Tpo" -c -o sys_logger.obj `if test -f 'bus/listeners/sys_logger.c'; then $(CYGPATH_W) 'bus/listeners/sys_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/sys_logger.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sys_logger.Tpo" "$(DEPDIR)/sys_logger.Po"; else rm -f "$(DEPDIR)/sys_logger.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/sys_logger.c' object='sys_logger.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o local_connection_store.obj `if test -f 'config/connections/local_connection_store.c'; then $(CYGPATH_W) 'config/connections/local_connection_store.c'; else $(CYGPATH_W) '$(srcdir)/config/connections/local_connection_store.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.obj `if test -f 'bus/listeners/sys_logger.c'; then $(CYGPATH_W) 'bus/listeners/sys_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/sys_logger.c'; fi`
-policy.o: config/policies/policy.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT policy.o -MD -MP -MF "$(DEPDIR)/policy.Tpo" -c -o policy.o `test -f 'config/policies/policy.c' || echo '$(srcdir)/'`config/policies/policy.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/policy.Tpo" "$(DEPDIR)/policy.Po"; else rm -f "$(DEPDIR)/policy.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/policies/policy.c' object='policy.o' libtool=no @AMDEPBACKSLASH@
+backend_manager.o: config/backend_manager.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backend_manager.o -MD -MP -MF "$(DEPDIR)/backend_manager.Tpo" -c -o backend_manager.o `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/backend_manager.Tpo" "$(DEPDIR)/backend_manager.Po"; else rm -f "$(DEPDIR)/backend_manager.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/backend_manager.c' object='backend_manager.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o policy.o `test -f 'config/policies/policy.c' || echo '$(srcdir)/'`config/policies/policy.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backend_manager.o `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c
-policy.obj: config/policies/policy.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT policy.obj -MD -MP -MF "$(DEPDIR)/policy.Tpo" -c -o policy.obj `if test -f 'config/policies/policy.c'; then $(CYGPATH_W) 'config/policies/policy.c'; else $(CYGPATH_W) '$(srcdir)/config/policies/policy.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/policy.Tpo" "$(DEPDIR)/policy.Po"; else rm -f "$(DEPDIR)/policy.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/policies/policy.c' object='policy.obj' libtool=no @AMDEPBACKSLASH@
+backend_manager.obj: config/backend_manager.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backend_manager.obj -MD -MP -MF "$(DEPDIR)/backend_manager.Tpo" -c -o backend_manager.obj `if test -f 'config/backend_manager.c'; then $(CYGPATH_W) 'config/backend_manager.c'; else $(CYGPATH_W) '$(srcdir)/config/backend_manager.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/backend_manager.Tpo" "$(DEPDIR)/backend_manager.Po"; else rm -f "$(DEPDIR)/backend_manager.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/backend_manager.c' object='backend_manager.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o policy.obj `if test -f 'config/policies/policy.c'; then $(CYGPATH_W) 'config/policies/policy.c'; else $(CYGPATH_W) '$(srcdir)/config/policies/policy.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backend_manager.obj `if test -f 'config/backend_manager.c'; then $(CYGPATH_W) 'config/backend_manager.c'; else $(CYGPATH_W) '$(srcdir)/config/backend_manager.c'; fi`
-local_policy_store.o: config/policies/local_policy_store.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT local_policy_store.o -MD -MP -MF "$(DEPDIR)/local_policy_store.Tpo" -c -o local_policy_store.o `test -f 'config/policies/local_policy_store.c' || echo '$(srcdir)/'`config/policies/local_policy_store.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/local_policy_store.Tpo" "$(DEPDIR)/local_policy_store.Po"; else rm -f "$(DEPDIR)/local_policy_store.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/policies/local_policy_store.c' object='local_policy_store.o' libtool=no @AMDEPBACKSLASH@
+child_cfg.o: config/child_cfg.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_cfg.o -MD -MP -MF "$(DEPDIR)/child_cfg.Tpo" -c -o child_cfg.o `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_cfg.Tpo" "$(DEPDIR)/child_cfg.Po"; else rm -f "$(DEPDIR)/child_cfg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/child_cfg.c' object='child_cfg.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o local_policy_store.o `test -f 'config/policies/local_policy_store.c' || echo '$(srcdir)/'`config/policies/local_policy_store.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_cfg.o `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c
-local_policy_store.obj: config/policies/local_policy_store.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT local_policy_store.obj -MD -MP -MF "$(DEPDIR)/local_policy_store.Tpo" -c -o local_policy_store.obj `if test -f 'config/policies/local_policy_store.c'; then $(CYGPATH_W) 'config/policies/local_policy_store.c'; else $(CYGPATH_W) '$(srcdir)/config/policies/local_policy_store.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/local_policy_store.Tpo" "$(DEPDIR)/local_policy_store.Po"; else rm -f "$(DEPDIR)/local_policy_store.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/policies/local_policy_store.c' object='local_policy_store.obj' libtool=no @AMDEPBACKSLASH@
+child_cfg.obj: config/child_cfg.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_cfg.obj -MD -MP -MF "$(DEPDIR)/child_cfg.Tpo" -c -o child_cfg.obj `if test -f 'config/child_cfg.c'; then $(CYGPATH_W) 'config/child_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/child_cfg.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_cfg.Tpo" "$(DEPDIR)/child_cfg.Po"; else rm -f "$(DEPDIR)/child_cfg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/child_cfg.c' object='child_cfg.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o local_policy_store.obj `if test -f 'config/policies/local_policy_store.c'; then $(CYGPATH_W) 'config/policies/local_policy_store.c'; else $(CYGPATH_W) '$(srcdir)/config/policies/local_policy_store.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_cfg.obj `if test -f 'config/child_cfg.c'; then $(CYGPATH_W) 'config/child_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/child_cfg.c'; fi`
local_credential_store.o: config/credentials/local_credential_store.c
@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT local_credential_store.o -MD -MP -MF "$(DEPDIR)/local_credential_store.Tpo" -c -o local_credential_store.o `test -f 'config/credentials/local_credential_store.c' || echo '$(srcdir)/'`config/credentials/local_credential_store.c; \
@@ -669,19 +812,33 @@ local_credential_store.obj: config/credentials/local_credential_store.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o local_credential_store.obj `if test -f 'config/credentials/local_credential_store.c'; then $(CYGPATH_W) 'config/credentials/local_credential_store.c'; else $(CYGPATH_W) '$(srcdir)/config/credentials/local_credential_store.c'; fi`
-traffic_selector.o: config/traffic_selector.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector.o -MD -MP -MF "$(DEPDIR)/traffic_selector.Tpo" -c -o traffic_selector.o `test -f 'config/traffic_selector.c' || echo '$(srcdir)/'`config/traffic_selector.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/traffic_selector.Tpo" "$(DEPDIR)/traffic_selector.Po"; else rm -f "$(DEPDIR)/traffic_selector.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/traffic_selector.c' object='traffic_selector.o' libtool=no @AMDEPBACKSLASH@
+ike_cfg.o: config/ike_cfg.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cfg.o -MD -MP -MF "$(DEPDIR)/ike_cfg.Tpo" -c -o ike_cfg.o `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_cfg.Tpo" "$(DEPDIR)/ike_cfg.Po"; else rm -f "$(DEPDIR)/ike_cfg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/ike_cfg.c' object='ike_cfg.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector.o `test -f 'config/traffic_selector.c' || echo '$(srcdir)/'`config/traffic_selector.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cfg.o `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c
-traffic_selector.obj: config/traffic_selector.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector.obj -MD -MP -MF "$(DEPDIR)/traffic_selector.Tpo" -c -o traffic_selector.obj `if test -f 'config/traffic_selector.c'; then $(CYGPATH_W) 'config/traffic_selector.c'; else $(CYGPATH_W) '$(srcdir)/config/traffic_selector.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/traffic_selector.Tpo" "$(DEPDIR)/traffic_selector.Po"; else rm -f "$(DEPDIR)/traffic_selector.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/traffic_selector.c' object='traffic_selector.obj' libtool=no @AMDEPBACKSLASH@
+ike_cfg.obj: config/ike_cfg.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cfg.obj -MD -MP -MF "$(DEPDIR)/ike_cfg.Tpo" -c -o ike_cfg.obj `if test -f 'config/ike_cfg.c'; then $(CYGPATH_W) 'config/ike_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/ike_cfg.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_cfg.Tpo" "$(DEPDIR)/ike_cfg.Po"; else rm -f "$(DEPDIR)/ike_cfg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/ike_cfg.c' object='ike_cfg.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector.obj `if test -f 'config/traffic_selector.c'; then $(CYGPATH_W) 'config/traffic_selector.c'; else $(CYGPATH_W) '$(srcdir)/config/traffic_selector.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cfg.obj `if test -f 'config/ike_cfg.c'; then $(CYGPATH_W) 'config/ike_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/ike_cfg.c'; fi`
+
+peer_cfg.o: config/peer_cfg.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_cfg.o -MD -MP -MF "$(DEPDIR)/peer_cfg.Tpo" -c -o peer_cfg.o `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/peer_cfg.Tpo" "$(DEPDIR)/peer_cfg.Po"; else rm -f "$(DEPDIR)/peer_cfg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/peer_cfg.c' object='peer_cfg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_cfg.o `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c
+
+peer_cfg.obj: config/peer_cfg.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_cfg.obj -MD -MP -MF "$(DEPDIR)/peer_cfg.Tpo" -c -o peer_cfg.obj `if test -f 'config/peer_cfg.c'; then $(CYGPATH_W) 'config/peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/peer_cfg.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/peer_cfg.Tpo" "$(DEPDIR)/peer_cfg.Po"; else rm -f "$(DEPDIR)/peer_cfg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/peer_cfg.c' object='peer_cfg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_cfg.obj `if test -f 'config/peer_cfg.c'; then $(CYGPATH_W) 'config/peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/peer_cfg.c'; fi`
proposal.o: config/proposal.c
@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal.o -MD -MP -MF "$(DEPDIR)/proposal.Tpo" -c -o proposal.o `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c; \
@@ -697,355 +854,313 @@ proposal.obj: config/proposal.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal.obj `if test -f 'config/proposal.c'; then $(CYGPATH_W) 'config/proposal.c'; else $(CYGPATH_W) '$(srcdir)/config/proposal.c'; fi`
-configuration.o: config/configuration.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration.o -MD -MP -MF "$(DEPDIR)/configuration.Tpo" -c -o configuration.o `test -f 'config/configuration.c' || echo '$(srcdir)/'`config/configuration.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/configuration.Tpo" "$(DEPDIR)/configuration.Po"; else rm -f "$(DEPDIR)/configuration.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/configuration.c' object='configuration.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration.o `test -f 'config/configuration.c' || echo '$(srcdir)/'`config/configuration.c
-
-configuration.obj: config/configuration.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration.obj -MD -MP -MF "$(DEPDIR)/configuration.Tpo" -c -o configuration.obj `if test -f 'config/configuration.c'; then $(CYGPATH_W) 'config/configuration.c'; else $(CYGPATH_W) '$(srcdir)/config/configuration.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/configuration.Tpo" "$(DEPDIR)/configuration.Po"; else rm -f "$(DEPDIR)/configuration.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/configuration.c' object='configuration.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration.obj `if test -f 'config/configuration.c'; then $(CYGPATH_W) 'config/configuration.c'; else $(CYGPATH_W) '$(srcdir)/config/configuration.c'; fi`
-
-eap_authenticator.o: sa/authenticators/eap_authenticator.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.o -MD -MP -MF "$(DEPDIR)/eap_authenticator.Tpo" -c -o eap_authenticator.o `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/eap_authenticator.Tpo" "$(DEPDIR)/eap_authenticator.Po"; else rm -f "$(DEPDIR)/eap_authenticator.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.o `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c
-
-eap_authenticator.obj: sa/authenticators/eap_authenticator.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.obj -MD -MP -MF "$(DEPDIR)/eap_authenticator.Tpo" -c -o eap_authenticator.obj `if test -f 'sa/authenticators/eap_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/eap_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap_authenticator.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/eap_authenticator.Tpo" "$(DEPDIR)/eap_authenticator.Po"; else rm -f "$(DEPDIR)/eap_authenticator.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.obj `if test -f 'sa/authenticators/eap_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/eap_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap_authenticator.c'; fi`
-
-eap_method.o: sa/authenticators/eap/eap_method.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.o -MD -MP -MF "$(DEPDIR)/eap_method.Tpo" -c -o eap_method.o `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/eap_method.Tpo" "$(DEPDIR)/eap_method.Po"; else rm -f "$(DEPDIR)/eap_method.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_method.c' object='eap_method.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.o `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c
-
-eap_method.obj: sa/authenticators/eap/eap_method.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.obj -MD -MP -MF "$(DEPDIR)/eap_method.Tpo" -c -o eap_method.obj `if test -f 'sa/authenticators/eap/eap_method.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_method.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_method.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/eap_method.Tpo" "$(DEPDIR)/eap_method.Po"; else rm -f "$(DEPDIR)/eap_method.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_method.c' object='eap_method.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.obj `if test -f 'sa/authenticators/eap/eap_method.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_method.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_method.c'; fi`
-
-child_sa.o: sa/child_sa.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.o -MD -MP -MF "$(DEPDIR)/child_sa.Tpo" -c -o child_sa.o `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_sa.Tpo" "$(DEPDIR)/child_sa.Po"; else rm -f "$(DEPDIR)/child_sa.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/child_sa.c' object='child_sa.o' libtool=no @AMDEPBACKSLASH@
+traffic_selector.o: config/traffic_selector.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector.o -MD -MP -MF "$(DEPDIR)/traffic_selector.Tpo" -c -o traffic_selector.o `test -f 'config/traffic_selector.c' || echo '$(srcdir)/'`config/traffic_selector.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/traffic_selector.Tpo" "$(DEPDIR)/traffic_selector.Po"; else rm -f "$(DEPDIR)/traffic_selector.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/traffic_selector.c' object='traffic_selector.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.o `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector.o `test -f 'config/traffic_selector.c' || echo '$(srcdir)/'`config/traffic_selector.c
-child_sa.obj: sa/child_sa.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.obj -MD -MP -MF "$(DEPDIR)/child_sa.Tpo" -c -o child_sa.obj `if test -f 'sa/child_sa.c'; then $(CYGPATH_W) 'sa/child_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/child_sa.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_sa.Tpo" "$(DEPDIR)/child_sa.Po"; else rm -f "$(DEPDIR)/child_sa.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/child_sa.c' object='child_sa.obj' libtool=no @AMDEPBACKSLASH@
+traffic_selector.obj: config/traffic_selector.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector.obj -MD -MP -MF "$(DEPDIR)/traffic_selector.Tpo" -c -o traffic_selector.obj `if test -f 'config/traffic_selector.c'; then $(CYGPATH_W) 'config/traffic_selector.c'; else $(CYGPATH_W) '$(srcdir)/config/traffic_selector.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/traffic_selector.Tpo" "$(DEPDIR)/traffic_selector.Po"; else rm -f "$(DEPDIR)/traffic_selector.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/traffic_selector.c' object='traffic_selector.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.obj `if test -f 'sa/child_sa.c'; then $(CYGPATH_W) 'sa/child_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/child_sa.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector.obj `if test -f 'config/traffic_selector.c'; then $(CYGPATH_W) 'config/traffic_selector.c'; else $(CYGPATH_W) '$(srcdir)/config/traffic_selector.c'; fi`
-ike_sa.o: sa/ike_sa.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.o -MD -MP -MF "$(DEPDIR)/ike_sa.Tpo" -c -o ike_sa.o `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_sa.Tpo" "$(DEPDIR)/ike_sa.Po"; else rm -f "$(DEPDIR)/ike_sa.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa.c' object='ike_sa.o' libtool=no @AMDEPBACKSLASH@
+interface_manager.o: control/interface_manager.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT interface_manager.o -MD -MP -MF "$(DEPDIR)/interface_manager.Tpo" -c -o interface_manager.o `test -f 'control/interface_manager.c' || echo '$(srcdir)/'`control/interface_manager.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/interface_manager.Tpo" "$(DEPDIR)/interface_manager.Po"; else rm -f "$(DEPDIR)/interface_manager.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='control/interface_manager.c' object='interface_manager.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.o `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o interface_manager.o `test -f 'control/interface_manager.c' || echo '$(srcdir)/'`control/interface_manager.c
-ike_sa.obj: sa/ike_sa.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.obj -MD -MP -MF "$(DEPDIR)/ike_sa.Tpo" -c -o ike_sa.obj `if test -f 'sa/ike_sa.c'; then $(CYGPATH_W) 'sa/ike_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_sa.Tpo" "$(DEPDIR)/ike_sa.Po"; else rm -f "$(DEPDIR)/ike_sa.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa.c' object='ike_sa.obj' libtool=no @AMDEPBACKSLASH@
+interface_manager.obj: control/interface_manager.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT interface_manager.obj -MD -MP -MF "$(DEPDIR)/interface_manager.Tpo" -c -o interface_manager.obj `if test -f 'control/interface_manager.c'; then $(CYGPATH_W) 'control/interface_manager.c'; else $(CYGPATH_W) '$(srcdir)/control/interface_manager.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/interface_manager.Tpo" "$(DEPDIR)/interface_manager.Po"; else rm -f "$(DEPDIR)/interface_manager.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='control/interface_manager.c' object='interface_manager.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.obj `if test -f 'sa/ike_sa.c'; then $(CYGPATH_W) 'sa/ike_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o interface_manager.obj `if test -f 'control/interface_manager.c'; then $(CYGPATH_W) 'control/interface_manager.c'; else $(CYGPATH_W) '$(srcdir)/control/interface_manager.c'; fi`
-ike_sa_manager.o: sa/ike_sa_manager.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.o -MD -MP -MF "$(DEPDIR)/ike_sa_manager.Tpo" -c -o ike_sa_manager.o `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_sa_manager.Tpo" "$(DEPDIR)/ike_sa_manager.Po"; else rm -f "$(DEPDIR)/ike_sa_manager.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_manager.c' object='ike_sa_manager.o' libtool=no @AMDEPBACKSLASH@
+generator.o: encoding/generator.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.o -MD -MP -MF "$(DEPDIR)/generator.Tpo" -c -o generator.o `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/generator.Tpo" "$(DEPDIR)/generator.Po"; else rm -f "$(DEPDIR)/generator.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/generator.c' object='generator.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.o `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.o `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c
-ike_sa_manager.obj: sa/ike_sa_manager.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.obj -MD -MP -MF "$(DEPDIR)/ike_sa_manager.Tpo" -c -o ike_sa_manager.obj `if test -f 'sa/ike_sa_manager.c'; then $(CYGPATH_W) 'sa/ike_sa_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_manager.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_sa_manager.Tpo" "$(DEPDIR)/ike_sa_manager.Po"; else rm -f "$(DEPDIR)/ike_sa_manager.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_manager.c' object='ike_sa_manager.obj' libtool=no @AMDEPBACKSLASH@
+generator.obj: encoding/generator.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.obj -MD -MP -MF "$(DEPDIR)/generator.Tpo" -c -o generator.obj `if test -f 'encoding/generator.c'; then $(CYGPATH_W) 'encoding/generator.c'; else $(CYGPATH_W) '$(srcdir)/encoding/generator.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/generator.Tpo" "$(DEPDIR)/generator.Po"; else rm -f "$(DEPDIR)/generator.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/generator.c' object='generator.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.obj `if test -f 'sa/ike_sa_manager.c'; then $(CYGPATH_W) 'sa/ike_sa_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_manager.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.obj `if test -f 'encoding/generator.c'; then $(CYGPATH_W) 'encoding/generator.c'; else $(CYGPATH_W) '$(srcdir)/encoding/generator.c'; fi`
-ike_sa_id.o: sa/ike_sa_id.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.o -MD -MP -MF "$(DEPDIR)/ike_sa_id.Tpo" -c -o ike_sa_id.o `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_sa_id.Tpo" "$(DEPDIR)/ike_sa_id.Po"; else rm -f "$(DEPDIR)/ike_sa_id.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_id.c' object='ike_sa_id.o' libtool=no @AMDEPBACKSLASH@
+message.o: encoding/message.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.o -MD -MP -MF "$(DEPDIR)/message.Tpo" -c -o message.o `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/message.Tpo" "$(DEPDIR)/message.Po"; else rm -f "$(DEPDIR)/message.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/message.c' object='message.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.o `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.o `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c
-ike_sa_id.obj: sa/ike_sa_id.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.obj -MD -MP -MF "$(DEPDIR)/ike_sa_id.Tpo" -c -o ike_sa_id.obj `if test -f 'sa/ike_sa_id.c'; then $(CYGPATH_W) 'sa/ike_sa_id.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_id.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_sa_id.Tpo" "$(DEPDIR)/ike_sa_id.Po"; else rm -f "$(DEPDIR)/ike_sa_id.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_id.c' object='ike_sa_id.obj' libtool=no @AMDEPBACKSLASH@
+message.obj: encoding/message.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.obj -MD -MP -MF "$(DEPDIR)/message.Tpo" -c -o message.obj `if test -f 'encoding/message.c'; then $(CYGPATH_W) 'encoding/message.c'; else $(CYGPATH_W) '$(srcdir)/encoding/message.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/message.Tpo" "$(DEPDIR)/message.Po"; else rm -f "$(DEPDIR)/message.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/message.c' object='message.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.obj `if test -f 'sa/ike_sa_id.c'; then $(CYGPATH_W) 'sa/ike_sa_id.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_id.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.obj `if test -f 'encoding/message.c'; then $(CYGPATH_W) 'encoding/message.c'; else $(CYGPATH_W) '$(srcdir)/encoding/message.c'; fi`
-task.o: sa/tasks/task.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.o -MD -MP -MF "$(DEPDIR)/task.Tpo" -c -o task.o `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/task.Tpo" "$(DEPDIR)/task.Po"; else rm -f "$(DEPDIR)/task.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/task.c' object='task.o' libtool=no @AMDEPBACKSLASH@
+parser.o: encoding/parser.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.o -MD -MP -MF "$(DEPDIR)/parser.Tpo" -c -o parser.o `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/parser.Tpo" "$(DEPDIR)/parser.Po"; else rm -f "$(DEPDIR)/parser.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/parser.c' object='parser.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.o `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.o `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c
-task.obj: sa/tasks/task.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.obj -MD -MP -MF "$(DEPDIR)/task.Tpo" -c -o task.obj `if test -f 'sa/tasks/task.c'; then $(CYGPATH_W) 'sa/tasks/task.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/task.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/task.Tpo" "$(DEPDIR)/task.Po"; else rm -f "$(DEPDIR)/task.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/task.c' object='task.obj' libtool=no @AMDEPBACKSLASH@
+parser.obj: encoding/parser.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.obj -MD -MP -MF "$(DEPDIR)/parser.Tpo" -c -o parser.obj `if test -f 'encoding/parser.c'; then $(CYGPATH_W) 'encoding/parser.c'; else $(CYGPATH_W) '$(srcdir)/encoding/parser.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/parser.Tpo" "$(DEPDIR)/parser.Po"; else rm -f "$(DEPDIR)/parser.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/parser.c' object='parser.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.obj `if test -f 'sa/tasks/task.c'; then $(CYGPATH_W) 'sa/tasks/task.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/task.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.obj `if test -f 'encoding/parser.c'; then $(CYGPATH_W) 'encoding/parser.c'; else $(CYGPATH_W) '$(srcdir)/encoding/parser.c'; fi`
-ike_init.o: sa/tasks/ike_init.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.o -MD -MP -MF "$(DEPDIR)/ike_init.Tpo" -c -o ike_init.o `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_init.Tpo" "$(DEPDIR)/ike_init.Po"; else rm -f "$(DEPDIR)/ike_init.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_init.c' object='ike_init.o' libtool=no @AMDEPBACKSLASH@
+auth_payload.o: encoding/payloads/auth_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.o -MD -MP -MF "$(DEPDIR)/auth_payload.Tpo" -c -o auth_payload.o `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/auth_payload.Tpo" "$(DEPDIR)/auth_payload.Po"; else rm -f "$(DEPDIR)/auth_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/auth_payload.c' object='auth_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.o `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.o `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c
-ike_init.obj: sa/tasks/ike_init.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.obj -MD -MP -MF "$(DEPDIR)/ike_init.Tpo" -c -o ike_init.obj `if test -f 'sa/tasks/ike_init.c'; then $(CYGPATH_W) 'sa/tasks/ike_init.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_init.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_init.Tpo" "$(DEPDIR)/ike_init.Po"; else rm -f "$(DEPDIR)/ike_init.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_init.c' object='ike_init.obj' libtool=no @AMDEPBACKSLASH@
+auth_payload.obj: encoding/payloads/auth_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.obj -MD -MP -MF "$(DEPDIR)/auth_payload.Tpo" -c -o auth_payload.obj `if test -f 'encoding/payloads/auth_payload.c'; then $(CYGPATH_W) 'encoding/payloads/auth_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/auth_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/auth_payload.Tpo" "$(DEPDIR)/auth_payload.Po"; else rm -f "$(DEPDIR)/auth_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/auth_payload.c' object='auth_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.obj `if test -f 'sa/tasks/ike_init.c'; then $(CYGPATH_W) 'sa/tasks/ike_init.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_init.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.obj `if test -f 'encoding/payloads/auth_payload.c'; then $(CYGPATH_W) 'encoding/payloads/auth_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/auth_payload.c'; fi`
-ike_natd.o: sa/tasks/ike_natd.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.o -MD -MP -MF "$(DEPDIR)/ike_natd.Tpo" -c -o ike_natd.o `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_natd.Tpo" "$(DEPDIR)/ike_natd.Po"; else rm -f "$(DEPDIR)/ike_natd.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_natd.c' object='ike_natd.o' libtool=no @AMDEPBACKSLASH@
+cert_payload.o: encoding/payloads/cert_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.o -MD -MP -MF "$(DEPDIR)/cert_payload.Tpo" -c -o cert_payload.o `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/cert_payload.Tpo" "$(DEPDIR)/cert_payload.Po"; else rm -f "$(DEPDIR)/cert_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cert_payload.c' object='cert_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.o `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.o `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c
-ike_natd.obj: sa/tasks/ike_natd.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.obj -MD -MP -MF "$(DEPDIR)/ike_natd.Tpo" -c -o ike_natd.obj `if test -f 'sa/tasks/ike_natd.c'; then $(CYGPATH_W) 'sa/tasks/ike_natd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_natd.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_natd.Tpo" "$(DEPDIR)/ike_natd.Po"; else rm -f "$(DEPDIR)/ike_natd.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_natd.c' object='ike_natd.obj' libtool=no @AMDEPBACKSLASH@
+cert_payload.obj: encoding/payloads/cert_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.obj -MD -MP -MF "$(DEPDIR)/cert_payload.Tpo" -c -o cert_payload.obj `if test -f 'encoding/payloads/cert_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cert_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cert_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/cert_payload.Tpo" "$(DEPDIR)/cert_payload.Po"; else rm -f "$(DEPDIR)/cert_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cert_payload.c' object='cert_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.obj `if test -f 'sa/tasks/ike_natd.c'; then $(CYGPATH_W) 'sa/tasks/ike_natd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_natd.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.obj `if test -f 'encoding/payloads/cert_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cert_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cert_payload.c'; fi`
-ike_auth.o: sa/tasks/ike_auth.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.o -MD -MP -MF "$(DEPDIR)/ike_auth.Tpo" -c -o ike_auth.o `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_auth.Tpo" "$(DEPDIR)/ike_auth.Po"; else rm -f "$(DEPDIR)/ike_auth.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth.c' object='ike_auth.o' libtool=no @AMDEPBACKSLASH@
+certreq_payload.o: encoding/payloads/certreq_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.o -MD -MP -MF "$(DEPDIR)/certreq_payload.Tpo" -c -o certreq_payload.o `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/certreq_payload.Tpo" "$(DEPDIR)/certreq_payload.Po"; else rm -f "$(DEPDIR)/certreq_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/certreq_payload.c' object='certreq_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.o `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.o `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c
-ike_auth.obj: sa/tasks/ike_auth.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.obj -MD -MP -MF "$(DEPDIR)/ike_auth.Tpo" -c -o ike_auth.obj `if test -f 'sa/tasks/ike_auth.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_auth.Tpo" "$(DEPDIR)/ike_auth.Po"; else rm -f "$(DEPDIR)/ike_auth.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth.c' object='ike_auth.obj' libtool=no @AMDEPBACKSLASH@
+certreq_payload.obj: encoding/payloads/certreq_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.obj -MD -MP -MF "$(DEPDIR)/certreq_payload.Tpo" -c -o certreq_payload.obj `if test -f 'encoding/payloads/certreq_payload.c'; then $(CYGPATH_W) 'encoding/payloads/certreq_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/certreq_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/certreq_payload.Tpo" "$(DEPDIR)/certreq_payload.Po"; else rm -f "$(DEPDIR)/certreq_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/certreq_payload.c' object='certreq_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.obj `if test -f 'sa/tasks/ike_auth.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.obj `if test -f 'encoding/payloads/certreq_payload.c'; then $(CYGPATH_W) 'encoding/payloads/certreq_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/certreq_payload.c'; fi`
-ike_config.o: sa/tasks/ike_config.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.o -MD -MP -MF "$(DEPDIR)/ike_config.Tpo" -c -o ike_config.o `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_config.Tpo" "$(DEPDIR)/ike_config.Po"; else rm -f "$(DEPDIR)/ike_config.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_config.c' object='ike_config.o' libtool=no @AMDEPBACKSLASH@
+configuration_attribute.o: encoding/payloads/configuration_attribute.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.o -MD -MP -MF "$(DEPDIR)/configuration_attribute.Tpo" -c -o configuration_attribute.o `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/configuration_attribute.Tpo" "$(DEPDIR)/configuration_attribute.Po"; else rm -f "$(DEPDIR)/configuration_attribute.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.o `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.o `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c
-ike_config.obj: sa/tasks/ike_config.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.obj -MD -MP -MF "$(DEPDIR)/ike_config.Tpo" -c -o ike_config.obj `if test -f 'sa/tasks/ike_config.c'; then $(CYGPATH_W) 'sa/tasks/ike_config.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_config.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_config.Tpo" "$(DEPDIR)/ike_config.Po"; else rm -f "$(DEPDIR)/ike_config.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_config.c' object='ike_config.obj' libtool=no @AMDEPBACKSLASH@
+configuration_attribute.obj: encoding/payloads/configuration_attribute.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.obj -MD -MP -MF "$(DEPDIR)/configuration_attribute.Tpo" -c -o configuration_attribute.obj `if test -f 'encoding/payloads/configuration_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/configuration_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/configuration_attribute.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/configuration_attribute.Tpo" "$(DEPDIR)/configuration_attribute.Po"; else rm -f "$(DEPDIR)/configuration_attribute.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.obj `if test -f 'sa/tasks/ike_config.c'; then $(CYGPATH_W) 'sa/tasks/ike_config.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_config.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.obj `if test -f 'encoding/payloads/configuration_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/configuration_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/configuration_attribute.c'; fi`
-ike_cert.o: sa/tasks/ike_cert.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert.o -MD -MP -MF "$(DEPDIR)/ike_cert.Tpo" -c -o ike_cert.o `test -f 'sa/tasks/ike_cert.c' || echo '$(srcdir)/'`sa/tasks/ike_cert.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_cert.Tpo" "$(DEPDIR)/ike_cert.Po"; else rm -f "$(DEPDIR)/ike_cert.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert.c' object='ike_cert.o' libtool=no @AMDEPBACKSLASH@
+cp_payload.o: encoding/payloads/cp_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.o -MD -MP -MF "$(DEPDIR)/cp_payload.Tpo" -c -o cp_payload.o `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/cp_payload.Tpo" "$(DEPDIR)/cp_payload.Po"; else rm -f "$(DEPDIR)/cp_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cp_payload.c' object='cp_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert.o `test -f 'sa/tasks/ike_cert.c' || echo '$(srcdir)/'`sa/tasks/ike_cert.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.o `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c
-ike_cert.obj: sa/tasks/ike_cert.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert.obj -MD -MP -MF "$(DEPDIR)/ike_cert.Tpo" -c -o ike_cert.obj `if test -f 'sa/tasks/ike_cert.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_cert.Tpo" "$(DEPDIR)/ike_cert.Po"; else rm -f "$(DEPDIR)/ike_cert.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert.c' object='ike_cert.obj' libtool=no @AMDEPBACKSLASH@
+cp_payload.obj: encoding/payloads/cp_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.obj -MD -MP -MF "$(DEPDIR)/cp_payload.Tpo" -c -o cp_payload.obj `if test -f 'encoding/payloads/cp_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cp_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cp_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/cp_payload.Tpo" "$(DEPDIR)/cp_payload.Po"; else rm -f "$(DEPDIR)/cp_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cp_payload.c' object='cp_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert.obj `if test -f 'sa/tasks/ike_cert.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.obj `if test -f 'encoding/payloads/cp_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cp_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cp_payload.c'; fi`
-ike_rekey.o: sa/tasks/ike_rekey.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.o -MD -MP -MF "$(DEPDIR)/ike_rekey.Tpo" -c -o ike_rekey.o `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_rekey.Tpo" "$(DEPDIR)/ike_rekey.Po"; else rm -f "$(DEPDIR)/ike_rekey.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_rekey.c' object='ike_rekey.o' libtool=no @AMDEPBACKSLASH@
+delete_payload.o: encoding/payloads/delete_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.o -MD -MP -MF "$(DEPDIR)/delete_payload.Tpo" -c -o delete_payload.o `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/delete_payload.Tpo" "$(DEPDIR)/delete_payload.Po"; else rm -f "$(DEPDIR)/delete_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/delete_payload.c' object='delete_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.o `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.o `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c
-ike_rekey.obj: sa/tasks/ike_rekey.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.obj -MD -MP -MF "$(DEPDIR)/ike_rekey.Tpo" -c -o ike_rekey.obj `if test -f 'sa/tasks/ike_rekey.c'; then $(CYGPATH_W) 'sa/tasks/ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_rekey.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_rekey.Tpo" "$(DEPDIR)/ike_rekey.Po"; else rm -f "$(DEPDIR)/ike_rekey.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_rekey.c' object='ike_rekey.obj' libtool=no @AMDEPBACKSLASH@
+delete_payload.obj: encoding/payloads/delete_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.obj -MD -MP -MF "$(DEPDIR)/delete_payload.Tpo" -c -o delete_payload.obj `if test -f 'encoding/payloads/delete_payload.c'; then $(CYGPATH_W) 'encoding/payloads/delete_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/delete_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/delete_payload.Tpo" "$(DEPDIR)/delete_payload.Po"; else rm -f "$(DEPDIR)/delete_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/delete_payload.c' object='delete_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.obj `if test -f 'sa/tasks/ike_rekey.c'; then $(CYGPATH_W) 'sa/tasks/ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_rekey.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.obj `if test -f 'encoding/payloads/delete_payload.c'; then $(CYGPATH_W) 'encoding/payloads/delete_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/delete_payload.c'; fi`
-ike_delete.o: sa/tasks/ike_delete.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.o -MD -MP -MF "$(DEPDIR)/ike_delete.Tpo" -c -o ike_delete.o `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_delete.Tpo" "$(DEPDIR)/ike_delete.Po"; else rm -f "$(DEPDIR)/ike_delete.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_delete.c' object='ike_delete.o' libtool=no @AMDEPBACKSLASH@
+eap_payload.o: encoding/payloads/eap_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.o -MD -MP -MF "$(DEPDIR)/eap_payload.Tpo" -c -o eap_payload.o `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/eap_payload.Tpo" "$(DEPDIR)/eap_payload.Po"; else rm -f "$(DEPDIR)/eap_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/eap_payload.c' object='eap_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.o `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.o `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c
-ike_delete.obj: sa/tasks/ike_delete.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.obj -MD -MP -MF "$(DEPDIR)/ike_delete.Tpo" -c -o ike_delete.obj `if test -f 'sa/tasks/ike_delete.c'; then $(CYGPATH_W) 'sa/tasks/ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_delete.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_delete.Tpo" "$(DEPDIR)/ike_delete.Po"; else rm -f "$(DEPDIR)/ike_delete.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_delete.c' object='ike_delete.obj' libtool=no @AMDEPBACKSLASH@
+eap_payload.obj: encoding/payloads/eap_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.obj -MD -MP -MF "$(DEPDIR)/eap_payload.Tpo" -c -o eap_payload.obj `if test -f 'encoding/payloads/eap_payload.c'; then $(CYGPATH_W) 'encoding/payloads/eap_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/eap_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/eap_payload.Tpo" "$(DEPDIR)/eap_payload.Po"; else rm -f "$(DEPDIR)/eap_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/eap_payload.c' object='eap_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.obj `if test -f 'sa/tasks/ike_delete.c'; then $(CYGPATH_W) 'sa/tasks/ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_delete.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.obj `if test -f 'encoding/payloads/eap_payload.c'; then $(CYGPATH_W) 'encoding/payloads/eap_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/eap_payload.c'; fi`
-ike_dpd.o: sa/tasks/ike_dpd.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.o -MD -MP -MF "$(DEPDIR)/ike_dpd.Tpo" -c -o ike_dpd.o `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_dpd.Tpo" "$(DEPDIR)/ike_dpd.Po"; else rm -f "$(DEPDIR)/ike_dpd.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_dpd.c' object='ike_dpd.o' libtool=no @AMDEPBACKSLASH@
+encodings.o: encoding/payloads/encodings.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.o -MD -MP -MF "$(DEPDIR)/encodings.Tpo" -c -o encodings.o `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/encodings.Tpo" "$(DEPDIR)/encodings.Po"; else rm -f "$(DEPDIR)/encodings.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encodings.c' object='encodings.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.o `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.o `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c
-ike_dpd.obj: sa/tasks/ike_dpd.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.obj -MD -MP -MF "$(DEPDIR)/ike_dpd.Tpo" -c -o ike_dpd.obj `if test -f 'sa/tasks/ike_dpd.c'; then $(CYGPATH_W) 'sa/tasks/ike_dpd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_dpd.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_dpd.Tpo" "$(DEPDIR)/ike_dpd.Po"; else rm -f "$(DEPDIR)/ike_dpd.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_dpd.c' object='ike_dpd.obj' libtool=no @AMDEPBACKSLASH@
+encodings.obj: encoding/payloads/encodings.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.obj -MD -MP -MF "$(DEPDIR)/encodings.Tpo" -c -o encodings.obj `if test -f 'encoding/payloads/encodings.c'; then $(CYGPATH_W) 'encoding/payloads/encodings.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encodings.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/encodings.Tpo" "$(DEPDIR)/encodings.Po"; else rm -f "$(DEPDIR)/encodings.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encodings.c' object='encodings.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.obj `if test -f 'sa/tasks/ike_dpd.c'; then $(CYGPATH_W) 'sa/tasks/ike_dpd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_dpd.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.obj `if test -f 'encoding/payloads/encodings.c'; then $(CYGPATH_W) 'encoding/payloads/encodings.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encodings.c'; fi`
-child_create.o: sa/tasks/child_create.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.o -MD -MP -MF "$(DEPDIR)/child_create.Tpo" -c -o child_create.o `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_create.Tpo" "$(DEPDIR)/child_create.Po"; else rm -f "$(DEPDIR)/child_create.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_create.c' object='child_create.o' libtool=no @AMDEPBACKSLASH@
+encryption_payload.o: encoding/payloads/encryption_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.o -MD -MP -MF "$(DEPDIR)/encryption_payload.Tpo" -c -o encryption_payload.o `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/encryption_payload.Tpo" "$(DEPDIR)/encryption_payload.Po"; else rm -f "$(DEPDIR)/encryption_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encryption_payload.c' object='encryption_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.o `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.o `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c
-child_create.obj: sa/tasks/child_create.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.obj -MD -MP -MF "$(DEPDIR)/child_create.Tpo" -c -o child_create.obj `if test -f 'sa/tasks/child_create.c'; then $(CYGPATH_W) 'sa/tasks/child_create.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_create.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_create.Tpo" "$(DEPDIR)/child_create.Po"; else rm -f "$(DEPDIR)/child_create.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_create.c' object='child_create.obj' libtool=no @AMDEPBACKSLASH@
+encryption_payload.obj: encoding/payloads/encryption_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.obj -MD -MP -MF "$(DEPDIR)/encryption_payload.Tpo" -c -o encryption_payload.obj `if test -f 'encoding/payloads/encryption_payload.c'; then $(CYGPATH_W) 'encoding/payloads/encryption_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encryption_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/encryption_payload.Tpo" "$(DEPDIR)/encryption_payload.Po"; else rm -f "$(DEPDIR)/encryption_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encryption_payload.c' object='encryption_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.obj `if test -f 'sa/tasks/child_create.c'; then $(CYGPATH_W) 'sa/tasks/child_create.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_create.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.obj `if test -f 'encoding/payloads/encryption_payload.c'; then $(CYGPATH_W) 'encoding/payloads/encryption_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encryption_payload.c'; fi`
-child_delete.o: sa/tasks/child_delete.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.o -MD -MP -MF "$(DEPDIR)/child_delete.Tpo" -c -o child_delete.o `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_delete.Tpo" "$(DEPDIR)/child_delete.Po"; else rm -f "$(DEPDIR)/child_delete.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_delete.c' object='child_delete.o' libtool=no @AMDEPBACKSLASH@
+id_payload.o: encoding/payloads/id_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.o -MD -MP -MF "$(DEPDIR)/id_payload.Tpo" -c -o id_payload.o `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/id_payload.Tpo" "$(DEPDIR)/id_payload.Po"; else rm -f "$(DEPDIR)/id_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/id_payload.c' object='id_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.o `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.o `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c
-child_delete.obj: sa/tasks/child_delete.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.obj -MD -MP -MF "$(DEPDIR)/child_delete.Tpo" -c -o child_delete.obj `if test -f 'sa/tasks/child_delete.c'; then $(CYGPATH_W) 'sa/tasks/child_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_delete.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_delete.Tpo" "$(DEPDIR)/child_delete.Po"; else rm -f "$(DEPDIR)/child_delete.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_delete.c' object='child_delete.obj' libtool=no @AMDEPBACKSLASH@
+id_payload.obj: encoding/payloads/id_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.obj -MD -MP -MF "$(DEPDIR)/id_payload.Tpo" -c -o id_payload.obj `if test -f 'encoding/payloads/id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/id_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/id_payload.Tpo" "$(DEPDIR)/id_payload.Po"; else rm -f "$(DEPDIR)/id_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/id_payload.c' object='id_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.obj `if test -f 'sa/tasks/child_delete.c'; then $(CYGPATH_W) 'sa/tasks/child_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_delete.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.obj `if test -f 'encoding/payloads/id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/id_payload.c'; fi`
-child_rekey.o: sa/tasks/child_rekey.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.o -MD -MP -MF "$(DEPDIR)/child_rekey.Tpo" -c -o child_rekey.o `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_rekey.Tpo" "$(DEPDIR)/child_rekey.Po"; else rm -f "$(DEPDIR)/child_rekey.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_rekey.c' object='child_rekey.o' libtool=no @AMDEPBACKSLASH@
+ike_header.o: encoding/payloads/ike_header.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.o -MD -MP -MF "$(DEPDIR)/ike_header.Tpo" -c -o ike_header.o `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_header.Tpo" "$(DEPDIR)/ike_header.Po"; else rm -f "$(DEPDIR)/ike_header.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ike_header.c' object='ike_header.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.o `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.o `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c
-child_rekey.obj: sa/tasks/child_rekey.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.obj -MD -MP -MF "$(DEPDIR)/child_rekey.Tpo" -c -o child_rekey.obj `if test -f 'sa/tasks/child_rekey.c'; then $(CYGPATH_W) 'sa/tasks/child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_rekey.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_rekey.Tpo" "$(DEPDIR)/child_rekey.Po"; else rm -f "$(DEPDIR)/child_rekey.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_rekey.c' object='child_rekey.obj' libtool=no @AMDEPBACKSLASH@
+ike_header.obj: encoding/payloads/ike_header.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.obj -MD -MP -MF "$(DEPDIR)/ike_header.Tpo" -c -o ike_header.obj `if test -f 'encoding/payloads/ike_header.c'; then $(CYGPATH_W) 'encoding/payloads/ike_header.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ike_header.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_header.Tpo" "$(DEPDIR)/ike_header.Po"; else rm -f "$(DEPDIR)/ike_header.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ike_header.c' object='ike_header.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.obj `if test -f 'sa/tasks/child_rekey.c'; then $(CYGPATH_W) 'sa/tasks/child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_rekey.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.obj `if test -f 'encoding/payloads/ike_header.c'; then $(CYGPATH_W) 'encoding/payloads/ike_header.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ike_header.c'; fi`
-authenticator.o: sa/authenticators/authenticator.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.o -MD -MP -MF "$(DEPDIR)/authenticator.Tpo" -c -o authenticator.o `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/authenticator.Tpo" "$(DEPDIR)/authenticator.Po"; else rm -f "$(DEPDIR)/authenticator.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/authenticator.c' object='authenticator.o' libtool=no @AMDEPBACKSLASH@
+ke_payload.o: encoding/payloads/ke_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.o -MD -MP -MF "$(DEPDIR)/ke_payload.Tpo" -c -o ke_payload.o `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ke_payload.Tpo" "$(DEPDIR)/ke_payload.Po"; else rm -f "$(DEPDIR)/ke_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ke_payload.c' object='ke_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.o `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.o `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c
-authenticator.obj: sa/authenticators/authenticator.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.obj -MD -MP -MF "$(DEPDIR)/authenticator.Tpo" -c -o authenticator.obj `if test -f 'sa/authenticators/authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/authenticator.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/authenticator.Tpo" "$(DEPDIR)/authenticator.Po"; else rm -f "$(DEPDIR)/authenticator.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/authenticator.c' object='authenticator.obj' libtool=no @AMDEPBACKSLASH@
+ke_payload.obj: encoding/payloads/ke_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.obj -MD -MP -MF "$(DEPDIR)/ke_payload.Tpo" -c -o ke_payload.obj `if test -f 'encoding/payloads/ke_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ke_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ke_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ke_payload.Tpo" "$(DEPDIR)/ke_payload.Po"; else rm -f "$(DEPDIR)/ke_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ke_payload.c' object='ke_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.obj `if test -f 'sa/authenticators/authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/authenticator.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.obj `if test -f 'encoding/payloads/ke_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ke_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ke_payload.c'; fi`
-rsa_authenticator.o: sa/authenticators/rsa_authenticator.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rsa_authenticator.o -MD -MP -MF "$(DEPDIR)/rsa_authenticator.Tpo" -c -o rsa_authenticator.o `test -f 'sa/authenticators/rsa_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/rsa_authenticator.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rsa_authenticator.Tpo" "$(DEPDIR)/rsa_authenticator.Po"; else rm -f "$(DEPDIR)/rsa_authenticator.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/rsa_authenticator.c' object='rsa_authenticator.o' libtool=no @AMDEPBACKSLASH@
+nonce_payload.o: encoding/payloads/nonce_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.o -MD -MP -MF "$(DEPDIR)/nonce_payload.Tpo" -c -o nonce_payload.o `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/nonce_payload.Tpo" "$(DEPDIR)/nonce_payload.Po"; else rm -f "$(DEPDIR)/nonce_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/nonce_payload.c' object='nonce_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rsa_authenticator.o `test -f 'sa/authenticators/rsa_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/rsa_authenticator.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.o `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c
-rsa_authenticator.obj: sa/authenticators/rsa_authenticator.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rsa_authenticator.obj -MD -MP -MF "$(DEPDIR)/rsa_authenticator.Tpo" -c -o rsa_authenticator.obj `if test -f 'sa/authenticators/rsa_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/rsa_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/rsa_authenticator.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rsa_authenticator.Tpo" "$(DEPDIR)/rsa_authenticator.Po"; else rm -f "$(DEPDIR)/rsa_authenticator.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/rsa_authenticator.c' object='rsa_authenticator.obj' libtool=no @AMDEPBACKSLASH@
+nonce_payload.obj: encoding/payloads/nonce_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.obj -MD -MP -MF "$(DEPDIR)/nonce_payload.Tpo" -c -o nonce_payload.obj `if test -f 'encoding/payloads/nonce_payload.c'; then $(CYGPATH_W) 'encoding/payloads/nonce_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/nonce_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/nonce_payload.Tpo" "$(DEPDIR)/nonce_payload.Po"; else rm -f "$(DEPDIR)/nonce_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/nonce_payload.c' object='nonce_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rsa_authenticator.obj `if test -f 'sa/authenticators/rsa_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/rsa_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/rsa_authenticator.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.obj `if test -f 'encoding/payloads/nonce_payload.c'; then $(CYGPATH_W) 'encoding/payloads/nonce_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/nonce_payload.c'; fi`
-psk_authenticator.o: sa/authenticators/psk_authenticator.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.o -MD -MP -MF "$(DEPDIR)/psk_authenticator.Tpo" -c -o psk_authenticator.o `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/psk_authenticator.Tpo" "$(DEPDIR)/psk_authenticator.Po"; else rm -f "$(DEPDIR)/psk_authenticator.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.o' libtool=no @AMDEPBACKSLASH@
+notify_payload.o: encoding/payloads/notify_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.o -MD -MP -MF "$(DEPDIR)/notify_payload.Tpo" -c -o notify_payload.o `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/notify_payload.Tpo" "$(DEPDIR)/notify_payload.Po"; else rm -f "$(DEPDIR)/notify_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/notify_payload.c' object='notify_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.o `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.o `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c
-psk_authenticator.obj: sa/authenticators/psk_authenticator.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.obj -MD -MP -MF "$(DEPDIR)/psk_authenticator.Tpo" -c -o psk_authenticator.obj `if test -f 'sa/authenticators/psk_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/psk_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/psk_authenticator.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/psk_authenticator.Tpo" "$(DEPDIR)/psk_authenticator.Po"; else rm -f "$(DEPDIR)/psk_authenticator.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.obj' libtool=no @AMDEPBACKSLASH@
+notify_payload.obj: encoding/payloads/notify_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.obj -MD -MP -MF "$(DEPDIR)/notify_payload.Tpo" -c -o notify_payload.obj `if test -f 'encoding/payloads/notify_payload.c'; then $(CYGPATH_W) 'encoding/payloads/notify_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/notify_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/notify_payload.Tpo" "$(DEPDIR)/notify_payload.Po"; else rm -f "$(DEPDIR)/notify_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/notify_payload.c' object='notify_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.obj `if test -f 'sa/authenticators/psk_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/psk_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/psk_authenticator.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.obj `if test -f 'encoding/payloads/notify_payload.c'; then $(CYGPATH_W) 'encoding/payloads/notify_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/notify_payload.c'; fi`
-task_manager.o: sa/task_manager.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.o -MD -MP -MF "$(DEPDIR)/task_manager.Tpo" -c -o task_manager.o `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/task_manager.Tpo" "$(DEPDIR)/task_manager.Po"; else rm -f "$(DEPDIR)/task_manager.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/task_manager.c' object='task_manager.o' libtool=no @AMDEPBACKSLASH@
+payload.o: encoding/payloads/payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.o -MD -MP -MF "$(DEPDIR)/payload.Tpo" -c -o payload.o `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/payload.Tpo" "$(DEPDIR)/payload.Po"; else rm -f "$(DEPDIR)/payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/payload.c' object='payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.o `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.o `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c
-task_manager.obj: sa/task_manager.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.obj -MD -MP -MF "$(DEPDIR)/task_manager.Tpo" -c -o task_manager.obj `if test -f 'sa/task_manager.c'; then $(CYGPATH_W) 'sa/task_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/task_manager.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/task_manager.Tpo" "$(DEPDIR)/task_manager.Po"; else rm -f "$(DEPDIR)/task_manager.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/task_manager.c' object='task_manager.obj' libtool=no @AMDEPBACKSLASH@
+payload.obj: encoding/payloads/payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.obj -MD -MP -MF "$(DEPDIR)/payload.Tpo" -c -o payload.obj `if test -f 'encoding/payloads/payload.c'; then $(CYGPATH_W) 'encoding/payloads/payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/payload.Tpo" "$(DEPDIR)/payload.Po"; else rm -f "$(DEPDIR)/payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/payload.c' object='payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.obj `if test -f 'sa/task_manager.c'; then $(CYGPATH_W) 'sa/task_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/task_manager.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.obj `if test -f 'encoding/payloads/payload.c'; then $(CYGPATH_W) 'encoding/payloads/payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/payload.c'; fi`
-encryption_payload.o: encoding/payloads/encryption_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.o -MD -MP -MF "$(DEPDIR)/encryption_payload.Tpo" -c -o encryption_payload.o `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/encryption_payload.Tpo" "$(DEPDIR)/encryption_payload.Po"; else rm -f "$(DEPDIR)/encryption_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encryption_payload.c' object='encryption_payload.o' libtool=no @AMDEPBACKSLASH@
+proposal_substructure.o: encoding/payloads/proposal_substructure.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.o -MD -MP -MF "$(DEPDIR)/proposal_substructure.Tpo" -c -o proposal_substructure.o `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/proposal_substructure.Tpo" "$(DEPDIR)/proposal_substructure.Po"; else rm -f "$(DEPDIR)/proposal_substructure.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.o `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.o `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c
-encryption_payload.obj: encoding/payloads/encryption_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.obj -MD -MP -MF "$(DEPDIR)/encryption_payload.Tpo" -c -o encryption_payload.obj `if test -f 'encoding/payloads/encryption_payload.c'; then $(CYGPATH_W) 'encoding/payloads/encryption_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encryption_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/encryption_payload.Tpo" "$(DEPDIR)/encryption_payload.Po"; else rm -f "$(DEPDIR)/encryption_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encryption_payload.c' object='encryption_payload.obj' libtool=no @AMDEPBACKSLASH@
+proposal_substructure.obj: encoding/payloads/proposal_substructure.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.obj -MD -MP -MF "$(DEPDIR)/proposal_substructure.Tpo" -c -o proposal_substructure.obj `if test -f 'encoding/payloads/proposal_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/proposal_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/proposal_substructure.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/proposal_substructure.Tpo" "$(DEPDIR)/proposal_substructure.Po"; else rm -f "$(DEPDIR)/proposal_substructure.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.obj `if test -f 'encoding/payloads/encryption_payload.c'; then $(CYGPATH_W) 'encoding/payloads/encryption_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encryption_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.obj `if test -f 'encoding/payloads/proposal_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/proposal_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/proposal_substructure.c'; fi`
-cert_payload.o: encoding/payloads/cert_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.o -MD -MP -MF "$(DEPDIR)/cert_payload.Tpo" -c -o cert_payload.o `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/cert_payload.Tpo" "$(DEPDIR)/cert_payload.Po"; else rm -f "$(DEPDIR)/cert_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cert_payload.c' object='cert_payload.o' libtool=no @AMDEPBACKSLASH@
+sa_payload.o: encoding/payloads/sa_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.o -MD -MP -MF "$(DEPDIR)/sa_payload.Tpo" -c -o sa_payload.o `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sa_payload.Tpo" "$(DEPDIR)/sa_payload.Po"; else rm -f "$(DEPDIR)/sa_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/sa_payload.c' object='sa_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.o `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.o `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c
-cert_payload.obj: encoding/payloads/cert_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.obj -MD -MP -MF "$(DEPDIR)/cert_payload.Tpo" -c -o cert_payload.obj `if test -f 'encoding/payloads/cert_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cert_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cert_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/cert_payload.Tpo" "$(DEPDIR)/cert_payload.Po"; else rm -f "$(DEPDIR)/cert_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cert_payload.c' object='cert_payload.obj' libtool=no @AMDEPBACKSLASH@
+sa_payload.obj: encoding/payloads/sa_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.obj -MD -MP -MF "$(DEPDIR)/sa_payload.Tpo" -c -o sa_payload.obj `if test -f 'encoding/payloads/sa_payload.c'; then $(CYGPATH_W) 'encoding/payloads/sa_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/sa_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sa_payload.Tpo" "$(DEPDIR)/sa_payload.Po"; else rm -f "$(DEPDIR)/sa_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/sa_payload.c' object='sa_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.obj `if test -f 'encoding/payloads/cert_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cert_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cert_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.obj `if test -f 'encoding/payloads/sa_payload.c'; then $(CYGPATH_W) 'encoding/payloads/sa_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/sa_payload.c'; fi`
traffic_selector_substructure.o: encoding/payloads/traffic_selector_substructure.c
@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector_substructure.o -MD -MP -MF "$(DEPDIR)/traffic_selector_substructure.Tpo" -c -o traffic_selector_substructure.o `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c; \
@@ -1075,20 +1190,6 @@ transform_attribute.obj: encoding/payloads/transform_attribute.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_attribute.obj `if test -f 'encoding/payloads/transform_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/transform_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_attribute.c'; fi`
-configuration_attribute.o: encoding/payloads/configuration_attribute.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.o -MD -MP -MF "$(DEPDIR)/configuration_attribute.Tpo" -c -o configuration_attribute.o `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/configuration_attribute.Tpo" "$(DEPDIR)/configuration_attribute.Po"; else rm -f "$(DEPDIR)/configuration_attribute.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.o `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c
-
-configuration_attribute.obj: encoding/payloads/configuration_attribute.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.obj -MD -MP -MF "$(DEPDIR)/configuration_attribute.Tpo" -c -o configuration_attribute.obj `if test -f 'encoding/payloads/configuration_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/configuration_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/configuration_attribute.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/configuration_attribute.Tpo" "$(DEPDIR)/configuration_attribute.Po"; else rm -f "$(DEPDIR)/configuration_attribute.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.obj `if test -f 'encoding/payloads/configuration_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/configuration_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/configuration_attribute.c'; fi`
-
transform_substructure.o: encoding/payloads/transform_substructure.c
@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_substructure.o -MD -MP -MF "$(DEPDIR)/transform_substructure.Tpo" -c -o transform_substructure.o `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c; \
@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/transform_substructure.Tpo" "$(DEPDIR)/transform_substructure.Po"; else rm -f "$(DEPDIR)/transform_substructure.Tpo"; exit 1; fi
@@ -1103,593 +1204,621 @@ transform_substructure.obj: encoding/payloads/transform_substructure.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_substructure.obj `if test -f 'encoding/payloads/transform_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/transform_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_substructure.c'; fi`
-auth_payload.o: encoding/payloads/auth_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.o -MD -MP -MF "$(DEPDIR)/auth_payload.Tpo" -c -o auth_payload.o `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/auth_payload.Tpo" "$(DEPDIR)/auth_payload.Po"; else rm -f "$(DEPDIR)/auth_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/auth_payload.c' object='auth_payload.o' libtool=no @AMDEPBACKSLASH@
+ts_payload.o: encoding/payloads/ts_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.o -MD -MP -MF "$(DEPDIR)/ts_payload.Tpo" -c -o ts_payload.o `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ts_payload.Tpo" "$(DEPDIR)/ts_payload.Po"; else rm -f "$(DEPDIR)/ts_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ts_payload.c' object='ts_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.o `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.o `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c
-auth_payload.obj: encoding/payloads/auth_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.obj -MD -MP -MF "$(DEPDIR)/auth_payload.Tpo" -c -o auth_payload.obj `if test -f 'encoding/payloads/auth_payload.c'; then $(CYGPATH_W) 'encoding/payloads/auth_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/auth_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/auth_payload.Tpo" "$(DEPDIR)/auth_payload.Po"; else rm -f "$(DEPDIR)/auth_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/auth_payload.c' object='auth_payload.obj' libtool=no @AMDEPBACKSLASH@
+ts_payload.obj: encoding/payloads/ts_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.obj -MD -MP -MF "$(DEPDIR)/ts_payload.Tpo" -c -o ts_payload.obj `if test -f 'encoding/payloads/ts_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ts_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ts_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ts_payload.Tpo" "$(DEPDIR)/ts_payload.Po"; else rm -f "$(DEPDIR)/ts_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ts_payload.c' object='ts_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.obj `if test -f 'encoding/payloads/auth_payload.c'; then $(CYGPATH_W) 'encoding/payloads/auth_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/auth_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.obj `if test -f 'encoding/payloads/ts_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ts_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ts_payload.c'; fi`
-ike_header.o: encoding/payloads/ike_header.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.o -MD -MP -MF "$(DEPDIR)/ike_header.Tpo" -c -o ike_header.o `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_header.Tpo" "$(DEPDIR)/ike_header.Po"; else rm -f "$(DEPDIR)/ike_header.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ike_header.c' object='ike_header.o' libtool=no @AMDEPBACKSLASH@
+unknown_payload.o: encoding/payloads/unknown_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.o -MD -MP -MF "$(DEPDIR)/unknown_payload.Tpo" -c -o unknown_payload.o `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/unknown_payload.Tpo" "$(DEPDIR)/unknown_payload.Po"; else rm -f "$(DEPDIR)/unknown_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/unknown_payload.c' object='unknown_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.o `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.o `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c
-ike_header.obj: encoding/payloads/ike_header.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.obj -MD -MP -MF "$(DEPDIR)/ike_header.Tpo" -c -o ike_header.obj `if test -f 'encoding/payloads/ike_header.c'; then $(CYGPATH_W) 'encoding/payloads/ike_header.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ike_header.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_header.Tpo" "$(DEPDIR)/ike_header.Po"; else rm -f "$(DEPDIR)/ike_header.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ike_header.c' object='ike_header.obj' libtool=no @AMDEPBACKSLASH@
+unknown_payload.obj: encoding/payloads/unknown_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.obj -MD -MP -MF "$(DEPDIR)/unknown_payload.Tpo" -c -o unknown_payload.obj `if test -f 'encoding/payloads/unknown_payload.c'; then $(CYGPATH_W) 'encoding/payloads/unknown_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/unknown_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/unknown_payload.Tpo" "$(DEPDIR)/unknown_payload.Po"; else rm -f "$(DEPDIR)/unknown_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/unknown_payload.c' object='unknown_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.obj `if test -f 'encoding/payloads/ike_header.c'; then $(CYGPATH_W) 'encoding/payloads/ike_header.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ike_header.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.obj `if test -f 'encoding/payloads/unknown_payload.c'; then $(CYGPATH_W) 'encoding/payloads/unknown_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/unknown_payload.c'; fi`
-nonce_payload.o: encoding/payloads/nonce_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.o -MD -MP -MF "$(DEPDIR)/nonce_payload.Tpo" -c -o nonce_payload.o `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/nonce_payload.Tpo" "$(DEPDIR)/nonce_payload.Po"; else rm -f "$(DEPDIR)/nonce_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/nonce_payload.c' object='nonce_payload.o' libtool=no @AMDEPBACKSLASH@
+vendor_id_payload.o: encoding/payloads/vendor_id_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.o -MD -MP -MF "$(DEPDIR)/vendor_id_payload.Tpo" -c -o vendor_id_payload.o `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/vendor_id_payload.Tpo" "$(DEPDIR)/vendor_id_payload.Po"; else rm -f "$(DEPDIR)/vendor_id_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.o `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.o `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c
-nonce_payload.obj: encoding/payloads/nonce_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.obj -MD -MP -MF "$(DEPDIR)/nonce_payload.Tpo" -c -o nonce_payload.obj `if test -f 'encoding/payloads/nonce_payload.c'; then $(CYGPATH_W) 'encoding/payloads/nonce_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/nonce_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/nonce_payload.Tpo" "$(DEPDIR)/nonce_payload.Po"; else rm -f "$(DEPDIR)/nonce_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/nonce_payload.c' object='nonce_payload.obj' libtool=no @AMDEPBACKSLASH@
+vendor_id_payload.obj: encoding/payloads/vendor_id_payload.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.obj -MD -MP -MF "$(DEPDIR)/vendor_id_payload.Tpo" -c -o vendor_id_payload.obj `if test -f 'encoding/payloads/vendor_id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/vendor_id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/vendor_id_payload.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/vendor_id_payload.Tpo" "$(DEPDIR)/vendor_id_payload.Po"; else rm -f "$(DEPDIR)/vendor_id_payload.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.obj `if test -f 'encoding/payloads/nonce_payload.c'; then $(CYGPATH_W) 'encoding/payloads/nonce_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/nonce_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.obj `if test -f 'encoding/payloads/vendor_id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/vendor_id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/vendor_id_payload.c'; fi`
-eap_payload.o: encoding/payloads/eap_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.o -MD -MP -MF "$(DEPDIR)/eap_payload.Tpo" -c -o eap_payload.o `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/eap_payload.Tpo" "$(DEPDIR)/eap_payload.Po"; else rm -f "$(DEPDIR)/eap_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/eap_payload.c' object='eap_payload.o' libtool=no @AMDEPBACKSLASH@
+kernel_interface.o: kernel/kernel_interface.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.o -MD -MP -MF "$(DEPDIR)/kernel_interface.Tpo" -c -o kernel_interface.o `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/kernel_interface.Tpo" "$(DEPDIR)/kernel_interface.Po"; else rm -f "$(DEPDIR)/kernel_interface.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_interface.c' object='kernel_interface.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.o `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.o `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c
-eap_payload.obj: encoding/payloads/eap_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.obj -MD -MP -MF "$(DEPDIR)/eap_payload.Tpo" -c -o eap_payload.obj `if test -f 'encoding/payloads/eap_payload.c'; then $(CYGPATH_W) 'encoding/payloads/eap_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/eap_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/eap_payload.Tpo" "$(DEPDIR)/eap_payload.Po"; else rm -f "$(DEPDIR)/eap_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/eap_payload.c' object='eap_payload.obj' libtool=no @AMDEPBACKSLASH@
+kernel_interface.obj: kernel/kernel_interface.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.obj -MD -MP -MF "$(DEPDIR)/kernel_interface.Tpo" -c -o kernel_interface.obj `if test -f 'kernel/kernel_interface.c'; then $(CYGPATH_W) 'kernel/kernel_interface.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_interface.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/kernel_interface.Tpo" "$(DEPDIR)/kernel_interface.Po"; else rm -f "$(DEPDIR)/kernel_interface.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_interface.c' object='kernel_interface.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.obj `if test -f 'encoding/payloads/eap_payload.c'; then $(CYGPATH_W) 'encoding/payloads/eap_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/eap_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.obj `if test -f 'kernel/kernel_interface.c'; then $(CYGPATH_W) 'kernel/kernel_interface.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_interface.c'; fi`
-ts_payload.o: encoding/payloads/ts_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.o -MD -MP -MF "$(DEPDIR)/ts_payload.Tpo" -c -o ts_payload.o `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ts_payload.Tpo" "$(DEPDIR)/ts_payload.Po"; else rm -f "$(DEPDIR)/ts_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ts_payload.c' object='ts_payload.o' libtool=no @AMDEPBACKSLASH@
+packet.o: network/packet.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.o -MD -MP -MF "$(DEPDIR)/packet.Tpo" -c -o packet.o `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/packet.Tpo" "$(DEPDIR)/packet.Po"; else rm -f "$(DEPDIR)/packet.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/packet.c' object='packet.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.o `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.o `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c
-ts_payload.obj: encoding/payloads/ts_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.obj -MD -MP -MF "$(DEPDIR)/ts_payload.Tpo" -c -o ts_payload.obj `if test -f 'encoding/payloads/ts_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ts_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ts_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ts_payload.Tpo" "$(DEPDIR)/ts_payload.Po"; else rm -f "$(DEPDIR)/ts_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ts_payload.c' object='ts_payload.obj' libtool=no @AMDEPBACKSLASH@
+packet.obj: network/packet.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.obj -MD -MP -MF "$(DEPDIR)/packet.Tpo" -c -o packet.obj `if test -f 'network/packet.c'; then $(CYGPATH_W) 'network/packet.c'; else $(CYGPATH_W) '$(srcdir)/network/packet.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/packet.Tpo" "$(DEPDIR)/packet.Po"; else rm -f "$(DEPDIR)/packet.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/packet.c' object='packet.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.obj `if test -f 'encoding/payloads/ts_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ts_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ts_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.obj `if test -f 'network/packet.c'; then $(CYGPATH_W) 'network/packet.c'; else $(CYGPATH_W) '$(srcdir)/network/packet.c'; fi`
-notify_payload.o: encoding/payloads/notify_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.o -MD -MP -MF "$(DEPDIR)/notify_payload.Tpo" -c -o notify_payload.o `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/notify_payload.Tpo" "$(DEPDIR)/notify_payload.Po"; else rm -f "$(DEPDIR)/notify_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/notify_payload.c' object='notify_payload.o' libtool=no @AMDEPBACKSLASH@
+receiver.o: network/receiver.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.o -MD -MP -MF "$(DEPDIR)/receiver.Tpo" -c -o receiver.o `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/receiver.Tpo" "$(DEPDIR)/receiver.Po"; else rm -f "$(DEPDIR)/receiver.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/receiver.c' object='receiver.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.o `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.o `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c
-notify_payload.obj: encoding/payloads/notify_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.obj -MD -MP -MF "$(DEPDIR)/notify_payload.Tpo" -c -o notify_payload.obj `if test -f 'encoding/payloads/notify_payload.c'; then $(CYGPATH_W) 'encoding/payloads/notify_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/notify_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/notify_payload.Tpo" "$(DEPDIR)/notify_payload.Po"; else rm -f "$(DEPDIR)/notify_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/notify_payload.c' object='notify_payload.obj' libtool=no @AMDEPBACKSLASH@
+receiver.obj: network/receiver.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.obj -MD -MP -MF "$(DEPDIR)/receiver.Tpo" -c -o receiver.obj `if test -f 'network/receiver.c'; then $(CYGPATH_W) 'network/receiver.c'; else $(CYGPATH_W) '$(srcdir)/network/receiver.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/receiver.Tpo" "$(DEPDIR)/receiver.Po"; else rm -f "$(DEPDIR)/receiver.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/receiver.c' object='receiver.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.obj `if test -f 'encoding/payloads/notify_payload.c'; then $(CYGPATH_W) 'encoding/payloads/notify_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/notify_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.obj `if test -f 'network/receiver.c'; then $(CYGPATH_W) 'network/receiver.c'; else $(CYGPATH_W) '$(srcdir)/network/receiver.c'; fi`
-id_payload.o: encoding/payloads/id_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.o -MD -MP -MF "$(DEPDIR)/id_payload.Tpo" -c -o id_payload.o `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/id_payload.Tpo" "$(DEPDIR)/id_payload.Po"; else rm -f "$(DEPDIR)/id_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/id_payload.c' object='id_payload.o' libtool=no @AMDEPBACKSLASH@
+sender.o: network/sender.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.o -MD -MP -MF "$(DEPDIR)/sender.Tpo" -c -o sender.o `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sender.Tpo" "$(DEPDIR)/sender.Po"; else rm -f "$(DEPDIR)/sender.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/sender.c' object='sender.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.o `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.o `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c
-id_payload.obj: encoding/payloads/id_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.obj -MD -MP -MF "$(DEPDIR)/id_payload.Tpo" -c -o id_payload.obj `if test -f 'encoding/payloads/id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/id_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/id_payload.Tpo" "$(DEPDIR)/id_payload.Po"; else rm -f "$(DEPDIR)/id_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/id_payload.c' object='id_payload.obj' libtool=no @AMDEPBACKSLASH@
+sender.obj: network/sender.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.obj -MD -MP -MF "$(DEPDIR)/sender.Tpo" -c -o sender.obj `if test -f 'network/sender.c'; then $(CYGPATH_W) 'network/sender.c'; else $(CYGPATH_W) '$(srcdir)/network/sender.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sender.Tpo" "$(DEPDIR)/sender.Po"; else rm -f "$(DEPDIR)/sender.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/sender.c' object='sender.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.obj `if test -f 'encoding/payloads/id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/id_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.obj `if test -f 'network/sender.c'; then $(CYGPATH_W) 'network/sender.c'; else $(CYGPATH_W) '$(srcdir)/network/sender.c'; fi`
-ke_payload.o: encoding/payloads/ke_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.o -MD -MP -MF "$(DEPDIR)/ke_payload.Tpo" -c -o ke_payload.o `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ke_payload.Tpo" "$(DEPDIR)/ke_payload.Po"; else rm -f "$(DEPDIR)/ke_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ke_payload.c' object='ke_payload.o' libtool=no @AMDEPBACKSLASH@
+socket.o: network/socket.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket.o -MD -MP -MF "$(DEPDIR)/socket.Tpo" -c -o socket.o `test -f 'network/socket.c' || echo '$(srcdir)/'`network/socket.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/socket.Tpo" "$(DEPDIR)/socket.Po"; else rm -f "$(DEPDIR)/socket.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket.c' object='socket.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.o `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket.o `test -f 'network/socket.c' || echo '$(srcdir)/'`network/socket.c
-ke_payload.obj: encoding/payloads/ke_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.obj -MD -MP -MF "$(DEPDIR)/ke_payload.Tpo" -c -o ke_payload.obj `if test -f 'encoding/payloads/ke_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ke_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ke_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ke_payload.Tpo" "$(DEPDIR)/ke_payload.Po"; else rm -f "$(DEPDIR)/ke_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ke_payload.c' object='ke_payload.obj' libtool=no @AMDEPBACKSLASH@
+socket.obj: network/socket.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket.obj -MD -MP -MF "$(DEPDIR)/socket.Tpo" -c -o socket.obj `if test -f 'network/socket.c'; then $(CYGPATH_W) 'network/socket.c'; else $(CYGPATH_W) '$(srcdir)/network/socket.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/socket.Tpo" "$(DEPDIR)/socket.Po"; else rm -f "$(DEPDIR)/socket.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket.c' object='socket.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.obj `if test -f 'encoding/payloads/ke_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ke_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ke_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket.obj `if test -f 'network/socket.c'; then $(CYGPATH_W) 'network/socket.c'; else $(CYGPATH_W) '$(srcdir)/network/socket.c'; fi`
-unknown_payload.o: encoding/payloads/unknown_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.o -MD -MP -MF "$(DEPDIR)/unknown_payload.Tpo" -c -o unknown_payload.o `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/unknown_payload.Tpo" "$(DEPDIR)/unknown_payload.Po"; else rm -f "$(DEPDIR)/unknown_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/unknown_payload.c' object='unknown_payload.o' libtool=no @AMDEPBACKSLASH@
+event_queue.o: processing/event_queue.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT event_queue.o -MD -MP -MF "$(DEPDIR)/event_queue.Tpo" -c -o event_queue.o `test -f 'processing/event_queue.c' || echo '$(srcdir)/'`processing/event_queue.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/event_queue.Tpo" "$(DEPDIR)/event_queue.Po"; else rm -f "$(DEPDIR)/event_queue.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/event_queue.c' object='event_queue.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.o `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o event_queue.o `test -f 'processing/event_queue.c' || echo '$(srcdir)/'`processing/event_queue.c
-unknown_payload.obj: encoding/payloads/unknown_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.obj -MD -MP -MF "$(DEPDIR)/unknown_payload.Tpo" -c -o unknown_payload.obj `if test -f 'encoding/payloads/unknown_payload.c'; then $(CYGPATH_W) 'encoding/payloads/unknown_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/unknown_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/unknown_payload.Tpo" "$(DEPDIR)/unknown_payload.Po"; else rm -f "$(DEPDIR)/unknown_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/unknown_payload.c' object='unknown_payload.obj' libtool=no @AMDEPBACKSLASH@
+event_queue.obj: processing/event_queue.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT event_queue.obj -MD -MP -MF "$(DEPDIR)/event_queue.Tpo" -c -o event_queue.obj `if test -f 'processing/event_queue.c'; then $(CYGPATH_W) 'processing/event_queue.c'; else $(CYGPATH_W) '$(srcdir)/processing/event_queue.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/event_queue.Tpo" "$(DEPDIR)/event_queue.Po"; else rm -f "$(DEPDIR)/event_queue.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/event_queue.c' object='event_queue.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.obj `if test -f 'encoding/payloads/unknown_payload.c'; then $(CYGPATH_W) 'encoding/payloads/unknown_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/unknown_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o event_queue.obj `if test -f 'processing/event_queue.c'; then $(CYGPATH_W) 'processing/event_queue.c'; else $(CYGPATH_W) '$(srcdir)/processing/event_queue.c'; fi`
-encodings.o: encoding/payloads/encodings.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.o -MD -MP -MF "$(DEPDIR)/encodings.Tpo" -c -o encodings.o `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/encodings.Tpo" "$(DEPDIR)/encodings.Po"; else rm -f "$(DEPDIR)/encodings.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encodings.c' object='encodings.o' libtool=no @AMDEPBACKSLASH@
+job_queue.o: processing/job_queue.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT job_queue.o -MD -MP -MF "$(DEPDIR)/job_queue.Tpo" -c -o job_queue.o `test -f 'processing/job_queue.c' || echo '$(srcdir)/'`processing/job_queue.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/job_queue.Tpo" "$(DEPDIR)/job_queue.Po"; else rm -f "$(DEPDIR)/job_queue.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/job_queue.c' object='job_queue.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.o `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o job_queue.o `test -f 'processing/job_queue.c' || echo '$(srcdir)/'`processing/job_queue.c
-encodings.obj: encoding/payloads/encodings.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.obj -MD -MP -MF "$(DEPDIR)/encodings.Tpo" -c -o encodings.obj `if test -f 'encoding/payloads/encodings.c'; then $(CYGPATH_W) 'encoding/payloads/encodings.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encodings.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/encodings.Tpo" "$(DEPDIR)/encodings.Po"; else rm -f "$(DEPDIR)/encodings.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encodings.c' object='encodings.obj' libtool=no @AMDEPBACKSLASH@
+job_queue.obj: processing/job_queue.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT job_queue.obj -MD -MP -MF "$(DEPDIR)/job_queue.Tpo" -c -o job_queue.obj `if test -f 'processing/job_queue.c'; then $(CYGPATH_W) 'processing/job_queue.c'; else $(CYGPATH_W) '$(srcdir)/processing/job_queue.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/job_queue.Tpo" "$(DEPDIR)/job_queue.Po"; else rm -f "$(DEPDIR)/job_queue.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/job_queue.c' object='job_queue.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.obj `if test -f 'encoding/payloads/encodings.c'; then $(CYGPATH_W) 'encoding/payloads/encodings.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encodings.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o job_queue.obj `if test -f 'processing/job_queue.c'; then $(CYGPATH_W) 'processing/job_queue.c'; else $(CYGPATH_W) '$(srcdir)/processing/job_queue.c'; fi`
-cp_payload.o: encoding/payloads/cp_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.o -MD -MP -MF "$(DEPDIR)/cp_payload.Tpo" -c -o cp_payload.o `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/cp_payload.Tpo" "$(DEPDIR)/cp_payload.Po"; else rm -f "$(DEPDIR)/cp_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cp_payload.c' object='cp_payload.o' libtool=no @AMDEPBACKSLASH@
+acquire_job.o: processing/jobs/acquire_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.o -MD -MP -MF "$(DEPDIR)/acquire_job.Tpo" -c -o acquire_job.o `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/acquire_job.Tpo" "$(DEPDIR)/acquire_job.Po"; else rm -f "$(DEPDIR)/acquire_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/acquire_job.c' object='acquire_job.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.o `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.o `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c
-cp_payload.obj: encoding/payloads/cp_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.obj -MD -MP -MF "$(DEPDIR)/cp_payload.Tpo" -c -o cp_payload.obj `if test -f 'encoding/payloads/cp_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cp_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cp_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/cp_payload.Tpo" "$(DEPDIR)/cp_payload.Po"; else rm -f "$(DEPDIR)/cp_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cp_payload.c' object='cp_payload.obj' libtool=no @AMDEPBACKSLASH@
+acquire_job.obj: processing/jobs/acquire_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.obj -MD -MP -MF "$(DEPDIR)/acquire_job.Tpo" -c -o acquire_job.obj `if test -f 'processing/jobs/acquire_job.c'; then $(CYGPATH_W) 'processing/jobs/acquire_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/acquire_job.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/acquire_job.Tpo" "$(DEPDIR)/acquire_job.Po"; else rm -f "$(DEPDIR)/acquire_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/acquire_job.c' object='acquire_job.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.obj `if test -f 'encoding/payloads/cp_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cp_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cp_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.obj `if test -f 'processing/jobs/acquire_job.c'; then $(CYGPATH_W) 'processing/jobs/acquire_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/acquire_job.c'; fi`
-delete_payload.o: encoding/payloads/delete_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.o -MD -MP -MF "$(DEPDIR)/delete_payload.Tpo" -c -o delete_payload.o `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/delete_payload.Tpo" "$(DEPDIR)/delete_payload.Po"; else rm -f "$(DEPDIR)/delete_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/delete_payload.c' object='delete_payload.o' libtool=no @AMDEPBACKSLASH@
+delete_child_sa_job.o: processing/jobs/delete_child_sa_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.o -MD -MP -MF "$(DEPDIR)/delete_child_sa_job.Tpo" -c -o delete_child_sa_job.o `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/delete_child_sa_job.Tpo" "$(DEPDIR)/delete_child_sa_job.Po"; else rm -f "$(DEPDIR)/delete_child_sa_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_child_sa_job.c' object='delete_child_sa_job.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.o `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.o `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c
-delete_payload.obj: encoding/payloads/delete_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.obj -MD -MP -MF "$(DEPDIR)/delete_payload.Tpo" -c -o delete_payload.obj `if test -f 'encoding/payloads/delete_payload.c'; then $(CYGPATH_W) 'encoding/payloads/delete_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/delete_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/delete_payload.Tpo" "$(DEPDIR)/delete_payload.Po"; else rm -f "$(DEPDIR)/delete_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/delete_payload.c' object='delete_payload.obj' libtool=no @AMDEPBACKSLASH@
+delete_child_sa_job.obj: processing/jobs/delete_child_sa_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.obj -MD -MP -MF "$(DEPDIR)/delete_child_sa_job.Tpo" -c -o delete_child_sa_job.obj `if test -f 'processing/jobs/delete_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_child_sa_job.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/delete_child_sa_job.Tpo" "$(DEPDIR)/delete_child_sa_job.Po"; else rm -f "$(DEPDIR)/delete_child_sa_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_child_sa_job.c' object='delete_child_sa_job.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.obj `if test -f 'encoding/payloads/delete_payload.c'; then $(CYGPATH_W) 'encoding/payloads/delete_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/delete_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.obj `if test -f 'processing/jobs/delete_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_child_sa_job.c'; fi`
-sa_payload.o: encoding/payloads/sa_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.o -MD -MP -MF "$(DEPDIR)/sa_payload.Tpo" -c -o sa_payload.o `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sa_payload.Tpo" "$(DEPDIR)/sa_payload.Po"; else rm -f "$(DEPDIR)/sa_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/sa_payload.c' object='sa_payload.o' libtool=no @AMDEPBACKSLASH@
+delete_ike_sa_job.o: processing/jobs/delete_ike_sa_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.o -MD -MP -MF "$(DEPDIR)/delete_ike_sa_job.Tpo" -c -o delete_ike_sa_job.o `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/delete_ike_sa_job.Tpo" "$(DEPDIR)/delete_ike_sa_job.Po"; else rm -f "$(DEPDIR)/delete_ike_sa_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.o `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.o `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c
-sa_payload.obj: encoding/payloads/sa_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.obj -MD -MP -MF "$(DEPDIR)/sa_payload.Tpo" -c -o sa_payload.obj `if test -f 'encoding/payloads/sa_payload.c'; then $(CYGPATH_W) 'encoding/payloads/sa_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/sa_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sa_payload.Tpo" "$(DEPDIR)/sa_payload.Po"; else rm -f "$(DEPDIR)/sa_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/sa_payload.c' object='sa_payload.obj' libtool=no @AMDEPBACKSLASH@
+delete_ike_sa_job.obj: processing/jobs/delete_ike_sa_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.obj -MD -MP -MF "$(DEPDIR)/delete_ike_sa_job.Tpo" -c -o delete_ike_sa_job.obj `if test -f 'processing/jobs/delete_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_ike_sa_job.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/delete_ike_sa_job.Tpo" "$(DEPDIR)/delete_ike_sa_job.Po"; else rm -f "$(DEPDIR)/delete_ike_sa_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.obj `if test -f 'encoding/payloads/sa_payload.c'; then $(CYGPATH_W) 'encoding/payloads/sa_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/sa_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.obj `if test -f 'processing/jobs/delete_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_ike_sa_job.c'; fi`
-certreq_payload.o: encoding/payloads/certreq_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.o -MD -MP -MF "$(DEPDIR)/certreq_payload.Tpo" -c -o certreq_payload.o `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/certreq_payload.Tpo" "$(DEPDIR)/certreq_payload.Po"; else rm -f "$(DEPDIR)/certreq_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/certreq_payload.c' object='certreq_payload.o' libtool=no @AMDEPBACKSLASH@
+job.o: processing/jobs/job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT job.o -MD -MP -MF "$(DEPDIR)/job.Tpo" -c -o job.o `test -f 'processing/jobs/job.c' || echo '$(srcdir)/'`processing/jobs/job.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/job.Tpo" "$(DEPDIR)/job.Po"; else rm -f "$(DEPDIR)/job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/job.c' object='job.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.o `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o job.o `test -f 'processing/jobs/job.c' || echo '$(srcdir)/'`processing/jobs/job.c
-certreq_payload.obj: encoding/payloads/certreq_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.obj -MD -MP -MF "$(DEPDIR)/certreq_payload.Tpo" -c -o certreq_payload.obj `if test -f 'encoding/payloads/certreq_payload.c'; then $(CYGPATH_W) 'encoding/payloads/certreq_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/certreq_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/certreq_payload.Tpo" "$(DEPDIR)/certreq_payload.Po"; else rm -f "$(DEPDIR)/certreq_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/certreq_payload.c' object='certreq_payload.obj' libtool=no @AMDEPBACKSLASH@
+job.obj: processing/jobs/job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT job.obj -MD -MP -MF "$(DEPDIR)/job.Tpo" -c -o job.obj `if test -f 'processing/jobs/job.c'; then $(CYGPATH_W) 'processing/jobs/job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/job.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/job.Tpo" "$(DEPDIR)/job.Po"; else rm -f "$(DEPDIR)/job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/job.c' object='job.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.obj `if test -f 'encoding/payloads/certreq_payload.c'; then $(CYGPATH_W) 'encoding/payloads/certreq_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/certreq_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o job.obj `if test -f 'processing/jobs/job.c'; then $(CYGPATH_W) 'processing/jobs/job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/job.c'; fi`
-vendor_id_payload.o: encoding/payloads/vendor_id_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.o -MD -MP -MF "$(DEPDIR)/vendor_id_payload.Tpo" -c -o vendor_id_payload.o `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/vendor_id_payload.Tpo" "$(DEPDIR)/vendor_id_payload.Po"; else rm -f "$(DEPDIR)/vendor_id_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.o' libtool=no @AMDEPBACKSLASH@
+process_message_job.o: processing/jobs/process_message_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.o -MD -MP -MF "$(DEPDIR)/process_message_job.Tpo" -c -o process_message_job.o `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/process_message_job.Tpo" "$(DEPDIR)/process_message_job.Po"; else rm -f "$(DEPDIR)/process_message_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/process_message_job.c' object='process_message_job.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.o `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.o `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c
-vendor_id_payload.obj: encoding/payloads/vendor_id_payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.obj -MD -MP -MF "$(DEPDIR)/vendor_id_payload.Tpo" -c -o vendor_id_payload.obj `if test -f 'encoding/payloads/vendor_id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/vendor_id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/vendor_id_payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/vendor_id_payload.Tpo" "$(DEPDIR)/vendor_id_payload.Po"; else rm -f "$(DEPDIR)/vendor_id_payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.obj' libtool=no @AMDEPBACKSLASH@
+process_message_job.obj: processing/jobs/process_message_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.obj -MD -MP -MF "$(DEPDIR)/process_message_job.Tpo" -c -o process_message_job.obj `if test -f 'processing/jobs/process_message_job.c'; then $(CYGPATH_W) 'processing/jobs/process_message_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/process_message_job.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/process_message_job.Tpo" "$(DEPDIR)/process_message_job.Po"; else rm -f "$(DEPDIR)/process_message_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/process_message_job.c' object='process_message_job.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.obj `if test -f 'encoding/payloads/vendor_id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/vendor_id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/vendor_id_payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.obj `if test -f 'processing/jobs/process_message_job.c'; then $(CYGPATH_W) 'processing/jobs/process_message_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/process_message_job.c'; fi`
-proposal_substructure.o: encoding/payloads/proposal_substructure.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.o -MD -MP -MF "$(DEPDIR)/proposal_substructure.Tpo" -c -o proposal_substructure.o `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/proposal_substructure.Tpo" "$(DEPDIR)/proposal_substructure.Po"; else rm -f "$(DEPDIR)/proposal_substructure.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.o' libtool=no @AMDEPBACKSLASH@
+rekey_child_sa_job.o: processing/jobs/rekey_child_sa_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.o -MD -MP -MF "$(DEPDIR)/rekey_child_sa_job.Tpo" -c -o rekey_child_sa_job.o `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rekey_child_sa_job.Tpo" "$(DEPDIR)/rekey_child_sa_job.Po"; else rm -f "$(DEPDIR)/rekey_child_sa_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.o `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.o `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c
-proposal_substructure.obj: encoding/payloads/proposal_substructure.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.obj -MD -MP -MF "$(DEPDIR)/proposal_substructure.Tpo" -c -o proposal_substructure.obj `if test -f 'encoding/payloads/proposal_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/proposal_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/proposal_substructure.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/proposal_substructure.Tpo" "$(DEPDIR)/proposal_substructure.Po"; else rm -f "$(DEPDIR)/proposal_substructure.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.obj' libtool=no @AMDEPBACKSLASH@
+rekey_child_sa_job.obj: processing/jobs/rekey_child_sa_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.obj -MD -MP -MF "$(DEPDIR)/rekey_child_sa_job.Tpo" -c -o rekey_child_sa_job.obj `if test -f 'processing/jobs/rekey_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_child_sa_job.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rekey_child_sa_job.Tpo" "$(DEPDIR)/rekey_child_sa_job.Po"; else rm -f "$(DEPDIR)/rekey_child_sa_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.obj `if test -f 'encoding/payloads/proposal_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/proposal_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/proposal_substructure.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.obj `if test -f 'processing/jobs/rekey_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_child_sa_job.c'; fi`
-payload.o: encoding/payloads/payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.o -MD -MP -MF "$(DEPDIR)/payload.Tpo" -c -o payload.o `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/payload.Tpo" "$(DEPDIR)/payload.Po"; else rm -f "$(DEPDIR)/payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/payload.c' object='payload.o' libtool=no @AMDEPBACKSLASH@
+rekey_ike_sa_job.o: processing/jobs/rekey_ike_sa_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.o -MD -MP -MF "$(DEPDIR)/rekey_ike_sa_job.Tpo" -c -o rekey_ike_sa_job.o `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rekey_ike_sa_job.Tpo" "$(DEPDIR)/rekey_ike_sa_job.Po"; else rm -f "$(DEPDIR)/rekey_ike_sa_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.o `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.o `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c
-payload.obj: encoding/payloads/payload.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.obj -MD -MP -MF "$(DEPDIR)/payload.Tpo" -c -o payload.obj `if test -f 'encoding/payloads/payload.c'; then $(CYGPATH_W) 'encoding/payloads/payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/payload.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/payload.Tpo" "$(DEPDIR)/payload.Po"; else rm -f "$(DEPDIR)/payload.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/payload.c' object='payload.obj' libtool=no @AMDEPBACKSLASH@
+rekey_ike_sa_job.obj: processing/jobs/rekey_ike_sa_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.obj -MD -MP -MF "$(DEPDIR)/rekey_ike_sa_job.Tpo" -c -o rekey_ike_sa_job.obj `if test -f 'processing/jobs/rekey_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_ike_sa_job.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rekey_ike_sa_job.Tpo" "$(DEPDIR)/rekey_ike_sa_job.Po"; else rm -f "$(DEPDIR)/rekey_ike_sa_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.obj `if test -f 'encoding/payloads/payload.c'; then $(CYGPATH_W) 'encoding/payloads/payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/payload.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.obj `if test -f 'processing/jobs/rekey_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_ike_sa_job.c'; fi`
-message.o: encoding/message.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.o -MD -MP -MF "$(DEPDIR)/message.Tpo" -c -o message.o `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/message.Tpo" "$(DEPDIR)/message.Po"; else rm -f "$(DEPDIR)/message.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/message.c' object='message.o' libtool=no @AMDEPBACKSLASH@
+retransmit_job.o: processing/jobs/retransmit_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.o -MD -MP -MF "$(DEPDIR)/retransmit_job.Tpo" -c -o retransmit_job.o `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/retransmit_job.Tpo" "$(DEPDIR)/retransmit_job.Po"; else rm -f "$(DEPDIR)/retransmit_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/retransmit_job.c' object='retransmit_job.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.o `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.o `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c
-message.obj: encoding/message.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.obj -MD -MP -MF "$(DEPDIR)/message.Tpo" -c -o message.obj `if test -f 'encoding/message.c'; then $(CYGPATH_W) 'encoding/message.c'; else $(CYGPATH_W) '$(srcdir)/encoding/message.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/message.Tpo" "$(DEPDIR)/message.Po"; else rm -f "$(DEPDIR)/message.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/message.c' object='message.obj' libtool=no @AMDEPBACKSLASH@
+retransmit_job.obj: processing/jobs/retransmit_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.obj -MD -MP -MF "$(DEPDIR)/retransmit_job.Tpo" -c -o retransmit_job.obj `if test -f 'processing/jobs/retransmit_job.c'; then $(CYGPATH_W) 'processing/jobs/retransmit_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/retransmit_job.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/retransmit_job.Tpo" "$(DEPDIR)/retransmit_job.Po"; else rm -f "$(DEPDIR)/retransmit_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/retransmit_job.c' object='retransmit_job.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.obj `if test -f 'encoding/message.c'; then $(CYGPATH_W) 'encoding/message.c'; else $(CYGPATH_W) '$(srcdir)/encoding/message.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.obj `if test -f 'processing/jobs/retransmit_job.c'; then $(CYGPATH_W) 'processing/jobs/retransmit_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/retransmit_job.c'; fi`
-generator.o: encoding/generator.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.o -MD -MP -MF "$(DEPDIR)/generator.Tpo" -c -o generator.o `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/generator.Tpo" "$(DEPDIR)/generator.Po"; else rm -f "$(DEPDIR)/generator.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/generator.c' object='generator.o' libtool=no @AMDEPBACKSLASH@
+send_dpd_job.o: processing/jobs/send_dpd_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.o -MD -MP -MF "$(DEPDIR)/send_dpd_job.Tpo" -c -o send_dpd_job.o `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/send_dpd_job.Tpo" "$(DEPDIR)/send_dpd_job.Po"; else rm -f "$(DEPDIR)/send_dpd_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_dpd_job.c' object='send_dpd_job.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.o `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.o `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c
-generator.obj: encoding/generator.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.obj -MD -MP -MF "$(DEPDIR)/generator.Tpo" -c -o generator.obj `if test -f 'encoding/generator.c'; then $(CYGPATH_W) 'encoding/generator.c'; else $(CYGPATH_W) '$(srcdir)/encoding/generator.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/generator.Tpo" "$(DEPDIR)/generator.Po"; else rm -f "$(DEPDIR)/generator.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/generator.c' object='generator.obj' libtool=no @AMDEPBACKSLASH@
+send_dpd_job.obj: processing/jobs/send_dpd_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.obj -MD -MP -MF "$(DEPDIR)/send_dpd_job.Tpo" -c -o send_dpd_job.obj `if test -f 'processing/jobs/send_dpd_job.c'; then $(CYGPATH_W) 'processing/jobs/send_dpd_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_dpd_job.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/send_dpd_job.Tpo" "$(DEPDIR)/send_dpd_job.Po"; else rm -f "$(DEPDIR)/send_dpd_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_dpd_job.c' object='send_dpd_job.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.obj `if test -f 'encoding/generator.c'; then $(CYGPATH_W) 'encoding/generator.c'; else $(CYGPATH_W) '$(srcdir)/encoding/generator.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.obj `if test -f 'processing/jobs/send_dpd_job.c'; then $(CYGPATH_W) 'processing/jobs/send_dpd_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_dpd_job.c'; fi`
-parser.o: encoding/parser.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.o -MD -MP -MF "$(DEPDIR)/parser.Tpo" -c -o parser.o `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/parser.Tpo" "$(DEPDIR)/parser.Po"; else rm -f "$(DEPDIR)/parser.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/parser.c' object='parser.o' libtool=no @AMDEPBACKSLASH@
+send_keepalive_job.o: processing/jobs/send_keepalive_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.o -MD -MP -MF "$(DEPDIR)/send_keepalive_job.Tpo" -c -o send_keepalive_job.o `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/send_keepalive_job.Tpo" "$(DEPDIR)/send_keepalive_job.Po"; else rm -f "$(DEPDIR)/send_keepalive_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_keepalive_job.c' object='send_keepalive_job.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.o `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.o `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c
-parser.obj: encoding/parser.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.obj -MD -MP -MF "$(DEPDIR)/parser.Tpo" -c -o parser.obj `if test -f 'encoding/parser.c'; then $(CYGPATH_W) 'encoding/parser.c'; else $(CYGPATH_W) '$(srcdir)/encoding/parser.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/parser.Tpo" "$(DEPDIR)/parser.Po"; else rm -f "$(DEPDIR)/parser.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/parser.c' object='parser.obj' libtool=no @AMDEPBACKSLASH@
+send_keepalive_job.obj: processing/jobs/send_keepalive_job.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.obj -MD -MP -MF "$(DEPDIR)/send_keepalive_job.Tpo" -c -o send_keepalive_job.obj `if test -f 'processing/jobs/send_keepalive_job.c'; then $(CYGPATH_W) 'processing/jobs/send_keepalive_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_keepalive_job.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/send_keepalive_job.Tpo" "$(DEPDIR)/send_keepalive_job.Po"; else rm -f "$(DEPDIR)/send_keepalive_job.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_keepalive_job.c' object='send_keepalive_job.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.obj `if test -f 'encoding/parser.c'; then $(CYGPATH_W) 'encoding/parser.c'; else $(CYGPATH_W) '$(srcdir)/encoding/parser.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.obj `if test -f 'processing/jobs/send_keepalive_job.c'; then $(CYGPATH_W) 'processing/jobs/send_keepalive_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_keepalive_job.c'; fi`
-packet.o: network/packet.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.o -MD -MP -MF "$(DEPDIR)/packet.Tpo" -c -o packet.o `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/packet.Tpo" "$(DEPDIR)/packet.Po"; else rm -f "$(DEPDIR)/packet.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/packet.c' object='packet.o' libtool=no @AMDEPBACKSLASH@
+scheduler.o: processing/scheduler.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.o -MD -MP -MF "$(DEPDIR)/scheduler.Tpo" -c -o scheduler.o `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/scheduler.Tpo" "$(DEPDIR)/scheduler.Po"; else rm -f "$(DEPDIR)/scheduler.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/scheduler.c' object='scheduler.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.o `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.o `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c
-packet.obj: network/packet.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.obj -MD -MP -MF "$(DEPDIR)/packet.Tpo" -c -o packet.obj `if test -f 'network/packet.c'; then $(CYGPATH_W) 'network/packet.c'; else $(CYGPATH_W) '$(srcdir)/network/packet.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/packet.Tpo" "$(DEPDIR)/packet.Po"; else rm -f "$(DEPDIR)/packet.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/packet.c' object='packet.obj' libtool=no @AMDEPBACKSLASH@
+scheduler.obj: processing/scheduler.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.obj -MD -MP -MF "$(DEPDIR)/scheduler.Tpo" -c -o scheduler.obj `if test -f 'processing/scheduler.c'; then $(CYGPATH_W) 'processing/scheduler.c'; else $(CYGPATH_W) '$(srcdir)/processing/scheduler.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/scheduler.Tpo" "$(DEPDIR)/scheduler.Po"; else rm -f "$(DEPDIR)/scheduler.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/scheduler.c' object='scheduler.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.obj `if test -f 'network/packet.c'; then $(CYGPATH_W) 'network/packet.c'; else $(CYGPATH_W) '$(srcdir)/network/packet.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.obj `if test -f 'processing/scheduler.c'; then $(CYGPATH_W) 'processing/scheduler.c'; else $(CYGPATH_W) '$(srcdir)/processing/scheduler.c'; fi`
-socket.o: network/socket.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket.o -MD -MP -MF "$(DEPDIR)/socket.Tpo" -c -o socket.o `test -f 'network/socket.c' || echo '$(srcdir)/'`network/socket.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/socket.Tpo" "$(DEPDIR)/socket.Po"; else rm -f "$(DEPDIR)/socket.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket.c' object='socket.o' libtool=no @AMDEPBACKSLASH@
+thread_pool.o: processing/thread_pool.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT thread_pool.o -MD -MP -MF "$(DEPDIR)/thread_pool.Tpo" -c -o thread_pool.o `test -f 'processing/thread_pool.c' || echo '$(srcdir)/'`processing/thread_pool.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/thread_pool.Tpo" "$(DEPDIR)/thread_pool.Po"; else rm -f "$(DEPDIR)/thread_pool.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/thread_pool.c' object='thread_pool.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket.o `test -f 'network/socket.c' || echo '$(srcdir)/'`network/socket.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o thread_pool.o `test -f 'processing/thread_pool.c' || echo '$(srcdir)/'`processing/thread_pool.c
-socket.obj: network/socket.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket.obj -MD -MP -MF "$(DEPDIR)/socket.Tpo" -c -o socket.obj `if test -f 'network/socket.c'; then $(CYGPATH_W) 'network/socket.c'; else $(CYGPATH_W) '$(srcdir)/network/socket.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/socket.Tpo" "$(DEPDIR)/socket.Po"; else rm -f "$(DEPDIR)/socket.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket.c' object='socket.obj' libtool=no @AMDEPBACKSLASH@
+thread_pool.obj: processing/thread_pool.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT thread_pool.obj -MD -MP -MF "$(DEPDIR)/thread_pool.Tpo" -c -o thread_pool.obj `if test -f 'processing/thread_pool.c'; then $(CYGPATH_W) 'processing/thread_pool.c'; else $(CYGPATH_W) '$(srcdir)/processing/thread_pool.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/thread_pool.Tpo" "$(DEPDIR)/thread_pool.Po"; else rm -f "$(DEPDIR)/thread_pool.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/thread_pool.c' object='thread_pool.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket.obj `if test -f 'network/socket.c'; then $(CYGPATH_W) 'network/socket.c'; else $(CYGPATH_W) '$(srcdir)/network/socket.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o thread_pool.obj `if test -f 'processing/thread_pool.c'; then $(CYGPATH_W) 'processing/thread_pool.c'; else $(CYGPATH_W) '$(srcdir)/processing/thread_pool.c'; fi`
-job.o: queues/jobs/job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT job.o -MD -MP -MF "$(DEPDIR)/job.Tpo" -c -o job.o `test -f 'queues/jobs/job.c' || echo '$(srcdir)/'`queues/jobs/job.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/job.Tpo" "$(DEPDIR)/job.Po"; else rm -f "$(DEPDIR)/job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/job.c' object='job.o' libtool=no @AMDEPBACKSLASH@
+authenticator.o: sa/authenticators/authenticator.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.o -MD -MP -MF "$(DEPDIR)/authenticator.Tpo" -c -o authenticator.o `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/authenticator.Tpo" "$(DEPDIR)/authenticator.Po"; else rm -f "$(DEPDIR)/authenticator.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/authenticator.c' object='authenticator.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o job.o `test -f 'queues/jobs/job.c' || echo '$(srcdir)/'`queues/jobs/job.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.o `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c
-job.obj: queues/jobs/job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT job.obj -MD -MP -MF "$(DEPDIR)/job.Tpo" -c -o job.obj `if test -f 'queues/jobs/job.c'; then $(CYGPATH_W) 'queues/jobs/job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/job.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/job.Tpo" "$(DEPDIR)/job.Po"; else rm -f "$(DEPDIR)/job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/job.c' object='job.obj' libtool=no @AMDEPBACKSLASH@
+authenticator.obj: sa/authenticators/authenticator.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.obj -MD -MP -MF "$(DEPDIR)/authenticator.Tpo" -c -o authenticator.obj `if test -f 'sa/authenticators/authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/authenticator.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/authenticator.Tpo" "$(DEPDIR)/authenticator.Po"; else rm -f "$(DEPDIR)/authenticator.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/authenticator.c' object='authenticator.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o job.obj `if test -f 'queues/jobs/job.c'; then $(CYGPATH_W) 'queues/jobs/job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/job.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.obj `if test -f 'sa/authenticators/authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/authenticator.c'; fi`
-process_message_job.o: queues/jobs/process_message_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.o -MD -MP -MF "$(DEPDIR)/process_message_job.Tpo" -c -o process_message_job.o `test -f 'queues/jobs/process_message_job.c' || echo '$(srcdir)/'`queues/jobs/process_message_job.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/process_message_job.Tpo" "$(DEPDIR)/process_message_job.Po"; else rm -f "$(DEPDIR)/process_message_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/process_message_job.c' object='process_message_job.o' libtool=no @AMDEPBACKSLASH@
+eap_authenticator.o: sa/authenticators/eap_authenticator.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.o -MD -MP -MF "$(DEPDIR)/eap_authenticator.Tpo" -c -o eap_authenticator.o `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/eap_authenticator.Tpo" "$(DEPDIR)/eap_authenticator.Po"; else rm -f "$(DEPDIR)/eap_authenticator.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.o `test -f 'queues/jobs/process_message_job.c' || echo '$(srcdir)/'`queues/jobs/process_message_job.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.o `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c
-process_message_job.obj: queues/jobs/process_message_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.obj -MD -MP -MF "$(DEPDIR)/process_message_job.Tpo" -c -o process_message_job.obj `if test -f 'queues/jobs/process_message_job.c'; then $(CYGPATH_W) 'queues/jobs/process_message_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/process_message_job.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/process_message_job.Tpo" "$(DEPDIR)/process_message_job.Po"; else rm -f "$(DEPDIR)/process_message_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/process_message_job.c' object='process_message_job.obj' libtool=no @AMDEPBACKSLASH@
+eap_authenticator.obj: sa/authenticators/eap_authenticator.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.obj -MD -MP -MF "$(DEPDIR)/eap_authenticator.Tpo" -c -o eap_authenticator.obj `if test -f 'sa/authenticators/eap_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/eap_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap_authenticator.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/eap_authenticator.Tpo" "$(DEPDIR)/eap_authenticator.Po"; else rm -f "$(DEPDIR)/eap_authenticator.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.obj `if test -f 'queues/jobs/process_message_job.c'; then $(CYGPATH_W) 'queues/jobs/process_message_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/process_message_job.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.obj `if test -f 'sa/authenticators/eap_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/eap_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap_authenticator.c'; fi`
-delete_ike_sa_job.o: queues/jobs/delete_ike_sa_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.o -MD -MP -MF "$(DEPDIR)/delete_ike_sa_job.Tpo" -c -o delete_ike_sa_job.o `test -f 'queues/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`queues/jobs/delete_ike_sa_job.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/delete_ike_sa_job.Tpo" "$(DEPDIR)/delete_ike_sa_job.Po"; else rm -f "$(DEPDIR)/delete_ike_sa_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.o' libtool=no @AMDEPBACKSLASH@
+eap_method.o: sa/authenticators/eap/eap_method.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.o -MD -MP -MF "$(DEPDIR)/eap_method.Tpo" -c -o eap_method.o `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/eap_method.Tpo" "$(DEPDIR)/eap_method.Po"; else rm -f "$(DEPDIR)/eap_method.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_method.c' object='eap_method.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.o `test -f 'queues/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`queues/jobs/delete_ike_sa_job.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.o `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c
-delete_ike_sa_job.obj: queues/jobs/delete_ike_sa_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.obj -MD -MP -MF "$(DEPDIR)/delete_ike_sa_job.Tpo" -c -o delete_ike_sa_job.obj `if test -f 'queues/jobs/delete_ike_sa_job.c'; then $(CYGPATH_W) 'queues/jobs/delete_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/delete_ike_sa_job.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/delete_ike_sa_job.Tpo" "$(DEPDIR)/delete_ike_sa_job.Po"; else rm -f "$(DEPDIR)/delete_ike_sa_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.obj' libtool=no @AMDEPBACKSLASH@
+eap_method.obj: sa/authenticators/eap/eap_method.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.obj -MD -MP -MF "$(DEPDIR)/eap_method.Tpo" -c -o eap_method.obj `if test -f 'sa/authenticators/eap/eap_method.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_method.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_method.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/eap_method.Tpo" "$(DEPDIR)/eap_method.Po"; else rm -f "$(DEPDIR)/eap_method.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_method.c' object='eap_method.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.obj `if test -f 'queues/jobs/delete_ike_sa_job.c'; then $(CYGPATH_W) 'queues/jobs/delete_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/delete_ike_sa_job.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.obj `if test -f 'sa/authenticators/eap/eap_method.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_method.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_method.c'; fi`
-retransmit_job.o: queues/jobs/retransmit_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.o -MD -MP -MF "$(DEPDIR)/retransmit_job.Tpo" -c -o retransmit_job.o `test -f 'queues/jobs/retransmit_job.c' || echo '$(srcdir)/'`queues/jobs/retransmit_job.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/retransmit_job.Tpo" "$(DEPDIR)/retransmit_job.Po"; else rm -f "$(DEPDIR)/retransmit_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/retransmit_job.c' object='retransmit_job.o' libtool=no @AMDEPBACKSLASH@
+psk_authenticator.o: sa/authenticators/psk_authenticator.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.o -MD -MP -MF "$(DEPDIR)/psk_authenticator.Tpo" -c -o psk_authenticator.o `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/psk_authenticator.Tpo" "$(DEPDIR)/psk_authenticator.Po"; else rm -f "$(DEPDIR)/psk_authenticator.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.o `test -f 'queues/jobs/retransmit_job.c' || echo '$(srcdir)/'`queues/jobs/retransmit_job.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.o `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c
-retransmit_job.obj: queues/jobs/retransmit_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.obj -MD -MP -MF "$(DEPDIR)/retransmit_job.Tpo" -c -o retransmit_job.obj `if test -f 'queues/jobs/retransmit_job.c'; then $(CYGPATH_W) 'queues/jobs/retransmit_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/retransmit_job.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/retransmit_job.Tpo" "$(DEPDIR)/retransmit_job.Po"; else rm -f "$(DEPDIR)/retransmit_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/retransmit_job.c' object='retransmit_job.obj' libtool=no @AMDEPBACKSLASH@
+psk_authenticator.obj: sa/authenticators/psk_authenticator.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.obj -MD -MP -MF "$(DEPDIR)/psk_authenticator.Tpo" -c -o psk_authenticator.obj `if test -f 'sa/authenticators/psk_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/psk_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/psk_authenticator.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/psk_authenticator.Tpo" "$(DEPDIR)/psk_authenticator.Po"; else rm -f "$(DEPDIR)/psk_authenticator.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.obj `if test -f 'queues/jobs/retransmit_job.c'; then $(CYGPATH_W) 'queues/jobs/retransmit_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/retransmit_job.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.obj `if test -f 'sa/authenticators/psk_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/psk_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/psk_authenticator.c'; fi`
-initiate_job.o: queues/jobs/initiate_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT initiate_job.o -MD -MP -MF "$(DEPDIR)/initiate_job.Tpo" -c -o initiate_job.o `test -f 'queues/jobs/initiate_job.c' || echo '$(srcdir)/'`queues/jobs/initiate_job.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/initiate_job.Tpo" "$(DEPDIR)/initiate_job.Po"; else rm -f "$(DEPDIR)/initiate_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/initiate_job.c' object='initiate_job.o' libtool=no @AMDEPBACKSLASH@
+rsa_authenticator.o: sa/authenticators/rsa_authenticator.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rsa_authenticator.o -MD -MP -MF "$(DEPDIR)/rsa_authenticator.Tpo" -c -o rsa_authenticator.o `test -f 'sa/authenticators/rsa_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/rsa_authenticator.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rsa_authenticator.Tpo" "$(DEPDIR)/rsa_authenticator.Po"; else rm -f "$(DEPDIR)/rsa_authenticator.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/rsa_authenticator.c' object='rsa_authenticator.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o initiate_job.o `test -f 'queues/jobs/initiate_job.c' || echo '$(srcdir)/'`queues/jobs/initiate_job.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rsa_authenticator.o `test -f 'sa/authenticators/rsa_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/rsa_authenticator.c
-initiate_job.obj: queues/jobs/initiate_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT initiate_job.obj -MD -MP -MF "$(DEPDIR)/initiate_job.Tpo" -c -o initiate_job.obj `if test -f 'queues/jobs/initiate_job.c'; then $(CYGPATH_W) 'queues/jobs/initiate_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/initiate_job.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/initiate_job.Tpo" "$(DEPDIR)/initiate_job.Po"; else rm -f "$(DEPDIR)/initiate_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/initiate_job.c' object='initiate_job.obj' libtool=no @AMDEPBACKSLASH@
+rsa_authenticator.obj: sa/authenticators/rsa_authenticator.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rsa_authenticator.obj -MD -MP -MF "$(DEPDIR)/rsa_authenticator.Tpo" -c -o rsa_authenticator.obj `if test -f 'sa/authenticators/rsa_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/rsa_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/rsa_authenticator.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rsa_authenticator.Tpo" "$(DEPDIR)/rsa_authenticator.Po"; else rm -f "$(DEPDIR)/rsa_authenticator.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/rsa_authenticator.c' object='rsa_authenticator.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o initiate_job.obj `if test -f 'queues/jobs/initiate_job.c'; then $(CYGPATH_W) 'queues/jobs/initiate_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/initiate_job.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rsa_authenticator.obj `if test -f 'sa/authenticators/rsa_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/rsa_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/rsa_authenticator.c'; fi`
-send_keepalive_job.o: queues/jobs/send_keepalive_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.o -MD -MP -MF "$(DEPDIR)/send_keepalive_job.Tpo" -c -o send_keepalive_job.o `test -f 'queues/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`queues/jobs/send_keepalive_job.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/send_keepalive_job.Tpo" "$(DEPDIR)/send_keepalive_job.Po"; else rm -f "$(DEPDIR)/send_keepalive_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/send_keepalive_job.c' object='send_keepalive_job.o' libtool=no @AMDEPBACKSLASH@
+child_sa.o: sa/child_sa.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.o -MD -MP -MF "$(DEPDIR)/child_sa.Tpo" -c -o child_sa.o `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_sa.Tpo" "$(DEPDIR)/child_sa.Po"; else rm -f "$(DEPDIR)/child_sa.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/child_sa.c' object='child_sa.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.o `test -f 'queues/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`queues/jobs/send_keepalive_job.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.o `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c
-send_keepalive_job.obj: queues/jobs/send_keepalive_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.obj -MD -MP -MF "$(DEPDIR)/send_keepalive_job.Tpo" -c -o send_keepalive_job.obj `if test -f 'queues/jobs/send_keepalive_job.c'; then $(CYGPATH_W) 'queues/jobs/send_keepalive_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/send_keepalive_job.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/send_keepalive_job.Tpo" "$(DEPDIR)/send_keepalive_job.Po"; else rm -f "$(DEPDIR)/send_keepalive_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/send_keepalive_job.c' object='send_keepalive_job.obj' libtool=no @AMDEPBACKSLASH@
+child_sa.obj: sa/child_sa.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.obj -MD -MP -MF "$(DEPDIR)/child_sa.Tpo" -c -o child_sa.obj `if test -f 'sa/child_sa.c'; then $(CYGPATH_W) 'sa/child_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/child_sa.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_sa.Tpo" "$(DEPDIR)/child_sa.Po"; else rm -f "$(DEPDIR)/child_sa.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/child_sa.c' object='child_sa.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.obj `if test -f 'queues/jobs/send_keepalive_job.c'; then $(CYGPATH_W) 'queues/jobs/send_keepalive_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/send_keepalive_job.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.obj `if test -f 'sa/child_sa.c'; then $(CYGPATH_W) 'sa/child_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/child_sa.c'; fi`
-rekey_child_sa_job.o: queues/jobs/rekey_child_sa_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.o -MD -MP -MF "$(DEPDIR)/rekey_child_sa_job.Tpo" -c -o rekey_child_sa_job.o `test -f 'queues/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`queues/jobs/rekey_child_sa_job.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rekey_child_sa_job.Tpo" "$(DEPDIR)/rekey_child_sa_job.Po"; else rm -f "$(DEPDIR)/rekey_child_sa_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.o' libtool=no @AMDEPBACKSLASH@
+ike_sa.o: sa/ike_sa.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.o -MD -MP -MF "$(DEPDIR)/ike_sa.Tpo" -c -o ike_sa.o `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_sa.Tpo" "$(DEPDIR)/ike_sa.Po"; else rm -f "$(DEPDIR)/ike_sa.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa.c' object='ike_sa.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.o `test -f 'queues/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`queues/jobs/rekey_child_sa_job.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.o `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c
-rekey_child_sa_job.obj: queues/jobs/rekey_child_sa_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.obj -MD -MP -MF "$(DEPDIR)/rekey_child_sa_job.Tpo" -c -o rekey_child_sa_job.obj `if test -f 'queues/jobs/rekey_child_sa_job.c'; then $(CYGPATH_W) 'queues/jobs/rekey_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/rekey_child_sa_job.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rekey_child_sa_job.Tpo" "$(DEPDIR)/rekey_child_sa_job.Po"; else rm -f "$(DEPDIR)/rekey_child_sa_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.obj' libtool=no @AMDEPBACKSLASH@
+ike_sa.obj: sa/ike_sa.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.obj -MD -MP -MF "$(DEPDIR)/ike_sa.Tpo" -c -o ike_sa.obj `if test -f 'sa/ike_sa.c'; then $(CYGPATH_W) 'sa/ike_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_sa.Tpo" "$(DEPDIR)/ike_sa.Po"; else rm -f "$(DEPDIR)/ike_sa.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa.c' object='ike_sa.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.obj `if test -f 'queues/jobs/rekey_child_sa_job.c'; then $(CYGPATH_W) 'queues/jobs/rekey_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/rekey_child_sa_job.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.obj `if test -f 'sa/ike_sa.c'; then $(CYGPATH_W) 'sa/ike_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa.c'; fi`
-delete_child_sa_job.o: queues/jobs/delete_child_sa_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.o -MD -MP -MF "$(DEPDIR)/delete_child_sa_job.Tpo" -c -o delete_child_sa_job.o `test -f 'queues/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`queues/jobs/delete_child_sa_job.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/delete_child_sa_job.Tpo" "$(DEPDIR)/delete_child_sa_job.Po"; else rm -f "$(DEPDIR)/delete_child_sa_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/delete_child_sa_job.c' object='delete_child_sa_job.o' libtool=no @AMDEPBACKSLASH@
+ike_sa_id.o: sa/ike_sa_id.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.o -MD -MP -MF "$(DEPDIR)/ike_sa_id.Tpo" -c -o ike_sa_id.o `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_sa_id.Tpo" "$(DEPDIR)/ike_sa_id.Po"; else rm -f "$(DEPDIR)/ike_sa_id.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_id.c' object='ike_sa_id.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.o `test -f 'queues/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`queues/jobs/delete_child_sa_job.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.o `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c
-delete_child_sa_job.obj: queues/jobs/delete_child_sa_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.obj -MD -MP -MF "$(DEPDIR)/delete_child_sa_job.Tpo" -c -o delete_child_sa_job.obj `if test -f 'queues/jobs/delete_child_sa_job.c'; then $(CYGPATH_W) 'queues/jobs/delete_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/delete_child_sa_job.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/delete_child_sa_job.Tpo" "$(DEPDIR)/delete_child_sa_job.Po"; else rm -f "$(DEPDIR)/delete_child_sa_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/delete_child_sa_job.c' object='delete_child_sa_job.obj' libtool=no @AMDEPBACKSLASH@
+ike_sa_id.obj: sa/ike_sa_id.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.obj -MD -MP -MF "$(DEPDIR)/ike_sa_id.Tpo" -c -o ike_sa_id.obj `if test -f 'sa/ike_sa_id.c'; then $(CYGPATH_W) 'sa/ike_sa_id.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_id.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_sa_id.Tpo" "$(DEPDIR)/ike_sa_id.Po"; else rm -f "$(DEPDIR)/ike_sa_id.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_id.c' object='ike_sa_id.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.obj `if test -f 'queues/jobs/delete_child_sa_job.c'; then $(CYGPATH_W) 'queues/jobs/delete_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/delete_child_sa_job.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.obj `if test -f 'sa/ike_sa_id.c'; then $(CYGPATH_W) 'sa/ike_sa_id.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_id.c'; fi`
-send_dpd_job.o: queues/jobs/send_dpd_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.o -MD -MP -MF "$(DEPDIR)/send_dpd_job.Tpo" -c -o send_dpd_job.o `test -f 'queues/jobs/send_dpd_job.c' || echo '$(srcdir)/'`queues/jobs/send_dpd_job.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/send_dpd_job.Tpo" "$(DEPDIR)/send_dpd_job.Po"; else rm -f "$(DEPDIR)/send_dpd_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/send_dpd_job.c' object='send_dpd_job.o' libtool=no @AMDEPBACKSLASH@
+ike_sa_manager.o: sa/ike_sa_manager.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.o -MD -MP -MF "$(DEPDIR)/ike_sa_manager.Tpo" -c -o ike_sa_manager.o `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_sa_manager.Tpo" "$(DEPDIR)/ike_sa_manager.Po"; else rm -f "$(DEPDIR)/ike_sa_manager.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_manager.c' object='ike_sa_manager.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.o `test -f 'queues/jobs/send_dpd_job.c' || echo '$(srcdir)/'`queues/jobs/send_dpd_job.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.o `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c
-send_dpd_job.obj: queues/jobs/send_dpd_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.obj -MD -MP -MF "$(DEPDIR)/send_dpd_job.Tpo" -c -o send_dpd_job.obj `if test -f 'queues/jobs/send_dpd_job.c'; then $(CYGPATH_W) 'queues/jobs/send_dpd_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/send_dpd_job.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/send_dpd_job.Tpo" "$(DEPDIR)/send_dpd_job.Po"; else rm -f "$(DEPDIR)/send_dpd_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/send_dpd_job.c' object='send_dpd_job.obj' libtool=no @AMDEPBACKSLASH@
+ike_sa_manager.obj: sa/ike_sa_manager.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.obj -MD -MP -MF "$(DEPDIR)/ike_sa_manager.Tpo" -c -o ike_sa_manager.obj `if test -f 'sa/ike_sa_manager.c'; then $(CYGPATH_W) 'sa/ike_sa_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_manager.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_sa_manager.Tpo" "$(DEPDIR)/ike_sa_manager.Po"; else rm -f "$(DEPDIR)/ike_sa_manager.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_manager.c' object='ike_sa_manager.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.obj `if test -f 'queues/jobs/send_dpd_job.c'; then $(CYGPATH_W) 'queues/jobs/send_dpd_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/send_dpd_job.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.obj `if test -f 'sa/ike_sa_manager.c'; then $(CYGPATH_W) 'sa/ike_sa_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_manager.c'; fi`
-route_job.o: queues/jobs/route_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT route_job.o -MD -MP -MF "$(DEPDIR)/route_job.Tpo" -c -o route_job.o `test -f 'queues/jobs/route_job.c' || echo '$(srcdir)/'`queues/jobs/route_job.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/route_job.Tpo" "$(DEPDIR)/route_job.Po"; else rm -f "$(DEPDIR)/route_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/route_job.c' object='route_job.o' libtool=no @AMDEPBACKSLASH@
+task_manager.o: sa/task_manager.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.o -MD -MP -MF "$(DEPDIR)/task_manager.Tpo" -c -o task_manager.o `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/task_manager.Tpo" "$(DEPDIR)/task_manager.Po"; else rm -f "$(DEPDIR)/task_manager.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/task_manager.c' object='task_manager.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o route_job.o `test -f 'queues/jobs/route_job.c' || echo '$(srcdir)/'`queues/jobs/route_job.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.o `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c
-route_job.obj: queues/jobs/route_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT route_job.obj -MD -MP -MF "$(DEPDIR)/route_job.Tpo" -c -o route_job.obj `if test -f 'queues/jobs/route_job.c'; then $(CYGPATH_W) 'queues/jobs/route_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/route_job.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/route_job.Tpo" "$(DEPDIR)/route_job.Po"; else rm -f "$(DEPDIR)/route_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/route_job.c' object='route_job.obj' libtool=no @AMDEPBACKSLASH@
+task_manager.obj: sa/task_manager.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.obj -MD -MP -MF "$(DEPDIR)/task_manager.Tpo" -c -o task_manager.obj `if test -f 'sa/task_manager.c'; then $(CYGPATH_W) 'sa/task_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/task_manager.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/task_manager.Tpo" "$(DEPDIR)/task_manager.Po"; else rm -f "$(DEPDIR)/task_manager.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/task_manager.c' object='task_manager.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o route_job.obj `if test -f 'queues/jobs/route_job.c'; then $(CYGPATH_W) 'queues/jobs/route_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/route_job.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.obj `if test -f 'sa/task_manager.c'; then $(CYGPATH_W) 'sa/task_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/task_manager.c'; fi`
-acquire_job.o: queues/jobs/acquire_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.o -MD -MP -MF "$(DEPDIR)/acquire_job.Tpo" -c -o acquire_job.o `test -f 'queues/jobs/acquire_job.c' || echo '$(srcdir)/'`queues/jobs/acquire_job.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/acquire_job.Tpo" "$(DEPDIR)/acquire_job.Po"; else rm -f "$(DEPDIR)/acquire_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/acquire_job.c' object='acquire_job.o' libtool=no @AMDEPBACKSLASH@
+child_create.o: sa/tasks/child_create.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.o -MD -MP -MF "$(DEPDIR)/child_create.Tpo" -c -o child_create.o `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_create.Tpo" "$(DEPDIR)/child_create.Po"; else rm -f "$(DEPDIR)/child_create.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_create.c' object='child_create.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.o `test -f 'queues/jobs/acquire_job.c' || echo '$(srcdir)/'`queues/jobs/acquire_job.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.o `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c
-acquire_job.obj: queues/jobs/acquire_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.obj -MD -MP -MF "$(DEPDIR)/acquire_job.Tpo" -c -o acquire_job.obj `if test -f 'queues/jobs/acquire_job.c'; then $(CYGPATH_W) 'queues/jobs/acquire_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/acquire_job.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/acquire_job.Tpo" "$(DEPDIR)/acquire_job.Po"; else rm -f "$(DEPDIR)/acquire_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/acquire_job.c' object='acquire_job.obj' libtool=no @AMDEPBACKSLASH@
+child_create.obj: sa/tasks/child_create.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.obj -MD -MP -MF "$(DEPDIR)/child_create.Tpo" -c -o child_create.obj `if test -f 'sa/tasks/child_create.c'; then $(CYGPATH_W) 'sa/tasks/child_create.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_create.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_create.Tpo" "$(DEPDIR)/child_create.Po"; else rm -f "$(DEPDIR)/child_create.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_create.c' object='child_create.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.obj `if test -f 'queues/jobs/acquire_job.c'; then $(CYGPATH_W) 'queues/jobs/acquire_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/acquire_job.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.obj `if test -f 'sa/tasks/child_create.c'; then $(CYGPATH_W) 'sa/tasks/child_create.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_create.c'; fi`
-rekey_ike_sa_job.o: queues/jobs/rekey_ike_sa_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.o -MD -MP -MF "$(DEPDIR)/rekey_ike_sa_job.Tpo" -c -o rekey_ike_sa_job.o `test -f 'queues/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`queues/jobs/rekey_ike_sa_job.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rekey_ike_sa_job.Tpo" "$(DEPDIR)/rekey_ike_sa_job.Po"; else rm -f "$(DEPDIR)/rekey_ike_sa_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.o' libtool=no @AMDEPBACKSLASH@
+child_delete.o: sa/tasks/child_delete.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.o -MD -MP -MF "$(DEPDIR)/child_delete.Tpo" -c -o child_delete.o `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_delete.Tpo" "$(DEPDIR)/child_delete.Po"; else rm -f "$(DEPDIR)/child_delete.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_delete.c' object='child_delete.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.o `test -f 'queues/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`queues/jobs/rekey_ike_sa_job.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.o `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c
-rekey_ike_sa_job.obj: queues/jobs/rekey_ike_sa_job.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.obj -MD -MP -MF "$(DEPDIR)/rekey_ike_sa_job.Tpo" -c -o rekey_ike_sa_job.obj `if test -f 'queues/jobs/rekey_ike_sa_job.c'; then $(CYGPATH_W) 'queues/jobs/rekey_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/rekey_ike_sa_job.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rekey_ike_sa_job.Tpo" "$(DEPDIR)/rekey_ike_sa_job.Po"; else rm -f "$(DEPDIR)/rekey_ike_sa_job.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.obj' libtool=no @AMDEPBACKSLASH@
+child_delete.obj: sa/tasks/child_delete.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.obj -MD -MP -MF "$(DEPDIR)/child_delete.Tpo" -c -o child_delete.obj `if test -f 'sa/tasks/child_delete.c'; then $(CYGPATH_W) 'sa/tasks/child_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_delete.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_delete.Tpo" "$(DEPDIR)/child_delete.Po"; else rm -f "$(DEPDIR)/child_delete.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_delete.c' object='child_delete.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.obj `if test -f 'queues/jobs/rekey_ike_sa_job.c'; then $(CYGPATH_W) 'queues/jobs/rekey_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/queues/jobs/rekey_ike_sa_job.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.obj `if test -f 'sa/tasks/child_delete.c'; then $(CYGPATH_W) 'sa/tasks/child_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_delete.c'; fi`
-job_queue.o: queues/job_queue.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT job_queue.o -MD -MP -MF "$(DEPDIR)/job_queue.Tpo" -c -o job_queue.o `test -f 'queues/job_queue.c' || echo '$(srcdir)/'`queues/job_queue.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/job_queue.Tpo" "$(DEPDIR)/job_queue.Po"; else rm -f "$(DEPDIR)/job_queue.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/job_queue.c' object='job_queue.o' libtool=no @AMDEPBACKSLASH@
+child_rekey.o: sa/tasks/child_rekey.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.o -MD -MP -MF "$(DEPDIR)/child_rekey.Tpo" -c -o child_rekey.o `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_rekey.Tpo" "$(DEPDIR)/child_rekey.Po"; else rm -f "$(DEPDIR)/child_rekey.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_rekey.c' object='child_rekey.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o job_queue.o `test -f 'queues/job_queue.c' || echo '$(srcdir)/'`queues/job_queue.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.o `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c
-job_queue.obj: queues/job_queue.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT job_queue.obj -MD -MP -MF "$(DEPDIR)/job_queue.Tpo" -c -o job_queue.obj `if test -f 'queues/job_queue.c'; then $(CYGPATH_W) 'queues/job_queue.c'; else $(CYGPATH_W) '$(srcdir)/queues/job_queue.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/job_queue.Tpo" "$(DEPDIR)/job_queue.Po"; else rm -f "$(DEPDIR)/job_queue.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/job_queue.c' object='job_queue.obj' libtool=no @AMDEPBACKSLASH@
+child_rekey.obj: sa/tasks/child_rekey.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.obj -MD -MP -MF "$(DEPDIR)/child_rekey.Tpo" -c -o child_rekey.obj `if test -f 'sa/tasks/child_rekey.c'; then $(CYGPATH_W) 'sa/tasks/child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_rekey.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/child_rekey.Tpo" "$(DEPDIR)/child_rekey.Po"; else rm -f "$(DEPDIR)/child_rekey.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_rekey.c' object='child_rekey.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o job_queue.obj `if test -f 'queues/job_queue.c'; then $(CYGPATH_W) 'queues/job_queue.c'; else $(CYGPATH_W) '$(srcdir)/queues/job_queue.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.obj `if test -f 'sa/tasks/child_rekey.c'; then $(CYGPATH_W) 'sa/tasks/child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_rekey.c'; fi`
-event_queue.o: queues/event_queue.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT event_queue.o -MD -MP -MF "$(DEPDIR)/event_queue.Tpo" -c -o event_queue.o `test -f 'queues/event_queue.c' || echo '$(srcdir)/'`queues/event_queue.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/event_queue.Tpo" "$(DEPDIR)/event_queue.Po"; else rm -f "$(DEPDIR)/event_queue.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/event_queue.c' object='event_queue.o' libtool=no @AMDEPBACKSLASH@
+ike_auth.o: sa/tasks/ike_auth.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.o -MD -MP -MF "$(DEPDIR)/ike_auth.Tpo" -c -o ike_auth.o `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_auth.Tpo" "$(DEPDIR)/ike_auth.Po"; else rm -f "$(DEPDIR)/ike_auth.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth.c' object='ike_auth.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o event_queue.o `test -f 'queues/event_queue.c' || echo '$(srcdir)/'`queues/event_queue.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.o `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c
-event_queue.obj: queues/event_queue.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT event_queue.obj -MD -MP -MF "$(DEPDIR)/event_queue.Tpo" -c -o event_queue.obj `if test -f 'queues/event_queue.c'; then $(CYGPATH_W) 'queues/event_queue.c'; else $(CYGPATH_W) '$(srcdir)/queues/event_queue.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/event_queue.Tpo" "$(DEPDIR)/event_queue.Po"; else rm -f "$(DEPDIR)/event_queue.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='queues/event_queue.c' object='event_queue.obj' libtool=no @AMDEPBACKSLASH@
+ike_auth.obj: sa/tasks/ike_auth.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.obj -MD -MP -MF "$(DEPDIR)/ike_auth.Tpo" -c -o ike_auth.obj `if test -f 'sa/tasks/ike_auth.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_auth.Tpo" "$(DEPDIR)/ike_auth.Po"; else rm -f "$(DEPDIR)/ike_auth.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth.c' object='ike_auth.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o event_queue.obj `if test -f 'queues/event_queue.c'; then $(CYGPATH_W) 'queues/event_queue.c'; else $(CYGPATH_W) '$(srcdir)/queues/event_queue.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.obj `if test -f 'sa/tasks/ike_auth.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth.c'; fi`
-kernel_interface.o: threads/kernel_interface.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.o -MD -MP -MF "$(DEPDIR)/kernel_interface.Tpo" -c -o kernel_interface.o `test -f 'threads/kernel_interface.c' || echo '$(srcdir)/'`threads/kernel_interface.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/kernel_interface.Tpo" "$(DEPDIR)/kernel_interface.Po"; else rm -f "$(DEPDIR)/kernel_interface.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threads/kernel_interface.c' object='kernel_interface.o' libtool=no @AMDEPBACKSLASH@
+ike_cert.o: sa/tasks/ike_cert.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert.o -MD -MP -MF "$(DEPDIR)/ike_cert.Tpo" -c -o ike_cert.o `test -f 'sa/tasks/ike_cert.c' || echo '$(srcdir)/'`sa/tasks/ike_cert.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_cert.Tpo" "$(DEPDIR)/ike_cert.Po"; else rm -f "$(DEPDIR)/ike_cert.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert.c' object='ike_cert.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.o `test -f 'threads/kernel_interface.c' || echo '$(srcdir)/'`threads/kernel_interface.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert.o `test -f 'sa/tasks/ike_cert.c' || echo '$(srcdir)/'`sa/tasks/ike_cert.c
-kernel_interface.obj: threads/kernel_interface.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.obj -MD -MP -MF "$(DEPDIR)/kernel_interface.Tpo" -c -o kernel_interface.obj `if test -f 'threads/kernel_interface.c'; then $(CYGPATH_W) 'threads/kernel_interface.c'; else $(CYGPATH_W) '$(srcdir)/threads/kernel_interface.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/kernel_interface.Tpo" "$(DEPDIR)/kernel_interface.Po"; else rm -f "$(DEPDIR)/kernel_interface.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threads/kernel_interface.c' object='kernel_interface.obj' libtool=no @AMDEPBACKSLASH@
+ike_cert.obj: sa/tasks/ike_cert.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert.obj -MD -MP -MF "$(DEPDIR)/ike_cert.Tpo" -c -o ike_cert.obj `if test -f 'sa/tasks/ike_cert.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_cert.Tpo" "$(DEPDIR)/ike_cert.Po"; else rm -f "$(DEPDIR)/ike_cert.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert.c' object='ike_cert.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.obj `if test -f 'threads/kernel_interface.c'; then $(CYGPATH_W) 'threads/kernel_interface.c'; else $(CYGPATH_W) '$(srcdir)/threads/kernel_interface.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert.obj `if test -f 'sa/tasks/ike_cert.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert.c'; fi`
-thread_pool.o: threads/thread_pool.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT thread_pool.o -MD -MP -MF "$(DEPDIR)/thread_pool.Tpo" -c -o thread_pool.o `test -f 'threads/thread_pool.c' || echo '$(srcdir)/'`threads/thread_pool.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/thread_pool.Tpo" "$(DEPDIR)/thread_pool.Po"; else rm -f "$(DEPDIR)/thread_pool.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threads/thread_pool.c' object='thread_pool.o' libtool=no @AMDEPBACKSLASH@
+ike_config.o: sa/tasks/ike_config.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.o -MD -MP -MF "$(DEPDIR)/ike_config.Tpo" -c -o ike_config.o `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_config.Tpo" "$(DEPDIR)/ike_config.Po"; else rm -f "$(DEPDIR)/ike_config.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_config.c' object='ike_config.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o thread_pool.o `test -f 'threads/thread_pool.c' || echo '$(srcdir)/'`threads/thread_pool.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.o `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c
-thread_pool.obj: threads/thread_pool.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT thread_pool.obj -MD -MP -MF "$(DEPDIR)/thread_pool.Tpo" -c -o thread_pool.obj `if test -f 'threads/thread_pool.c'; then $(CYGPATH_W) 'threads/thread_pool.c'; else $(CYGPATH_W) '$(srcdir)/threads/thread_pool.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/thread_pool.Tpo" "$(DEPDIR)/thread_pool.Po"; else rm -f "$(DEPDIR)/thread_pool.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threads/thread_pool.c' object='thread_pool.obj' libtool=no @AMDEPBACKSLASH@
+ike_config.obj: sa/tasks/ike_config.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.obj -MD -MP -MF "$(DEPDIR)/ike_config.Tpo" -c -o ike_config.obj `if test -f 'sa/tasks/ike_config.c'; then $(CYGPATH_W) 'sa/tasks/ike_config.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_config.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_config.Tpo" "$(DEPDIR)/ike_config.Po"; else rm -f "$(DEPDIR)/ike_config.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_config.c' object='ike_config.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o thread_pool.obj `if test -f 'threads/thread_pool.c'; then $(CYGPATH_W) 'threads/thread_pool.c'; else $(CYGPATH_W) '$(srcdir)/threads/thread_pool.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.obj `if test -f 'sa/tasks/ike_config.c'; then $(CYGPATH_W) 'sa/tasks/ike_config.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_config.c'; fi`
-scheduler.o: threads/scheduler.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.o -MD -MP -MF "$(DEPDIR)/scheduler.Tpo" -c -o scheduler.o `test -f 'threads/scheduler.c' || echo '$(srcdir)/'`threads/scheduler.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/scheduler.Tpo" "$(DEPDIR)/scheduler.Po"; else rm -f "$(DEPDIR)/scheduler.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threads/scheduler.c' object='scheduler.o' libtool=no @AMDEPBACKSLASH@
+ike_delete.o: sa/tasks/ike_delete.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.o -MD -MP -MF "$(DEPDIR)/ike_delete.Tpo" -c -o ike_delete.o `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_delete.Tpo" "$(DEPDIR)/ike_delete.Po"; else rm -f "$(DEPDIR)/ike_delete.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_delete.c' object='ike_delete.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.o `test -f 'threads/scheduler.c' || echo '$(srcdir)/'`threads/scheduler.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.o `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c
-scheduler.obj: threads/scheduler.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.obj -MD -MP -MF "$(DEPDIR)/scheduler.Tpo" -c -o scheduler.obj `if test -f 'threads/scheduler.c'; then $(CYGPATH_W) 'threads/scheduler.c'; else $(CYGPATH_W) '$(srcdir)/threads/scheduler.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/scheduler.Tpo" "$(DEPDIR)/scheduler.Po"; else rm -f "$(DEPDIR)/scheduler.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threads/scheduler.c' object='scheduler.obj' libtool=no @AMDEPBACKSLASH@
+ike_delete.obj: sa/tasks/ike_delete.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.obj -MD -MP -MF "$(DEPDIR)/ike_delete.Tpo" -c -o ike_delete.obj `if test -f 'sa/tasks/ike_delete.c'; then $(CYGPATH_W) 'sa/tasks/ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_delete.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_delete.Tpo" "$(DEPDIR)/ike_delete.Po"; else rm -f "$(DEPDIR)/ike_delete.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_delete.c' object='ike_delete.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.obj `if test -f 'threads/scheduler.c'; then $(CYGPATH_W) 'threads/scheduler.c'; else $(CYGPATH_W) '$(srcdir)/threads/scheduler.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.obj `if test -f 'sa/tasks/ike_delete.c'; then $(CYGPATH_W) 'sa/tasks/ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_delete.c'; fi`
-sender.o: threads/sender.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.o -MD -MP -MF "$(DEPDIR)/sender.Tpo" -c -o sender.o `test -f 'threads/sender.c' || echo '$(srcdir)/'`threads/sender.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sender.Tpo" "$(DEPDIR)/sender.Po"; else rm -f "$(DEPDIR)/sender.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threads/sender.c' object='sender.o' libtool=no @AMDEPBACKSLASH@
+ike_dpd.o: sa/tasks/ike_dpd.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.o -MD -MP -MF "$(DEPDIR)/ike_dpd.Tpo" -c -o ike_dpd.o `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_dpd.Tpo" "$(DEPDIR)/ike_dpd.Po"; else rm -f "$(DEPDIR)/ike_dpd.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_dpd.c' object='ike_dpd.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.o `test -f 'threads/sender.c' || echo '$(srcdir)/'`threads/sender.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.o `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c
-sender.obj: threads/sender.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.obj -MD -MP -MF "$(DEPDIR)/sender.Tpo" -c -o sender.obj `if test -f 'threads/sender.c'; then $(CYGPATH_W) 'threads/sender.c'; else $(CYGPATH_W) '$(srcdir)/threads/sender.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sender.Tpo" "$(DEPDIR)/sender.Po"; else rm -f "$(DEPDIR)/sender.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threads/sender.c' object='sender.obj' libtool=no @AMDEPBACKSLASH@
+ike_dpd.obj: sa/tasks/ike_dpd.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.obj -MD -MP -MF "$(DEPDIR)/ike_dpd.Tpo" -c -o ike_dpd.obj `if test -f 'sa/tasks/ike_dpd.c'; then $(CYGPATH_W) 'sa/tasks/ike_dpd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_dpd.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_dpd.Tpo" "$(DEPDIR)/ike_dpd.Po"; else rm -f "$(DEPDIR)/ike_dpd.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_dpd.c' object='ike_dpd.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.obj `if test -f 'threads/sender.c'; then $(CYGPATH_W) 'threads/sender.c'; else $(CYGPATH_W) '$(srcdir)/threads/sender.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.obj `if test -f 'sa/tasks/ike_dpd.c'; then $(CYGPATH_W) 'sa/tasks/ike_dpd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_dpd.c'; fi`
-receiver.o: threads/receiver.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.o -MD -MP -MF "$(DEPDIR)/receiver.Tpo" -c -o receiver.o `test -f 'threads/receiver.c' || echo '$(srcdir)/'`threads/receiver.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/receiver.Tpo" "$(DEPDIR)/receiver.Po"; else rm -f "$(DEPDIR)/receiver.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threads/receiver.c' object='receiver.o' libtool=no @AMDEPBACKSLASH@
+ike_init.o: sa/tasks/ike_init.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.o -MD -MP -MF "$(DEPDIR)/ike_init.Tpo" -c -o ike_init.o `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_init.Tpo" "$(DEPDIR)/ike_init.Po"; else rm -f "$(DEPDIR)/ike_init.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_init.c' object='ike_init.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.o `test -f 'threads/receiver.c' || echo '$(srcdir)/'`threads/receiver.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.o `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c
-receiver.obj: threads/receiver.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.obj -MD -MP -MF "$(DEPDIR)/receiver.Tpo" -c -o receiver.obj `if test -f 'threads/receiver.c'; then $(CYGPATH_W) 'threads/receiver.c'; else $(CYGPATH_W) '$(srcdir)/threads/receiver.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/receiver.Tpo" "$(DEPDIR)/receiver.Po"; else rm -f "$(DEPDIR)/receiver.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threads/receiver.c' object='receiver.obj' libtool=no @AMDEPBACKSLASH@
+ike_init.obj: sa/tasks/ike_init.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.obj -MD -MP -MF "$(DEPDIR)/ike_init.Tpo" -c -o ike_init.obj `if test -f 'sa/tasks/ike_init.c'; then $(CYGPATH_W) 'sa/tasks/ike_init.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_init.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_init.Tpo" "$(DEPDIR)/ike_init.Po"; else rm -f "$(DEPDIR)/ike_init.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_init.c' object='ike_init.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.obj `if test -f 'sa/tasks/ike_init.c'; then $(CYGPATH_W) 'sa/tasks/ike_init.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_init.c'; fi`
+
+ike_natd.o: sa/tasks/ike_natd.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.o -MD -MP -MF "$(DEPDIR)/ike_natd.Tpo" -c -o ike_natd.o `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_natd.Tpo" "$(DEPDIR)/ike_natd.Po"; else rm -f "$(DEPDIR)/ike_natd.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_natd.c' object='ike_natd.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.o `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c
+
+ike_natd.obj: sa/tasks/ike_natd.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.obj -MD -MP -MF "$(DEPDIR)/ike_natd.Tpo" -c -o ike_natd.obj `if test -f 'sa/tasks/ike_natd.c'; then $(CYGPATH_W) 'sa/tasks/ike_natd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_natd.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_natd.Tpo" "$(DEPDIR)/ike_natd.Po"; else rm -f "$(DEPDIR)/ike_natd.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_natd.c' object='ike_natd.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.obj `if test -f 'sa/tasks/ike_natd.c'; then $(CYGPATH_W) 'sa/tasks/ike_natd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_natd.c'; fi`
+
+ike_rekey.o: sa/tasks/ike_rekey.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.o -MD -MP -MF "$(DEPDIR)/ike_rekey.Tpo" -c -o ike_rekey.o `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_rekey.Tpo" "$(DEPDIR)/ike_rekey.Po"; else rm -f "$(DEPDIR)/ike_rekey.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_rekey.c' object='ike_rekey.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.obj `if test -f 'threads/receiver.c'; then $(CYGPATH_W) 'threads/receiver.c'; else $(CYGPATH_W) '$(srcdir)/threads/receiver.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.o `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c
-stroke_interface.o: threads/stroke_interface.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT stroke_interface.o -MD -MP -MF "$(DEPDIR)/stroke_interface.Tpo" -c -o stroke_interface.o `test -f 'threads/stroke_interface.c' || echo '$(srcdir)/'`threads/stroke_interface.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/stroke_interface.Tpo" "$(DEPDIR)/stroke_interface.Po"; else rm -f "$(DEPDIR)/stroke_interface.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threads/stroke_interface.c' object='stroke_interface.o' libtool=no @AMDEPBACKSLASH@
+ike_rekey.obj: sa/tasks/ike_rekey.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.obj -MD -MP -MF "$(DEPDIR)/ike_rekey.Tpo" -c -o ike_rekey.obj `if test -f 'sa/tasks/ike_rekey.c'; then $(CYGPATH_W) 'sa/tasks/ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_rekey.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ike_rekey.Tpo" "$(DEPDIR)/ike_rekey.Po"; else rm -f "$(DEPDIR)/ike_rekey.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_rekey.c' object='ike_rekey.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.obj `if test -f 'sa/tasks/ike_rekey.c'; then $(CYGPATH_W) 'sa/tasks/ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_rekey.c'; fi`
+
+task.o: sa/tasks/task.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.o -MD -MP -MF "$(DEPDIR)/task.Tpo" -c -o task.o `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/task.Tpo" "$(DEPDIR)/task.Po"; else rm -f "$(DEPDIR)/task.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/task.c' object='task.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o stroke_interface.o `test -f 'threads/stroke_interface.c' || echo '$(srcdir)/'`threads/stroke_interface.c
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.o `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c
-stroke_interface.obj: threads/stroke_interface.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT stroke_interface.obj -MD -MP -MF "$(DEPDIR)/stroke_interface.Tpo" -c -o stroke_interface.obj `if test -f 'threads/stroke_interface.c'; then $(CYGPATH_W) 'threads/stroke_interface.c'; else $(CYGPATH_W) '$(srcdir)/threads/stroke_interface.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/stroke_interface.Tpo" "$(DEPDIR)/stroke_interface.Po"; else rm -f "$(DEPDIR)/stroke_interface.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threads/stroke_interface.c' object='stroke_interface.obj' libtool=no @AMDEPBACKSLASH@
+task.obj: sa/tasks/task.c
+@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.obj -MD -MP -MF "$(DEPDIR)/task.Tpo" -c -o task.obj `if test -f 'sa/tasks/task.c'; then $(CYGPATH_W) 'sa/tasks/task.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/task.c'; fi`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/task.Tpo" "$(DEPDIR)/task.Po"; else rm -f "$(DEPDIR)/task.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/task.c' object='task.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o stroke_interface.obj `if test -f 'threads/stroke_interface.c'; then $(CYGPATH_W) 'threads/stroke_interface.c'; else $(CYGPATH_W) '$(srcdir)/threads/stroke_interface.c'; fi`
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.obj `if test -f 'sa/tasks/task.c'; then $(CYGPATH_W) 'sa/tasks/task.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/task.c'; fi`
mostlyclean-libtool:
-rm -f *.lo
@@ -1780,7 +1909,7 @@ check-am: all-am
check: check-am
all-am: Makefile $(LTLIBRARIES) $(PROGRAMS)
installdirs:
- for dir in "$(DESTDIR)$(eapdir)" "$(DESTDIR)$(ipsecdir)"; do \
+ for dir in "$(DESTDIR)$(backenddir)" "$(DESTDIR)$(eapdir)" "$(DESTDIR)$(interfacedir)" "$(DESTDIR)$(ipsecdir)"; do \
test -z "$$dir" || $(mkdir_p) "$$dir"; \
done
install: install-am
@@ -1809,8 +1938,9 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-eapLTLIBRARIES clean-generic clean-ipsecPROGRAMS \
- clean-libtool mostlyclean-am
+clean-am: clean-backendLTLIBRARIES clean-eapLTLIBRARIES clean-generic \
+ clean-interfaceLTLIBRARIES clean-ipsecPROGRAMS clean-libtool \
+ mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -1828,7 +1958,8 @@ info: info-am
info-am:
-install-data-am: install-eapLTLIBRARIES install-ipsecPROGRAMS
+install-data-am: install-backendLTLIBRARIES install-eapLTLIBRARIES \
+ install-interfaceLTLIBRARIES install-ipsecPROGRAMS
install-exec-am:
@@ -1856,22 +1987,26 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-eapLTLIBRARIES uninstall-info-am \
+uninstall-am: uninstall-backendLTLIBRARIES uninstall-eapLTLIBRARIES \
+ uninstall-info-am uninstall-interfaceLTLIBRARIES \
uninstall-ipsecPROGRAMS
.PHONY: CTAGS GTAGS all all-am check check-am clean \
- clean-eapLTLIBRARIES clean-generic clean-ipsecPROGRAMS \
- clean-libtool ctags distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-eapLTLIBRARIES \
- install-exec install-exec-am install-info install-info-am \
+ clean-backendLTLIBRARIES clean-eapLTLIBRARIES clean-generic \
+ clean-interfaceLTLIBRARIES clean-ipsecPROGRAMS clean-libtool \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am \
+ install-backendLTLIBRARIES install-data install-data-am \
+ install-eapLTLIBRARIES install-exec install-exec-am \
+ install-info install-info-am install-interfaceLTLIBRARIES \
install-ipsecPROGRAMS install-man install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-eapLTLIBRARIES \
- uninstall-info-am uninstall-ipsecPROGRAMS
+ tags uninstall uninstall-am uninstall-backendLTLIBRARIES \
+ uninstall-eapLTLIBRARIES uninstall-info-am \
+ uninstall-interfaceLTLIBRARIES uninstall-ipsecPROGRAMS
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/charon/bus/bus.c b/src/charon/bus/bus.c
index 740663d5c..5f46cd29e 100644
--- a/src/charon/bus/bus.c
+++ b/src/charon/bus/bus.c
@@ -185,6 +185,28 @@ static void add_listener(private_bus_t *this, bus_listener_t *listener)
}
/**
+ * Implementation of bus_t.remove_listener.
+ */
+static void remove_listener(private_bus_t *this, bus_listener_t *listener)
+{
+ iterator_t *iterator;
+ bus_listener_t *current;
+
+ pthread_mutex_lock(&this->mutex);
+ iterator = this->listeners->create_iterator(this->listeners, TRUE);
+ while (iterator->iterate(iterator, (void**)&current))
+ {
+ if (current == listener)
+ {
+ iterator->remove(iterator);
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+ pthread_mutex_unlock(&this->mutex);
+}
+
+/**
* Get the listener object for the calling thread
*/
static active_listener_t *get_active_listener(private_bus_t *this)
@@ -216,6 +238,32 @@ static active_listener_t *get_active_listener(private_bus_t *this)
return found;
}
+typedef struct cancel_info_t cancel_info_t;
+
+/**
+ * cancellation info to cancel a listening operation cleanly
+ */
+struct cancel_info_t {
+ /**
+ * mutex to unlock on cancellation
+ */
+ pthread_mutex_t *mutex;
+
+ /**
+ * listener to unregister
+ */
+ active_listener_t *listener;
+};
+
+/**
+ * disable a listener to cleanly clean up
+ */
+static void unregister(cancel_info_t *info)
+{
+ info->listener->state = UNREGISTERED;
+ pthread_mutex_unlock(info->mutex);
+}
+
/**
* Implementation of bus_t.listen.
*/
@@ -223,14 +271,24 @@ static signal_t listen_(private_bus_t *this, level_t *level, int *thread,
ike_sa_t **ike_sa, char** format, va_list* args)
{
active_listener_t *listener;
+ int oldstate;
+ cancel_info_t info;
pthread_mutex_lock(&this->mutex);
listener = get_active_listener(this);
/* go "listening", say hello to a thread which have a signal for us */
listener->state = LISTENING;
pthread_cond_broadcast(&listener->cond);
- /* wait until it has us delivered a signal, and go back to "registered" */
+ /* wait until it has us delivered a signal, and go back to "registered".
+ * we allow cancellation here, but must cleanly disable the listener. */
+ info.mutex = &this->mutex;
+ info.listener = listener;
+ pthread_cleanup_push((void*)unregister, &info);
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
pthread_cond_wait(&listener->cond, &this->mutex);
+ pthread_setcancelstate(oldstate, NULL);
+ pthread_cleanup_pop(0);
+
pthread_mutex_unlock(&this->mutex);
/* return signal values */
@@ -299,7 +357,6 @@ static void vsignal(private_bus_t *this, signal_t signal, level_t level,
while (iterator->iterate(iterator, (void**)&listener))
{
va_list args_copy;
-
va_copy(args_copy, args);
if (!listener->signal(listener, signal, level, thread,
ike_sa, format, args_copy))
@@ -315,8 +372,11 @@ static void vsignal(private_bus_t *this, signal_t signal, level_t level,
iterator = this->active_listeners->create_iterator(this->active_listeners, TRUE);
while (iterator->iterate(iterator, (void**)&active_listener))
{
- /* wait until it is back */
- while (active_listener->state == REGISTERED)
+ /* wait until all threads are registered. But if the thread raising
+ * the signal is the same as the one that listens, we skip it.
+ * Otherwise we would deadlock. */
+ while (active_listener->id != pthread_self() &&
+ active_listener->state == REGISTERED)
{
pthread_cond_wait(&active_listener->cond, &this->mutex);
}
@@ -339,7 +399,9 @@ static void vsignal(private_bus_t *this, signal_t signal, level_t level,
iterator->reset(iterator);
while (iterator->iterate(iterator, (void**)&active_listener))
{
- while (active_listener->state == REGISTERED)
+ /* do not wait for ourself, it won't happen (see above) */
+ while (active_listener->id != pthread_self() &&
+ active_listener->state == REGISTERED)
{
pthread_cond_wait(&active_listener->cond, &this->mutex);
}
@@ -380,6 +442,7 @@ bus_t *bus_create()
private_bus_t *this = malloc_thing(private_bus_t);
this->public.add_listener = (void(*)(bus_t*,bus_listener_t*))add_listener;
+ this->public.remove_listener = (void(*)(bus_t*,bus_listener_t*))remove_listener;
this->public.listen = (signal_t(*)(bus_t*,level_t*,int*,ike_sa_t**,char**,va_list*))listen_;
this->public.set_listen_state = (void(*)(bus_t*,bool))set_listen_state;
this->public.set_sa = (void(*)(bus_t*,ike_sa_t*))set_sa;
diff --git a/src/charon/bus/bus.h b/src/charon/bus/bus.h
index 200525fb7..4b46c7e82 100644
--- a/src/charon/bus/bus.h
+++ b/src/charon/bus/bus.h
@@ -266,6 +266,14 @@ struct bus_t {
void (*add_listener) (bus_t *this, bus_listener_t *listener);
/**
+ * @brief Unregister a listener from the bus.
+ *
+ * @param this bus
+ * @param listener listener to unregister.
+ */
+ void (*remove_listener) (bus_t *this, bus_listener_t *listener);
+
+ /**
* @brief Listen actively on the bus.
*
* As we are fully multithreaded, we must provide a mechanism
@@ -275,6 +283,9 @@ struct bus_t {
* it processes a signal, registration is required. This is done through
* the set_listen_state() method, see below.
*
+ * The listen() function is (has) a thread cancellation point, so might
+ * want to register cleanup handlers.
+ *
* @param this bus
* @param level verbosity level of the signal
* @param thread receives thread number emitted the signal
diff --git a/src/charon/config/backend_manager.c b/src/charon/config/backend_manager.c
new file mode 100644
index 000000000..6df68c700
--- /dev/null
+++ b/src/charon/config/backend_manager.c
@@ -0,0 +1,229 @@
+/**
+ * @file backend_manager.c
+ *
+ * @brief Implementation of backend_manager_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "backend_manager.h"
+
+#include <sys/types.h>
+#include <dirent.h>
+#include <sys/stat.h>
+#include <dlfcn.h>
+
+#include <daemon.h>
+#include <utils/linked_list.h>
+#include <config/backends/writeable_backend.h>
+
+
+typedef struct private_backend_manager_t private_backend_manager_t;
+
+/**
+ * Private data of an backend_manager_t object.
+ */
+struct private_backend_manager_t {
+
+ /**
+ * Public part of backend_manager_t object.
+ */
+ backend_manager_t public;
+
+ /**
+ * list of registered backends
+ */
+ linked_list_t *backends;
+
+ /**
+ * Additional list of writable backends.
+ */
+ linked_list_t *writeable;
+
+ /**
+ * List of dlopen() handles we used to open backends
+ */
+ linked_list_t *handles;
+};
+
+/**
+ * implements backend_manager_t.get_ike_cfg.
+ */
+static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this,
+ host_t *my_host, host_t *other_host)
+{
+ backend_t *backend;
+ ike_cfg_t *config = NULL;
+ iterator_t *iterator = this->backends->create_iterator(this->backends, TRUE);
+ while (config == NULL && iterator->iterate(iterator, (void**)&backend))
+ {
+ config = backend->get_ike_cfg(backend, my_host, other_host);
+ }
+ iterator->destroy(iterator);
+ return config;
+}
+
+/**
+ * implements backend_manager_t.get_peer_cfg.
+ */
+static peer_cfg_t *get_peer_cfg(private_backend_manager_t *this,
+ identification_t *my_id, identification_t *other_id,
+ ca_info_t *other_ca_info)
+{
+ backend_t *backend;
+ peer_cfg_t *config = NULL;
+ iterator_t *iterator = this->backends->create_iterator(this->backends, TRUE);
+ while (config == NULL && iterator->iterate(iterator, (void**)&backend))
+ {
+ config = backend->get_peer_cfg(backend, my_id, other_id, other_ca_info);
+ }
+ iterator->destroy(iterator);
+ return config;
+}
+
+/**
+ * implements backend_manager_t.add_peer_cfg.
+ */
+static void add_peer_cfg(private_backend_manager_t *this, peer_cfg_t *config)
+{
+ writeable_backend_t *backend;
+
+ if (this->writeable->get_first(this->writeable, (void**)&backend) == SUCCESS)
+ {
+ backend->add_cfg(backend, config);
+ }
+}
+
+/**
+ * implements backend_manager_t.create_iterator.
+ */
+static iterator_t* create_iterator(private_backend_manager_t *this)
+{
+ writeable_backend_t *backend;
+
+ if (this->writeable->get_first(this->writeable, (void**)&backend) == SUCCESS)
+ {
+ return backend->create_iterator(backend);
+ }
+ /* give out an empty iterator if we have no writable backend*/
+ return this->writeable->create_iterator(this->writeable, TRUE);
+}
+
+/**
+ * load the configuration backend modules
+ */
+static void load_backends(private_backend_manager_t *this)
+{
+ struct dirent* entry;
+ DIR* dir;
+
+ dir = opendir(IPSEC_BACKENDDIR);
+ if (dir == NULL)
+ {
+ DBG1(DBG_CFG, "error opening backend modules directory "IPSEC_BACKENDDIR);
+ return;
+ }
+
+ DBG1(DBG_CFG, "loading backend modules from '"IPSEC_BACKENDDIR"'");
+
+ while ((entry = readdir(dir)) != NULL)
+ {
+ char file[256];
+ backend_t *backend;
+ backend_constructor_t constructor;
+ void *handle;
+ char *ending;
+
+ snprintf(file, sizeof(file), IPSEC_BACKENDDIR"/%s", entry->d_name);
+
+ ending = entry->d_name + strlen(entry->d_name) - 3;
+ if (ending <= entry->d_name || !streq(ending, ".so"))
+ {
+ /* skip anything which does not look like a library */
+ DBG2(DBG_CFG, " skipping %s, doesn't look like a library",
+ entry->d_name);
+ continue;
+ }
+ /* try to load the library */
+ handle = dlopen(file, RTLD_LAZY);
+ if (handle == NULL)
+ {
+ DBG1(DBG_CFG, " opening backend module %s failed: %s",
+ entry->d_name, dlerror());
+ continue;
+ }
+ constructor = dlsym(handle, "backend_create");
+ if (constructor == NULL)
+ {
+ DBG1(DBG_CFG, " backend module %s has no backend_create() "
+ "function, skipped", entry->d_name);
+ dlclose(handle);
+ continue;
+ }
+
+ backend = constructor();
+ if (backend == NULL)
+ {
+ DBG1(DBG_CFG, " unable to create instance of backend "
+ "module %s, skipped", entry->d_name);
+ dlclose(handle);
+ continue;
+ }
+ DBG1(DBG_CFG, " loaded backend module successfully from %s", entry->d_name);
+ this->backends->insert_last(this->backends, backend);
+ if (backend->is_writeable(backend))
+ {
+ this->writeable->insert_last(this->writeable, backend);
+ }
+ this->handles->insert_last(this->handles, handle);
+ }
+ closedir(dir);
+}
+
+/**
+ * Implementation of backend_manager_t.destroy.
+ */
+static void destroy(private_backend_manager_t *this)
+{
+ this->backends->destroy_offset(this->backends, offsetof(backend_t, destroy));
+ this->writeable->destroy(this->writeable);
+ this->handles->destroy_function(this->handles, (void*)dlclose);
+ free(this);
+}
+
+/*
+ * Described in header-file
+ */
+backend_manager_t *backend_manager_create()
+{
+ private_backend_manager_t *this = malloc_thing(private_backend_manager_t);
+
+ this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg;
+ this->public.get_peer_cfg = (peer_cfg_t* (*)(backend_manager_t*,identification_t*,identification_t*,ca_info_t*))get_peer_cfg;
+ this->public.add_peer_cfg = (void (*)(backend_manager_t*,peer_cfg_t*))add_peer_cfg;
+ this->public.create_iterator = (iterator_t* (*)(backend_manager_t*))create_iterator;
+ this->public.destroy = (void (*)(backend_manager_t*))destroy;
+
+ this->backends = linked_list_create();
+ this->writeable = linked_list_create();
+ this->handles = linked_list_create();
+
+ load_backends(this);
+
+ return &this->public;
+}
+
diff --git a/src/charon/config/backend_manager.h b/src/charon/config/backend_manager.h
new file mode 100644
index 000000000..22a19a218
--- /dev/null
+++ b/src/charon/config/backend_manager.h
@@ -0,0 +1,124 @@
+/**
+ * @file backend_manager.h
+ *
+ * @brief Interface backend_manager_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef BACKEND_MANAGER_H_
+#define BACKEND_MANAGER_H_
+
+typedef struct backend_manager_t backend_manager_t;
+
+#include <library.h>
+#include <utils/host.h>
+#include <utils/identification.h>
+#include <config/ike_cfg.h>
+#include <config/peer_cfg.h>
+#include <config/backends/backend.h>
+
+
+/**
+ * @brief A loader and multiplexer to use multiple backends.
+ *
+ * Charon allows the use of multiple configuration backends simultaneously. To
+ * access all this backends by a single call, this class wraps multiple
+ * backends behind a single object. It is also responsible for loading
+ * the backend modules and cleaning them up.
+ * A backend may be writeable or not. All backends implement the backend_t
+ * interface, those who are writeable additionally implement the
+ * writeable_backend_t interface. Adding configs to the backend_manager will
+ * be redirected to the first writeable backend.
+ * @verbatim
+
+ +---------+ +-----------+ +--------------+ |
+ | | | | +--------------+ | |
+ | daemon |----->| backend_- | +--------------+ |-+ <==|==> IPC
+ | core | | manager |---->| backends |-+ |
+ | |----->| | +--------------+ |
+ | | | | |
+ +---------+ +-----------+ |
+
+ @endverbatim
+ *
+ * @b Constructors:
+ * - backend_manager_create()
+ *
+ * @ingroup config
+ */
+struct backend_manager_t {
+
+ /**
+ * @brief Get an ike_config identified by two hosts.
+ *
+ * @param this calling object
+ * @param my_host address of own host
+ * @param other_host address of remote host
+ * @return matching ike_config, or NULL if none found
+ */
+ ike_cfg_t* (*get_ike_cfg)(backend_manager_t *this,
+ host_t *my_host, host_t *other_host);
+
+ /**
+ * @brief Get a peer_config identified by two IDs and the peer's certificate issuer
+ *
+ * @param this calling object
+ * @param my_id own ID
+ * @param other_id peer ID
+ * @param other_ca_info info record on issuer of peer certificate
+ * @return matching peer_config, or NULL if none found
+ */
+ peer_cfg_t* (*get_peer_cfg)(backend_manager_t *this,
+ identification_t *my_id, identification_t *other_id,
+ ca_info_t *other_ca_info);
+
+ /**
+ * @brief Add a peer_config to the first found writable backend.
+ *
+ * @param this calling object
+ * @param config peer_config to add to the backend
+ */
+ void (*add_peer_cfg)(backend_manager_t *this, peer_cfg_t *config);
+
+ /**
+ * @brief Create an iterator over all peer configs of the writable backend.
+ *
+ * @param this calling object
+ * @return iterator over peer configs
+ */
+ iterator_t* (*create_iterator)(backend_manager_t *this);
+
+ /**
+ * @brief Destroys a backend_manager_t object.
+ *
+ * @param this calling object
+ */
+ void (*destroy) (backend_manager_t *this);
+};
+
+/**
+ * @brief Creates a new instance of the manager and loads all backends.
+ *
+ * @return backend_manager instance
+ *
+ * @ingroup config
+ */
+backend_manager_t* backend_manager_create(void);
+
+#endif /*BACKEND_MANAGER_H_*/
+
diff --git a/src/charon/config/backends/backend.h b/src/charon/config/backends/backend.h
new file mode 100644
index 000000000..acab660b6
--- /dev/null
+++ b/src/charon/config/backends/backend.h
@@ -0,0 +1,96 @@
+/**
+ * @file backend.h
+ *
+ * @brief Interface backend_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef BACKEND_H_
+#define BACKEND_H_
+
+typedef struct backend_t backend_t;
+
+#include <library.h>
+#include <config/ike_cfg.h>
+#include <config/peer_cfg.h>
+#include <utils/linked_list.h>
+
+/**
+ * @brief The interface for a configuration backend.
+ *
+ * A configuration backend is loaded by the backend_manager. It does the actual
+ * configuration lookup for the method it implements. See backend_manager_t for
+ * more information.
+ *
+ * @b Constructors:
+ * - implementations constructors
+ *
+ * @ingroup backends
+ */
+struct backend_t {
+
+ /**
+ * @brief Get an ike_cfg identified by two hosts.
+ *
+ * @param this calling object
+ * @param my_host address of own host
+ * @param other_host address of remote host
+ * @return matching ike_config, or NULL if none found
+ */
+ ike_cfg_t *(*get_ike_cfg)(backend_t *this,
+ host_t *my_host, host_t *other_host);
+
+ /**
+ * @brief Get a peer_cfg identified by two IDs.
+ *
+ * Select a config based on the two IDs and the other's certificate issuer
+ *
+ * @param this calling object
+ * @param my_id own ID
+ * @param other_id peer ID
+ * @param other_ca_info info record on issuer of peer certificate
+ * @return matching peer_config, or NULL if none found
+ */
+ peer_cfg_t *(*get_peer_cfg)(backend_t *this,
+ identification_t *my_id, identification_t *other_id,
+ ca_info_t *other_ca_info);
+
+ /**
+ * @brief Check if a backend is writable and implements writable_backend_t.
+ *
+ * @param this calling object
+ * @return TRUE if backend implements writable_backend_t.
+ */
+ bool (*is_writeable)(backend_t *this);
+
+ /**
+ * @brief Destroy a backend.
+ *
+ * @param this calling object
+ */
+ void (*destroy)(backend_t *this);
+};
+
+
+/**
+ * Construction to create a backend.
+ */
+typedef backend_t*(*backend_constructor_t)(void);
+
+#endif /* BACKEND_H_ */
+
diff --git a/src/charon/config/backends/local_backend.c b/src/charon/config/backends/local_backend.c
new file mode 100644
index 000000000..2e80cc870
--- /dev/null
+++ b/src/charon/config/backends/local_backend.c
@@ -0,0 +1,274 @@
+/**
+ * @file local_backend.c
+ *
+ * @brief Implementation of local_backend_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "local_backend.h"
+
+#include <daemon.h>
+#include <utils/linked_list.h>
+#include <crypto/ca.h>
+
+
+typedef struct private_local_backend_t private_local_backend_t;
+
+/**
+ * Private data of an local_backend_t object
+ */
+struct private_local_backend_t {
+
+ /**
+ * Public part
+ */
+ local_backend_t public;
+
+ /**
+ * list of configs
+ */
+ linked_list_t *cfgs;
+
+ /**
+ * Mutex to exclusivly access list
+ */
+ pthread_mutex_t mutex;
+};
+
+/**
+ * implements backen_t.get_ike_cfg.
+ */
+static ike_cfg_t *get_ike_cfg(private_local_backend_t *this,
+ host_t *my_host, host_t *other_host)
+{
+ peer_cfg_t *peer;
+ ike_cfg_t *current, *found = NULL;
+ iterator_t *iterator;
+ host_t *my_candidate, *other_candidate;
+ enum {
+ MATCH_NONE = 0x00,
+ MATCH_ANY = 0x01,
+ MATCH_ME = 0x04,
+ MATCH_OTHER = 0x08,
+ } prio, best = MATCH_ANY;
+
+ DBG2(DBG_CFG, "looking for a config for %H...%H",
+ my_host, other_host);
+
+ iterator = this->cfgs->create_iterator_locked(this->cfgs, &this->mutex);
+ while (iterator->iterate(iterator, (void**)&peer))
+ {
+ prio = MATCH_NONE;
+ current = peer->get_ike_cfg(peer);
+ my_candidate = current->get_my_host(current);
+ other_candidate = current->get_other_host(current);
+
+ if (my_candidate->ip_equals(my_candidate, my_host))
+ {
+ prio += MATCH_ME;
+ }
+ else if (my_candidate->is_anyaddr(my_candidate))
+ {
+ prio += MATCH_ANY;
+ }
+
+ if (other_candidate->ip_equals(other_candidate, other_host))
+ {
+ prio += MATCH_OTHER;
+ }
+ else if (other_candidate->is_anyaddr(other_candidate))
+ {
+ prio += MATCH_ANY;
+ }
+
+ DBG2(DBG_CFG, " candidate '%s': %H...%H, prio %d",
+ peer->get_name(peer), my_candidate, other_candidate, prio);
+
+ /* we require at least two MATCH_ANY */
+ if (prio > best)
+ {
+ best = prio;
+ found = current;
+ }
+ }
+ if (found)
+ {
+ found->get_ref(found);
+ }
+ iterator->destroy(iterator);
+ return found;
+}
+
+#define PRIO_NO_MATCH_FOUND 256
+
+/**
+ * implements backend_t.get_peer.
+ */
+static peer_cfg_t *get_peer_cfg(private_local_backend_t *this,
+ identification_t *my_id, identification_t *other_id,
+ ca_info_t *other_ca_info)
+{
+ peer_cfg_t *current, *found = NULL;
+ iterator_t *iterator;
+ identification_t *my_candidate, *other_candidate;
+ int best = PRIO_NO_MATCH_FOUND;
+
+ DBG2(DBG_CFG, "looking for a config for %D...%D", my_id, other_id);
+
+ iterator = this->cfgs->create_iterator_locked(this->cfgs, &this->mutex);
+ while (iterator->iterate(iterator, (void**)&current))
+ {
+ int wc1, wc2;
+
+ my_candidate = current->get_my_id(current);
+ other_candidate = current->get_other_id(current);
+
+ if (my_candidate->matches(my_candidate, my_id, &wc1)
+ && other_id->matches(other_id, other_candidate, &wc2))
+ {
+ int prio = (wc1 + wc2) * (MAX_CA_PATH_LEN + 1);
+ int pathlen = 0;
+ identification_t *other_candidate_ca = current->get_other_ca(current);
+
+ /* are there any ca constraints? */
+ if (other_candidate_ca->get_type(other_candidate_ca) != ID_ANY)
+ {
+ ca_info_t *ca_info = other_ca_info;
+
+ for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
+ {
+ if (ca_info == NULL)
+ {
+ prio = PRIO_NO_MATCH_FOUND;
+ break;
+ }
+ else
+ {
+ x509_t *cacert = ca_info->get_certificate(ca_info);
+ identification_t *other_ca = cacert->get_subject(cacert);
+
+ if (other_candidate_ca->equals(other_candidate_ca, other_ca))
+ {
+ /* found a ca match */
+ break;
+ }
+ if (cacert->is_self_signed(cacert))
+ {
+ /* reached the root ca without a match */
+ prio = PRIO_NO_MATCH_FOUND;
+ break;
+ }
+ /* move a level upward in the trust path hierarchy */
+ ca_info = charon->credentials->get_issuer(charon->credentials, cacert);
+ }
+ }
+ if (pathlen == MAX_CA_PATH_LEN)
+ {
+ DBG1(DBG_CFG, "maximum ca path length of %d levels reached", MAX_CA_PATH_LEN);
+ prio = PRIO_NO_MATCH_FOUND;
+ }
+ }
+ if (prio == PRIO_NO_MATCH_FOUND)
+ {
+ DBG2(DBG_CFG, " candidate '%s': %D...%D, no ca match",
+ current->get_name(current), my_candidate, other_candidate);
+ }
+ else
+ {
+ prio += pathlen;
+ DBG2(DBG_CFG, " candidate '%s': %D...%D, prio %d",
+ current->get_name(current), my_candidate, other_candidate, prio);
+
+ if (prio < best)
+ {
+ found = current;
+ best = prio;
+ }
+ }
+ }
+ }
+ if (found)
+ {
+ DBG1(DBG_CFG, "found matching config \"%s\": %D...%D, prio %d",
+ found->get_name(found),
+ found->get_my_id(found),
+ found->get_other_id(found),
+ best);
+ found->get_ref(found);
+ }
+ iterator->destroy(iterator);
+ return found;
+}
+
+/**
+ * Implementation of backend_t.is_writable.
+ */
+static bool is_writeable(private_local_backend_t *this)
+{
+ return TRUE;
+}
+
+/**
+ * Implementation of writable_backend_t.create_iterator.
+ */
+static iterator_t* create_iterator(private_local_backend_t *this)
+{
+ return this->cfgs->create_iterator_locked(this->cfgs, &this->mutex);
+}
+
+/**
+ * Implementation of writable_backend_t.add_peer_cfg.
+ */
+static void add_cfg(private_local_backend_t *this, peer_cfg_t *config)
+{
+ pthread_mutex_lock(&this->mutex);
+ this->cfgs->insert_last(this->cfgs, config);
+ pthread_mutex_unlock(&this->mutex);
+}
+
+/**
+ * Implementation of backend_t.destroy.
+ */
+static void destroy(private_local_backend_t *this)
+{
+ this->cfgs->destroy_offset(this->cfgs, offsetof(peer_cfg_t, destroy));
+ free(this);
+}
+
+/**
+ * Described in header.
+ */
+backend_t *backend_create(void)
+{
+ private_local_backend_t *this = malloc_thing(private_local_backend_t);
+
+ this->public.backend.backend.get_ike_cfg = (ike_cfg_t* (*)(backend_t*, host_t*, host_t*))get_ike_cfg;
+ this->public.backend.backend.get_peer_cfg = (peer_cfg_t* (*)(backend_t*,identification_t*,identification_t*,ca_info_t*))get_peer_cfg;
+ this->public.backend.backend.is_writeable = (bool(*) (backend_t*))is_writeable;
+ this->public.backend.backend.destroy = (void (*)(backend_t*))destroy;
+ this->public.backend.create_iterator = (iterator_t* (*)(writeable_backend_t*))create_iterator;
+ this->public.backend.add_cfg = (void (*)(writeable_backend_t*,peer_cfg_t*))add_cfg;
+
+ /* private variables */
+ this->cfgs = linked_list_create();
+ pthread_mutex_init(&this->mutex, NULL);
+
+ return &this->public.backend.backend;
+}
diff --git a/src/charon/config/backends/local_backend.h b/src/charon/config/backends/local_backend.h
new file mode 100644
index 000000000..b33c6443b
--- /dev/null
+++ b/src/charon/config/backends/local_backend.h
@@ -0,0 +1,60 @@
+/**
+ * @file local_backend.h
+ *
+ * @brief Interface of local_backend_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef LOCAL_BACKEND_H_
+#define LOCAL_BACKEND_H_
+
+typedef struct local_backend_t local_backend_t;
+
+#include <library.h>
+#include <config/backends/writeable_backend.h>
+
+/**
+ * @brief An in-memory backend to store configurations.
+ *
+ * The local_backend_t stores the configuration in a simple list. It
+ * implements both, backend_t and writeable_backend_t.
+ *
+ * @b Constructors:
+ * - local_backend_create()
+ *
+ * @ingroup backends
+ */
+struct local_backend_t {
+
+ /**
+ * Implements writable_backend_t interface
+ */
+ writeable_backend_t backend;
+};
+
+/**
+ * @brief Create a backend_t instance implemented as local backend.
+ *
+ * @return backend instance
+ *
+ * @ingroup backends
+ */
+backend_t *backend_create(void);
+
+#endif /* LOCAL_BACKEND_H_ */
+
diff --git a/src/charon/config/backends/writeable_backend.h b/src/charon/config/backends/writeable_backend.h
new file mode 100644
index 000000000..ea62f62c9
--- /dev/null
+++ b/src/charon/config/backends/writeable_backend.h
@@ -0,0 +1,64 @@
+/**
+ * @file writeable_backend.h
+ *
+ * @brief Interface of writeable_backend_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef WRITEABLE_BACKEND_H_
+#define WRITEABLE_BACKEND_H_
+
+typedef struct writeable_backend_t writeable_backend_t;
+
+#include <library.h>
+#include <config/backends/backend.h>
+
+/**
+ * @brief A writeable backend extends backend_t by modification functions.
+ *
+ * @b Constructors:
+ * - writeable_backend_create()
+ *
+ * @ingroup backends
+ */
+struct writeable_backend_t {
+
+ /**
+ * Implements backend_t interface
+ */
+ backend_t backend;
+
+ /**
+ * @brief Add a peer_config to the backend.
+ *
+ * @param this calling object
+ * @param config peer_config to add to the backend
+ */
+ void (*add_cfg)(writeable_backend_t *this, peer_cfg_t *config);
+
+ /**
+ * @brief Create an iterator over all peer configs.
+ *
+ * @param this calling object
+ * @return iterator over peer configs
+ */
+ iterator_t* (*create_iterator)(writeable_backend_t *this);
+};
+
+#endif /* WRITEABLE_BACKEND_H_ */
+
diff --git a/src/charon/config/child_cfg.c b/src/charon/config/child_cfg.c
new file mode 100644
index 000000000..e9f0e5249
--- /dev/null
+++ b/src/charon/config/child_cfg.c
@@ -0,0 +1,449 @@
+/**
+ * @file child_cfg.c
+ *
+ * @brief Implementation of child_cfg_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005-2007 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+
+#include "child_cfg.h"
+
+#include <daemon.h>
+
+ENUM(mode_names, MODE_TRANSPORT, MODE_BEET,
+ "TRANSPORT",
+ "TUNNEL",
+ "2",
+ "3",
+ "BEET",
+);
+
+typedef struct private_child_cfg_t private_child_cfg_t;
+
+/**
+ * Private data of an child_cfg_t object
+ */
+struct private_child_cfg_t {
+
+ /**
+ * Public part
+ */
+ child_cfg_t public;
+
+ /**
+ * Number of references hold by others to this child_cfg
+ */
+ refcount_t refcount;
+
+ /**
+ * Name of the child_cfg, used to query it
+ */
+ char *name;
+
+ /**
+ * list for all proposals
+ */
+ linked_list_t *proposals;
+
+ /**
+ * list for traffic selectors for my site
+ */
+ linked_list_t *my_ts;
+
+ /**
+ * list for traffic selectors for others site
+ */
+ linked_list_t *other_ts;
+
+ /**
+ * updown script
+ */
+ char *updown;
+
+ /**
+ * allow host access
+ */
+ bool hostaccess;
+
+ /**
+ * Mode to propose for a initiated CHILD: tunnel/transport
+ */
+ mode_t mode;
+
+ /**
+ * Time before an SA gets invalid
+ */
+ u_int32_t lifetime;
+
+ /**
+ * Time before an SA gets rekeyed
+ */
+ u_int32_t rekeytime;
+
+ /**
+ * Time, which specifies the range of a random value
+ * substracted from rekeytime.
+ */
+ u_int32_t jitter;
+};
+
+/**
+ * Implementation of child_cfg_t.get_name
+ */
+static char *get_name(private_child_cfg_t *this)
+{
+ return this->name;
+}
+
+/**
+ * Implementation of child_cfg_t.add_proposal
+ */
+static void add_proposal(private_child_cfg_t *this, proposal_t *proposal)
+{
+ this->proposals->insert_last(this->proposals, proposal);
+}
+
+/**
+ * strip out DH groups from a proposal
+ */
+static void strip_dh_from_proposal(proposal_t *proposal)
+{
+ iterator_t *iterator;
+ algorithm_t *algo;
+
+ iterator = proposal->create_algorithm_iterator(proposal, DIFFIE_HELLMAN_GROUP);
+ while (iterator->iterate(iterator, (void**)&algo))
+ {
+ iterator->remove(iterator);
+ free(algo);
+ }
+ iterator->destroy(iterator);
+}
+
+/**
+ * Implementation of child_cfg_t.get_proposals
+ */
+static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh)
+{
+ iterator_t *iterator;
+ proposal_t *current;
+ linked_list_t *proposals = linked_list_create();
+
+ iterator = this->proposals->create_iterator(this->proposals, TRUE);
+ while (iterator->iterate(iterator, (void**)&current))
+ {
+ current = current->clone(current);
+ if (strip_dh)
+ {
+ strip_dh_from_proposal(current);
+ }
+ proposals->insert_last(proposals, current);
+ }
+ iterator->destroy(iterator);
+
+ return proposals;
+}
+
+/**
+ * Implementation of child_cfg_t.get_name
+ */
+static proposal_t* select_proposal(private_child_cfg_t*this,
+ linked_list_t *proposals, bool strip_dh)
+{
+ iterator_t *stored_iter, *supplied_iter;
+ proposal_t *stored, *supplied, *selected = NULL;
+
+ stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
+ supplied_iter = proposals->create_iterator(proposals, TRUE);
+
+ /* compare all stored proposals with all supplied. Stored ones are preferred. */
+ while (stored_iter->iterate(stored_iter, (void**)&stored))
+ {
+ stored = stored->clone(stored);
+ supplied_iter->reset(supplied_iter);
+ while (supplied_iter->iterate(supplied_iter, (void**)&supplied))
+ {
+ if (strip_dh)
+ {
+ strip_dh_from_proposal(stored);
+ }
+ selected = stored->select(stored, supplied);
+ if (selected)
+ {
+ break;
+ }
+ }
+ stored->destroy(stored);
+ if (selected)
+ {
+ break;
+ }
+ }
+ stored_iter->destroy(stored_iter);
+ supplied_iter->destroy(supplied_iter);
+ return selected;
+}
+
+/**
+ * Implementation of child_cfg_t.get_name
+ */
+static void add_traffic_selector(private_child_cfg_t *this, bool local,
+ traffic_selector_t *ts)
+{
+ if (local)
+ {
+ this->my_ts->insert_last(this->my_ts, ts);
+ }
+ else
+ {
+ this->other_ts->insert_last(this->other_ts, ts);
+ }
+}
+
+/**
+ * Implementation of child_cfg_t.get_name
+ */
+static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool local,
+ linked_list_t *supplied,
+ host_t *host)
+{
+ iterator_t *i1, *i2;
+ traffic_selector_t *ts1, *ts2, *selected;
+ linked_list_t *result = linked_list_create();
+
+ if (local)
+ {
+ i1 = this->my_ts->create_iterator(this->my_ts, TRUE);
+ }
+ else
+ {
+ i1 = this->other_ts->create_iterator(this->other_ts, FALSE);
+ }
+
+ /* no list supplied, just fetch the stored traffic selectors */
+ if (supplied == NULL)
+ {
+ while (i1->iterate(i1, (void**)&ts1))
+ {
+ /* we make a copy of the TS, this allows us to update dynamic TS' */
+ ts1 = ts1->clone(ts1);
+ if (host)
+ {
+ ts1->set_address(ts1, host);
+ }
+ result->insert_last(result, ts1);
+ }
+ i1->destroy(i1);
+ }
+ else
+ {
+ DBG2(DBG_CFG, "selecting traffic selectors");
+ i2 = supplied->create_iterator(supplied, TRUE);
+ /* iterate over all stored selectors */
+ while (i1->iterate(i1, (void**)&ts1))
+ {
+ /* we make a copy of the TS, as we have to update dynamic TS' */
+ ts1 = ts1->clone(ts1);
+ if (host)
+ {
+ ts1->set_address(ts1, host);
+ }
+
+ i2->reset(i2);
+ /* iterate over all supplied traffic selectors */
+ while (i2->iterate(i2, (void**)&ts2))
+ {
+ DBG2(DBG_CFG, "stored %R <=> %R received", ts1, ts2);
+ selected = ts1->get_subset(ts1, ts2);
+ if (selected)
+ {
+ result->insert_last(result, selected);
+ DBG2(DBG_CFG, "found traffic selector for %s: %R",
+ local ? "us" : "other", selected);
+ }
+ }
+ ts1->destroy(ts1);
+ }
+ i1->destroy(i1);
+ i2->destroy(i2);
+ }
+
+ /* remove any redundant traffic selectors in the list */
+ i1 = result->create_iterator(result, TRUE);
+ i2 = result->create_iterator(result, TRUE);
+ while (i1->iterate(i1, (void**)&ts1))
+ {
+ while (i2->iterate(i2, (void**)&ts2))
+ {
+ if (ts1 != ts2)
+ {
+ if (ts2->is_contained_in(ts2, ts1))
+ {
+ i2->remove(i2);
+ ts2->destroy(ts2);
+ i1->reset(i1);
+ break;
+ }
+ if (ts1->is_contained_in(ts1, ts2))
+ {
+ i1->remove(i1);
+ ts1->destroy(ts1);
+ i2->reset(i2);
+ break;
+ }
+ }
+ }
+ }
+ i1->destroy(i1);
+ i2->destroy(i2);
+
+ return result;
+}
+
+/**
+ * Implementation of child_cfg_t.get_name
+ */
+static char* get_updown(private_child_cfg_t *this)
+{
+ return this->updown;
+}
+
+/**
+ * Implementation of child_cfg_t.get_name
+ */
+static bool get_hostaccess(private_child_cfg_t *this)
+{
+ return this->hostaccess;
+}
+
+/**
+ * Implementation of child_cfg_t.get_name
+ */
+static u_int32_t get_lifetime(private_child_cfg_t *this, bool rekey)
+{
+ if (rekey)
+ {
+ if (this->jitter == 0)
+ {
+ return this->rekeytime;
+ }
+ return this->rekeytime - (random() % this->jitter);
+ }
+ return this->lifetime;
+}
+
+/**
+ * Implementation of child_cfg_t.get_name
+ */
+static mode_t get_mode(private_child_cfg_t *this)
+{
+ return this->mode;
+}
+
+/**
+ * Implementation of child_cfg_t.get_dh_group.
+ */
+static diffie_hellman_group_t get_dh_group(private_child_cfg_t *this)
+{
+ iterator_t *iterator;
+ proposal_t *proposal;
+ algorithm_t *algo;
+ diffie_hellman_group_t dh_group = MODP_NONE;
+
+ iterator = this->proposals->create_iterator(this->proposals, TRUE);
+ while (iterator->iterate(iterator, (void**)&proposal))
+ {
+ if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &algo))
+ {
+ dh_group = algo->algorithm;
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+ return dh_group;
+}
+
+/**
+ * Implementation of child_cfg_t.get_name
+ */
+static void get_ref(private_child_cfg_t *this)
+{
+ ref_get(&this->refcount);
+}
+
+/**
+ * Implements child_cfg_t.destroy.
+ */
+static void destroy(private_child_cfg_t *this)
+{
+ if (ref_put(&this->refcount))
+ {
+ this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
+ this->my_ts->destroy_offset(this->my_ts, offsetof(traffic_selector_t, destroy));
+ this->other_ts->destroy_offset(this->other_ts, offsetof(traffic_selector_t, destroy));
+ if (this->updown)
+ {
+ free(this->updown);
+ }
+ free(this->name);
+ free(this);
+ }
+}
+
+/*
+ * Described in header-file
+ */
+child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
+ u_int32_t rekeytime, u_int32_t jitter,
+ char *updown, bool hostaccess, mode_t mode)
+{
+ private_child_cfg_t *this = malloc_thing(private_child_cfg_t);
+
+ /* public functions */
+ this->public.get_name = (char* (*) (child_cfg_t*))get_name;
+ this->public.add_traffic_selector = (void (*)(child_cfg_t*,bool,traffic_selector_t*))add_traffic_selector;
+ this->public.get_traffic_selectors = (linked_list_t*(*)(child_cfg_t*,bool,linked_list_t*,host_t*))get_traffic_selectors;
+ this->public.add_proposal = (void (*) (child_cfg_t*,proposal_t*))add_proposal;
+ this->public.get_proposals = (linked_list_t* (*) (child_cfg_t*,bool))get_proposals;
+ this->public.select_proposal = (proposal_t* (*) (child_cfg_t*,linked_list_t*,bool))select_proposal;
+ this->public.get_updown = (char* (*) (child_cfg_t*))get_updown;
+ this->public.get_hostaccess = (bool (*) (child_cfg_t*))get_hostaccess;
+ this->public.get_mode = (mode_t (*) (child_cfg_t *))get_mode;
+ this->public.get_lifetime = (u_int32_t (*) (child_cfg_t *,bool))get_lifetime;
+ this->public.get_dh_group = (diffie_hellman_group_t(*)(child_cfg_t*)) get_dh_group;
+ this->public.get_ref = (void (*) (child_cfg_t*))get_ref;
+ this->public.destroy = (void (*) (child_cfg_t*))destroy;
+
+ /* apply init values */
+ this->name = strdup(name);
+ this->lifetime = lifetime;
+ this->rekeytime = rekeytime;
+ this->jitter = jitter;
+ this->updown = updown ? strdup(updown) : NULL;
+ this->hostaccess = hostaccess;
+ this->mode = mode;
+
+ /* initialize private members*/
+ this->refcount = 1;
+ this->proposals = linked_list_create();
+ this->my_ts = linked_list_create();
+ this->other_ts = linked_list_create();
+
+ return &this->public;
+}
diff --git a/src/charon/config/child_cfg.h b/src/charon/config/child_cfg.h
new file mode 100644
index 000000000..e1a6553b4
--- /dev/null
+++ b/src/charon/config/child_cfg.h
@@ -0,0 +1,251 @@
+/**
+ * @file child_cfg.h
+ *
+ * @brief Interface of child_cfg_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005-2007 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef CHILD_CFG_H_
+#define CHILD_CFG_H_
+
+typedef enum mode_t mode_t;
+typedef struct child_cfg_t child_cfg_t;
+
+#include <library.h>
+#include <config/proposal.h>
+#include <config/traffic_selector.h>
+
+/**
+ * @brief Mode of an CHILD_SA.
+ *
+ * These are equal to those defined in XFRM, so don't change.
+ *
+ * @ingroup config
+ */
+enum mode_t {
+ /** transport mode, no inner address */
+ MODE_TRANSPORT = 0,
+ /** tunnel mode, inner and outer addresses */
+ MODE_TUNNEL = 1,
+ /** BEET mode, tunnel mode but fixed, bound inner addresses */
+ MODE_BEET = 4,
+};
+
+/**
+ * enum names for mode_t.
+ */
+extern enum_name_t *mode_names;
+
+/**
+ * @brief A child_cfg_t defines the config template for a CHILD_SA.
+ *
+ * After creation, proposals and traffic selectors may be added to the config.
+ * A child_cfg object is referenced multiple times, and is not thread save.
+ * Reading from the object is save, adding things is not allowed while other
+ * threads may access the object.
+ * A reference counter handles the number of references hold to this config.
+ *
+ * @see peer_cfg_t to get an overview over the configurations.
+ *
+ * @b Constructors:
+ * - child_cfg_create()
+ *
+ * @ingroup config
+ */
+struct child_cfg_t {
+
+ /**
+ * @brief Get the name of the child_cfg.
+ *
+ * @param this calling object
+ * @return child_cfg's name
+ */
+ char *(*get_name) (child_cfg_t *this);
+
+ /**
+ * @brief Add a proposal to the list.
+ *
+ * The proposals are stored by priority, first added
+ * is the most prefered.
+ * After add, proposal is owned by child_cfg.
+ *
+ * @param this calling object
+ * @param proposal proposal to add
+ */
+ void (*add_proposal) (child_cfg_t *this, proposal_t *proposal);
+
+ /**
+ * @brief Get the list of proposals for the CHILD_SA.
+ *
+ * Resulting list and all of its proposals must be freed after use.
+ *
+ * @param this calling object
+ * @param strip_dh TRUE strip out diffie hellman groups
+ * @return list of proposals
+ */
+ linked_list_t* (*get_proposals)(child_cfg_t *this, bool strip_dh);
+
+ /**
+ * @brief Select a proposal from a supplied list.
+ *
+ * Returned propsal is newly created and must be destroyed after usage.
+ *
+ * @param this calling object
+ * @param proposals list from from wich proposals are selected
+ * @param strip_dh TRUE strip out diffie hellman groups
+ * @return selected proposal, or NULL if nothing matches
+ */
+ proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals,
+ bool strip_dh);
+
+ /**
+ * @brief Add a traffic selector to the config.
+ *
+ * Use the "local" parameter to add it for the local or the remote side.
+ * After add, traffic selector is owned by child_cfg.
+ *
+ * @param this calling object
+ * @param local TRUE for local side, FALSE for remote
+ * @param ts traffic_selector to add
+ */
+ void (*add_traffic_selector)(child_cfg_t *this, bool local,
+ traffic_selector_t *ts);
+
+ /**
+ * @brief Get a list of traffic selectors to use for the CHILD_SA.
+ *
+ * The config contains two set of traffic selectors, one for the local
+ * side, one for the remote side.
+ * If a list with traffic selectors is supplied, these are used to narrow
+ * down the traffic selector list to the greatest common divisor.
+ * Some traffic selector may be "dymamic", meaning they are narrowed down
+ * to a specific address (host-to-host or virtual-IP setups). Use
+ * the "host" parameter to narrow such traffic selectors to that address.
+ * Resulted list and its traffic selectors must be destroyed after use.
+ *
+ * @param this calling object
+ * @param local TRUE for TS on local side, FALSE for remote
+ * @param supplied list with TS to select from, or NULL
+ * @param host address to use for narrowing "dynamic" TS', or NULL
+ * @return list containing the traffic selectors
+ */
+ linked_list_t *(*get_traffic_selectors)(child_cfg_t *this, bool local,
+ linked_list_t *supplied,
+ host_t *host);
+
+ /**
+ * @brief Get the updown script to run for the CHILD_SA.
+ *
+ * @param this calling object
+ * @return path to updown script
+ */
+ char* (*get_updown)(child_cfg_t *this);
+
+ /**
+ * @brief Should we allow access to the local host (gateway)?
+ *
+ * @param this calling object
+ * @return value of hostaccess flag
+ */
+ bool (*get_hostaccess) (child_cfg_t *this);
+
+ /**
+ * @brief Get the lifetime of a CHILD_SA.
+ *
+ * If "rekey" is set to TRUE, a lifetime is returned before the first
+ * rekeying should be started. If it is FALSE, the actual lifetime is
+ * returned when the CHILD_SA must be deleted.
+ * The rekey time automatically contains a jitter to avoid simlutaneous
+ * rekeying.
+ *
+ * @param this child_cfg
+ * @param rekey TRUE to get rekey time
+ * @return lifetime in seconds
+ */
+ u_int32_t (*get_lifetime) (child_cfg_t *this, bool rekey);
+
+ /**
+ * @brief Get the mode to use for the CHILD_SA.
+ *
+ * The mode is either tunnel, transport or BEET. The peer must agree
+ * on the method, fallback is tunnel mode.
+ *
+ * @param this child_cfg
+ * @return lifetime in seconds
+ */
+ mode_t (*get_mode) (child_cfg_t *this);
+
+ /**
+ * @brief Get the DH group to use for CHILD_SA setup.
+ *
+ * @param this calling object
+ * @return dh group to use
+ */
+ diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this);
+
+ /**
+ * @brief Get a new reference.
+ *
+ * Get a new reference to this child_cfg by increasing
+ * it's internal reference counter.
+ * Do not call get_ref or any other function until you
+ * already have a reference. Otherwise the object may get
+ * destroyed while calling get_ref(),
+ *
+ * @param this calling object
+ */
+ void (*get_ref) (child_cfg_t *this);
+
+ /**
+ * @brief Destroys the child_cfg object.
+ *
+ * Decrements the internal reference counter and
+ * destroys the child_cfg when it reaches zero.
+ *
+ * @param this calling object
+ */
+ void (*destroy) (child_cfg_t *this);
+};
+
+/**
+ * @brief Create a configuration template for CHILD_SA setup.
+ *
+ * The "name" string gets cloned.
+ * Lifetimes are in seconds. To prevent to peers to start rekeying at the
+ * same time, a jitter may be specified. Rekeying of an SA starts at
+ * (rekeytime - random(0, jitter)). You should specify
+ * lifetime > rekeytime > jitter.
+ * After a call to create, a reference is obtained (refcount = 1).
+ *
+ * @param name name of the child_cfg
+ * @param lifetime lifetime after CHILD_SA expires and gets deleted
+ * @param rekeytime time when rekeying should be initiated
+ * @param jitter range of randomization time to remove from rekeytime
+ * @param updown updown script to execute on up/down event
+ * @param hostaccess TRUE to allow access to the local host
+ * @param mode mode to propose for CHILD_SA, transport, tunnel or BEET
+ * @return child_cfg_t object
+ *
+ * @ingroup config
+ */
+child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
+ u_int32_t rekeytime, u_int32_t jitter,
+ char *updown, bool hostaccess, mode_t mode);
+
+#endif /* CHILD_CFG_H_ */
diff --git a/src/charon/config/configuration.c b/src/charon/config/configuration.c
deleted file mode 100755
index 488ba9a5e..000000000
--- a/src/charon/config/configuration.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/**
- * @file configuration.c
- *
- * @brief Implementation of configuration_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <stdlib.h>
-#include <math.h>
-
-#include "configuration.h"
-
-#include <library.h>
-
-/**
- * Timeout in milliseconds after that a half open IKE_SA gets deleted.
- */
-#define HALF_OPEN_IKE_SA_TIMEOUT 30000
-
-/**
- * Retransmission uses a backoff algorithm. The timeout is calculated using
- * TIMEOUT * (BASE ** try).
- * When try reaches TRIES, retransmission is given up.
- *
- * Using an initial TIMEOUT of 4s, a BASE of 1.8, and 5 TRIES gives us:
- *
- * | relative | absolute
- * ---------------------------------------------------------
- * 4s * (1.8 ** (0 % 5)) = 4s 4s
- * 4s * (1.8 ** (1 % 5)) = 7s 11s
- * 4s * (1.8 ** (2 % 5)) = 13s 24s
- * 4s * (1.8 ** (3 % 5)) = 23s 47s
- * 4s * (1.8 ** (4 % 5)) = 42s 89s
- * 4s * (1.8 ** (5 % 5)) = 76s 165s
- *
- * The peer is considered dead after 2min 45s when no reply comes in.
- */
-
-/**
- * First retransmit timeout in milliseconds.
- * Timeout value is increasing in each retransmit round.
- */
-#define RETRANSMIT_TIMEOUT 4000
-
-/**
- * Base which is raised to the power of the retransmission count.
- */
-#define RETRANSMIT_BASE 1.8
-
-/**
- * Number of retransmits done in a retransmit sequence
- */
-#define RETRANSMIT_TRIES 5
-
-/**
- * Keepalive interval in seconds.
- */
-#define KEEPALIVE_INTERVAL 20
-
-/**
- * retry interval in seconds.
- */
-#define RETRY_INTERVAL 30
-
-/**
- * jitter to user for retrying
- */
-#define RETRY_JITTER 20
-
-
-typedef struct private_configuration_t private_configuration_t;
-
-/**
- * Private data of an configuration_t object.
- */
-struct private_configuration_t {
-
- /**
- * Public part of configuration_t object.
- */
- configuration_t public;
-
-};
-
-/**
- * Implementation of configuration_t.get_retransmit_timeout.
- */
-static u_int32_t get_retransmit_timeout (private_configuration_t *this,
- u_int32_t retransmit_count)
-{
- if (retransmit_count > RETRANSMIT_TRIES)
- {
- /* give up */
- return 0;
- }
- return (u_int32_t)
- (RETRANSMIT_TIMEOUT * pow(RETRANSMIT_BASE, retransmit_count));
-}
-
-/**
- * Implementation of configuration_t.get_half_open_ike_sa_timeout.
- */
-static u_int32_t get_half_open_ike_sa_timeout (private_configuration_t *this)
-{
- return HALF_OPEN_IKE_SA_TIMEOUT;
-}
-
-/**
- * Implementation of configuration_t.get_keepalive_interval.
- */
-static u_int32_t get_keepalive_interval (private_configuration_t *this)
-{
- return KEEPALIVE_INTERVAL;
-}
-
-/**
- * Implementation of configuration_t.get_retry_interval.
- */
-static u_int32_t get_retry_interval (private_configuration_t *this)
-{
- return RETRY_INTERVAL - (random() % RETRY_JITTER);
-}
-
-/**
- * Implementation of configuration_t.destroy.
- */
-static void destroy(private_configuration_t *this)
-{
- free(this);
-}
-
-/*
- * Described in header-file
- */
-configuration_t *configuration_create()
-{
- private_configuration_t *this = malloc_thing(private_configuration_t);
-
- /* public functions */
- this->public.destroy = (void(*)(configuration_t*))destroy;
- this->public.get_retransmit_timeout = (u_int32_t (*) (configuration_t*,u_int32_t))get_retransmit_timeout;
- this->public.get_half_open_ike_sa_timeout = (u_int32_t (*) (configuration_t*)) get_half_open_ike_sa_timeout;
- this->public.get_keepalive_interval = (u_int32_t (*) (configuration_t*)) get_keepalive_interval;
- this->public.get_retry_interval = (u_int32_t (*) (configuration_t*)) get_retry_interval;
-
- return (&this->public);
-}
diff --git a/src/charon/config/configuration.h b/src/charon/config/configuration.h
deleted file mode 100755
index c1207171d..000000000
--- a/src/charon/config/configuration.h
+++ /dev/null
@@ -1,102 +0,0 @@
-/**
- * @file configuration.h
- *
- * @brief Interface configuration_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef CONFIGURATION_H_
-#define CONFIGURATION_H_
-
-typedef struct configuration_t configuration_t;
-
-#include <library.h>
-
-/**
- * @brief The interface for various daemon related configs.
- *
- * @b Constructors:
- * - configuration_create()
- *
- * @ingroup config
- */
-struct configuration_t {
-
- /**
- * @brief Returns the retransmit timeout.
- *
- * A return value of zero means the request should not be
- * retransmitted again.
- *
- * @param this calling object
- * @param retransmitted number of times a message was retransmitted so far
- * @return time in milliseconds, when to do next retransmit
- */
- u_int32_t (*get_retransmit_timeout) (configuration_t *this,
- u_int32_t retransmitted);
-
- /**
- * @brief Returns the timeout for an half open IKE_SA in ms.
- *
- * Half open means that the IKE_SA is still on a not established state
- *
- * @param this calling object
- * @return timeout in milliseconds (ms)
- */
- u_int32_t (*get_half_open_ike_sa_timeout) (configuration_t *this);
-
- /**
- * @brief Returns the keepalive interval in s.
- *
- * The keepalive interval defines the idle time after which a
- * NAT keepalive packet should be sent.
- *
- * @param this calling object
- * @return interval in s
- */
- u_int32_t (*get_keepalive_interval) (configuration_t *this);
-
- /**
- * @brief Returns the interval to retry a failed action again.
- *
- * In some situations, the protocol may be in a state where processing
- * is not possible and an action must be retried (e.g. rekeying).
- *
- * @param this calling object
- * @return interval in s
- */
- u_int32_t (*get_retry_interval) (configuration_t *this);
-
- /**
- * @brief Destroys a configuration_t object.
- *
- * @param this calling object
- */
- void (*destroy) (configuration_t *this);
-};
-
-/**
- * @brief Creates a configuration backend.
- *
- * @return static_configuration_t object
- *
- * @ingroup config
- */
-configuration_t *configuration_create(void);
-
-#endif /*CONFIGURATION_H_*/
diff --git a/src/charon/config/connections/connection.c b/src/charon/config/connections/connection.c
deleted file mode 100644
index ffe508992..000000000
--- a/src/charon/config/connections/connection.c
+++ /dev/null
@@ -1,404 +0,0 @@
-/**
- * @file connection.c
- *
- * @brief Implementation of connection_t.
- *
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include <config/connections/connection.h>
-#include <utils/linked_list.h>
-
-ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
- "CERT_ALWAYS_SEND",
- "CERT_SEND_IF_ASKED",
- "CERT_NEVER_SEND"
-);
-
-typedef struct private_connection_t private_connection_t;
-
-/**
- * Private data of an connection_t object
- */
-struct private_connection_t {
-
- /**
- * Public part
- */
- connection_t public;
-
- /**
- * Number of references hold by others to this connection
- */
- refcount_t refcount;
-
- /**
- * Name of the connection
- */
- char *name;
-
- /**
- * Does charon handle this connection? Or can he ignore it?
- */
- bool ikev2;
-
- /**
- * should we send a certificate request?
- */
- cert_policy_t certreq_policy;
-
- /**
- * should we send a certificates?
- */
- cert_policy_t cert_policy;
-
- /**
- * ID of us
- */
- identification_t *my_id;
-
- /**
- * Host information of my host.
- */
- host_t *my_host;
-
- /**
- * Host information of other host.
- */
- host_t *other_host;
-
- /**
- * Interval to send DPD liveness checks on inactivity
- */
- u_int32_t dpd_delay;
-
- /**
- * Number of retransmission sequences to send bevore giving up
- */
- u_int32_t keyingtries;
-
- /**
- * Supported proposals
- */
- linked_list_t *proposals;
-
- /**
- * Time before an SA gets invalid
- */
- u_int32_t soft_lifetime;
-
- /**
- * Time before an SA gets rekeyed
- */
- u_int32_t hard_lifetime;
-
- /**
- * Use full reauthentication instead of rekeying
- */
- bool reauth;
-
- /**
- * Time, which specifies the range of a random value
- * substracted from soft_lifetime.
- */
- u_int32_t jitter;
-};
-
-/**
- * Implementation of connection_t.get_name.
- */
-static char *get_name (private_connection_t *this)
-{
- return this->name;
-}
-
-/**
- * Implementation of connection_t.is_ikev2.
- */
-static bool is_ikev2 (private_connection_t *this)
-{
- return this->ikev2;
-}
-
-/**
- * Implementation of connection_t.get_certreq_policy.
- */
-static cert_policy_t get_certreq_policy (private_connection_t *this)
-{
- return this->certreq_policy;
-}
-
-/**
- * Implementation of connection_t.get_cert_policy.
- */
-static cert_policy_t get_cert_policy (private_connection_t *this)
-{
- return this->cert_policy;
-}
-
-/**
- * Implementation of connection_t.get_my_host.
- */
-static host_t *get_my_host (private_connection_t *this)
-{
- return this->my_host;
-}
-
-/**
- * Implementation of connection_t.get_other_host.
- */
-static host_t *get_other_host (private_connection_t *this)
-{
- return this->other_host;
-}
-
-/**
- * Implementation of connection_t.get_proposals.
- */
-static linked_list_t* get_proposals(private_connection_t *this)
-{
- iterator_t *iterator;
- proposal_t *current;
- linked_list_t *proposals = linked_list_create();
-
- iterator = this->proposals->create_iterator(this->proposals, TRUE);
- while (iterator->iterate(iterator, (void**)&current))
- {
- current = current->clone(current);
- proposals->insert_last(proposals, (void*)current);
- }
- iterator->destroy(iterator);
-
- return proposals;
-}
-
-/**
- * Implementation of connection_t.select_proposal.
- */
-static proposal_t *select_proposal(private_connection_t *this, linked_list_t *proposals)
-{
- iterator_t *stored_iter, *supplied_iter;
- proposal_t *stored, *supplied, *selected;
-
- stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
- supplied_iter = proposals->create_iterator(proposals, TRUE);
-
- /* compare all stored proposals with all supplied. Stored ones are preferred. */
- while (stored_iter->iterate(stored_iter, (void**)&stored))
- {
- supplied_iter->reset(supplied_iter);
-
- while (supplied_iter->iterate(supplied_iter, (void**)&supplied))
- {
- selected = stored->select(stored, supplied);
- if (selected)
- {
- /* they match, return */
- stored_iter->destroy(stored_iter);
- supplied_iter->destroy(supplied_iter);
- return selected;
- }
- }
- }
- /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
- stored_iter->destroy(stored_iter);
- supplied_iter->destroy(supplied_iter);
-
- return NULL;
-}
-
-/**
- * Implementation of connection_t.add_proposal.
- */
-static void add_proposal(private_connection_t *this, proposal_t *proposal)
-{
- this->proposals->insert_last(this->proposals, proposal);
-}
-
-/**
- * Implementation of connection_t.get_dpd_delay.
- */
-static u_int32_t get_dpd_delay(private_connection_t *this)
-{
- return this->dpd_delay;
-}
-
-/**
- * Implementation of connection_t.get_keyingtries.
- */
-static u_int32_t get_keyingtries(private_connection_t *this)
-{
- return this->keyingtries;
-}
-
-/**
- * Implementation of connection_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_connection_t *this)
-{
- iterator_t *iterator;
- proposal_t *proposal;
- algorithm_t *algo;
- diffie_hellman_group_t dh_group = MODP_NONE;
-
- iterator = this->proposals->create_iterator(this->proposals, TRUE);
- while (iterator->iterate(iterator, (void**)&proposal))
- {
- if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &algo))
- {
- dh_group = algo->algorithm;
- break;
- }
- }
- iterator->destroy(iterator);
- return dh_group;
-}
-
-/**
- * Implementation of connection_t.check_dh_group.
- */
-static bool check_dh_group(private_connection_t *this, diffie_hellman_group_t dh_group)
-{
- iterator_t *prop_iter, *alg_iter;
- proposal_t *proposal;
- algorithm_t *algo;
-
- prop_iter = this->proposals->create_iterator(this->proposals, TRUE);
- while (prop_iter->iterate(prop_iter, (void**)&proposal))
- {
- alg_iter = proposal->create_algorithm_iterator(proposal, DIFFIE_HELLMAN_GROUP);
- while (alg_iter->iterate(alg_iter, (void**)&algo))
- {
- if (algo->algorithm == dh_group)
- {
- prop_iter->destroy(prop_iter);
- alg_iter->destroy(alg_iter);
- return TRUE;
- }
- }
- alg_iter->destroy(alg_iter);
- }
- prop_iter->destroy(prop_iter);
- return FALSE;
-}
-/**
- * Implementation of connection_t.get_soft_lifetime
- */
-static u_int32_t get_soft_lifetime(private_connection_t *this)
-{
- if (this->jitter == 0)
- {
- return this->soft_lifetime ;
- }
- return this->soft_lifetime - (random() % this->jitter);
-}
-
-/**
- * Implementation of connection_t.get_hard_lifetime.
- */
-static u_int32_t get_hard_lifetime(private_connection_t *this)
-{
- return this->hard_lifetime;
-}
-
-/**
- * Implementation of connection_t.get_reauth.
- */
-static bool get_reauth(private_connection_t *this)
-{
- return this->reauth;
-}
-
-/**
- * Implementation of connection_t.get_ref.
- */
-static void get_ref(private_connection_t *this)
-{
- ref_get(&this->refcount);
-}
-
-/**
- * Implementation of connection_t.destroy.
- */
-static void destroy(private_connection_t *this)
-{
- if (ref_put(&this->refcount))
- {
- this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
- this->my_host->destroy(this->my_host);
- this->other_host->destroy(this->other_host);
- free(this->name);
- free(this);
- }
-}
-
-/**
- * Described in header.
- */
-connection_t * connection_create(char *name, bool ikev2,
- cert_policy_t cert_policy,
- cert_policy_t certreq_policy,
- host_t *my_host, host_t *other_host,
- u_int32_t dpd_delay, bool reauth,
- u_int32_t keyingtries,
- u_int32_t hard_lifetime,
- u_int32_t soft_lifetime, u_int32_t jitter)
-{
- private_connection_t *this = malloc_thing(private_connection_t);
-
- /* public functions */
- this->public.get_name = (char*(*)(connection_t*))get_name;
- this->public.is_ikev2 = (bool(*)(connection_t*))is_ikev2;
- this->public.get_cert_policy = (cert_policy_t(*)(connection_t*))get_cert_policy;
- this->public.get_certreq_policy = (cert_policy_t(*)(connection_t*))get_certreq_policy;
- this->public.get_my_host = (host_t*(*)(connection_t*))get_my_host;
- this->public.get_other_host = (host_t*(*)(connection_t*))get_other_host;
- this->public.get_proposals = (linked_list_t*(*)(connection_t*))get_proposals;
- this->public.select_proposal = (proposal_t*(*)(connection_t*,linked_list_t*))select_proposal;
- this->public.add_proposal = (void(*)(connection_t*, proposal_t*)) add_proposal;
- this->public.get_dpd_delay = (u_int32_t(*)(connection_t*)) get_dpd_delay;
- this->public.get_reauth = (bool(*)(connection_t*)) get_reauth;
- this->public.get_keyingtries = (u_int32_t(*)(connection_t*)) get_keyingtries;
- this->public.get_dh_group = (diffie_hellman_group_t(*)(connection_t*)) get_dh_group;
- this->public.check_dh_group = (bool(*)(connection_t*,diffie_hellman_group_t)) check_dh_group;
- this->public.get_soft_lifetime = (u_int32_t (*) (connection_t *))get_soft_lifetime;
- this->public.get_hard_lifetime = (u_int32_t (*) (connection_t *))get_hard_lifetime;
- this->public.get_ref = (void(*)(connection_t*))get_ref;
- this->public.destroy = (void(*)(connection_t*))destroy;
-
- /* private variables */
- this->refcount = 1;
- this->name = strdup(name);
- this->ikev2 = ikev2;
- this->cert_policy = cert_policy;
- this->certreq_policy = certreq_policy;
- this->my_host = my_host;
- this->other_host = other_host;
- this->dpd_delay = dpd_delay;
- this->reauth = reauth;
- this->keyingtries = keyingtries;
- this->hard_lifetime = hard_lifetime;
- this->soft_lifetime = soft_lifetime;
- this->jitter = jitter;
-
- this->proposals = linked_list_create();
-
- return &this->public;
-}
diff --git a/src/charon/config/connections/connection.h b/src/charon/config/connections/connection.h
deleted file mode 100644
index d0788876f..000000000
--- a/src/charon/config/connections/connection.h
+++ /dev/null
@@ -1,292 +0,0 @@
-/**
- * @file connection.h
- *
- * @brief Interface of connection_t.
- *
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef CONNECTION_H_
-#define CONNECTION_H_
-
-typedef enum cert_policy_t cert_policy_t;
-typedef struct connection_t connection_t;
-
-#include <library.h>
-#include <utils/host.h>
-#include <utils/linked_list.h>
-#include <utils/identification.h>
-#include <config/proposal.h>
-#include <crypto/diffie_hellman.h>
-
-
-/**
- * Certificate sending policy. This is also used for certificate
- * requests when using this definition for the other peer. If
- * it is CERT_NEVER_SEND, a certreq is omitted, otherwise its
- * included.
- *
- * @ingroup config
- *
- * @warning These definitions must be the same as in pluto/starter,
- * as they are sent over the stroke socket.
- */
-enum cert_policy_t {
- /** always send certificates, even when not requested */
- CERT_ALWAYS_SEND = 0,
- /** send certificate upon cert request */
- CERT_SEND_IF_ASKED = 1,
- /** never send a certificate, even when requested */
- CERT_NEVER_SEND = 2,
-};
-
-/**
- * enum strings for cert_policy_t
- *
- * @ingroup config
- */
-extern enum_name_t *cert_policy_names;
-
-/**
- * @brief A connection_t defines the rules to set up an IKE_SA.
- *
- * @b Constructors:
- * - connection_create()
- *
- * @ingroup config
- */
-struct connection_t {
-
- /**
- * @brief Get my address as host_t object.
- *
- * Object is NOT getting cloned.
- *
- * @param this calling object
- * @return host information as host_t object
- */
- host_t *(*get_my_host) (connection_t *this);
-
- /**
- * @brief Get others address as host_t object.
- *
- * Object is NOT getting cloned.
- *
- * @param this calling object
- * @return host information as host_t object
- */
- host_t *(*get_other_host) (connection_t *this);
-
- /**
- * @brief Returns a list of all supported proposals.
- *
- * Returned list and its proposals must be destroyed after usage.
- *
- * @param this calling object
- * @return list containing all the proposals
- */
- linked_list_t *(*get_proposals) (connection_t *this);
-
- /**
- * @brief Adds a proposal to the list.
- *
- * The first added proposal has the highest priority, the last
- * added the lowest.
- *
- * @param this calling object
- * @param proposal proposal to add
- */
- void (*add_proposal) (connection_t *this, proposal_t *proposal);
-
- /**
- * @brief Select a proposed from suggested proposals.
- *
- * Returned proposal must be destroyed after usage.
- *
- * @param this calling object
- * @param proposals list of proposals to select from
- * @return selected proposal, or NULL if none matches.
- */
- proposal_t *(*select_proposal) (connection_t *this, linked_list_t *proposals);
-
- /**
- * @brief Get the DPD check interval.
- *
- * @param this calling object
- * @return dpd_delay in seconds
- */
- u_int32_t (*get_dpd_delay) (connection_t *this);
-
- /**
- * @brief Should a full reauthentication be done instead of rekeying?
- *
- * @param this calling object
- * @return TRUE to use full reauthentication
- */
- bool (*get_reauth) (connection_t *this);
-
- /**
- * @brief Get the max number of retransmission sequences.
- *
- * @param this calling object
- * @return max number of retransmission sequences
- */
- u_int32_t (*get_keyingtries) (connection_t *this);
-
- /**
- * @brief Get the connection name.
- *
- * Name must not be freed, since it points to
- * internal data.
- *
- * @param this calling object
- * @return name of the connection
- */
- char* (*get_name) (connection_t *this);
-
- /**
- * @brief Check if the connection is marked as an IKEv2 connection.
- *
- * Since all connections (IKEv1+2) are loaded, but charon handles
- * only those marked with IKEv2, this flag can tell us if we must
- * ignore a connection on initiaton. Then pluto will do it for us.
- *
- * @param this calling object
- * @return - TRUE, if this is an IKEv2 connection
- */
- bool (*is_ikev2) (connection_t *this);
-
- /**
- * @brief Should be sent a certificate request for this connection?
- *
- * A certificate request contains serials of our trusted CA certificates.
- * This flag says if such a request is sent on connection setup to
- * the peer. It should be omitted when CERT_SEND_NEVER, sended otherwise.
- *
- * @param this calling object
- * @return certificate request sending policy
- */
- cert_policy_t (*get_certreq_policy) (connection_t *this);
-
- /**
- * @brief Should be sent a certificate for this connection?
- *
- * Return the policy used to send the certificate.
- *
- * @param this calling object
- * @return certificate sending policy
- */
- cert_policy_t (*get_cert_policy) (connection_t *this);
-
- /**
- * @brief Get the DH group to use for connection initialization.
- *
- * @param this calling object
- * @return dh group to use for initialization
- */
- diffie_hellman_group_t (*get_dh_group) (connection_t *this);
-
- /**
- * @brief Check if a suggested dh group is acceptable.
- *
- * If we guess a wrong DH group for IKE_SA_INIT, the other
- * peer will send us a offer. But is this acceptable for us?
- *
- * @param this calling object
- * @return TRUE if group acceptable
- */
- bool (*check_dh_group) (connection_t *this, diffie_hellman_group_t dh_group);
-
- /**
- * @brief Get the lifetime of a connection, before IKE_SA rekeying starts.
- *
- * A call to this function automatically adds a jitter to
- * avoid simultanous rekeying.
- *
- * @param this calling object
- * @return lifetime in seconds
- */
- u_int32_t (*get_soft_lifetime) (connection_t *this);
-
- /**
- * @brief Get the lifetime of a connection, before IKE_SA gets deleted.
- *
- * @param this calling object
- * @return lifetime in seconds
- */
- u_int32_t (*get_hard_lifetime) (connection_t *this);
-
- /**
- * @brief Get a new reference to this connection.
- *
- * Get a new reference to this connection by increasing
- * it's internal reference counter.
- * Do not call get_ref or any other function until you
- * already have a reference. Otherwise the object may get
- * destroyed while calling get_ref(),
- *
- * @param this calling object
- */
- void (*get_ref) (connection_t *this);
-
- /**
- * @brief Destroys a connection_t object.
- *
- * Decrements the internal reference counter and
- * destroys the connection when it reaches zero.
- *
- * @param this calling object
- */
- void (*destroy) (connection_t *this);
-};
-
-/**
- * @brief Creates a connection_t object.
- *
- * Supplied hosts become owned by connection, so
- * do not modify or destroy them after a call to
- * connection_create(). Name gets cloned internally.
- * The retrasmit sequence number says how fast we give up when the peer
- * does not respond. A high value may bridge-over temporary connection
- * problems, a small value can detect dead peers faster.
- *
- * @param name connection identifier
- * @param ikev2 TRUE if this is an IKEv2 connection
- * @param cert_policy certificate send policy
- * @param cert_req_policy certificate request send policy
- * @param my_host host_t representing local address
- * @param other_host host_t representing remote address
- * @param dpd_delay interval of DPD liveness checks
- * @param reauth use full reauthentication instead of rekeying
- * @param keyingtries number of retransmit sequences to use
- * @param hard_lifetime lifetime before deleting an IKE_SA
- * @param soft_lifetime lifetime before rekeying an IKE_SA
- * @param jitter range of randomization time
- * @return connection_t object.
- *
- * @ingroup config
- */
-connection_t * connection_create(char *name, bool ikev2,
- cert_policy_t cert_pol, cert_policy_t req_pol,
- host_t *my_host, host_t *other_host,
- u_int32_t dpd_delay, bool reauth,
- u_int32_t keyingtries,
- u_int32_t hard_lifetime, u_int32_t soft_lifetime,
- u_int32_t jitter);
-
-#endif /* CONNECTION_H_ */
diff --git a/src/charon/config/connections/connection_store.h b/src/charon/config/connections/connection_store.h
deleted file mode 100755
index 70f209d3b..000000000
--- a/src/charon/config/connections/connection_store.h
+++ /dev/null
@@ -1,118 +0,0 @@
-/**
- * @file connection_store.h
- *
- * @brief Interface connection_store_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef CONNECTION_STORE_H_
-#define CONNECTION_STORE_H_
-
-typedef struct connection_store_t connection_store_t;
-
-#include <library.h>
-#include <config/connections/connection.h>
-#include <utils/iterator.h>
-
-/**
- * @brief The interface for a store of connection_t's.
- *
- * @b Constructors:
- * - stroke_create()
- *
- * @ingroup config
- */
-struct connection_store_t {
-
- /**
- * @brief Returns a connection definition identified by two hosts.
- *
- * This call is usefull to get a connection identified by addresses.
- * It may be used after kernel request for traffic protection.
- * The returned connection gets created/cloned and therefore must
- * be destroyed after usage.
- *
- * @param this calling object
- * @param my_id own address of connection
- * @param other_id others address of connection
- * @return
- * - connection_t, if found
- * - NULL otherwise
- */
- connection_t *(*get_connection_by_hosts)(connection_store_t *this,
- host_t *my_host, host_t *other_host);
-
- /**
- * @brief Returns a connection identified by its name.
- *
- * This call is usefull to get a connection identified its
- * name, as on an connection setup.
- *
- * @param this calling object
- * @param name name of the connection to get
- * @return
- * - connection_t, if found
- * - NULL otherwise
- */
- connection_t *(*get_connection_by_name) (connection_store_t *this, char *name);
-
- /**
- * @brief Add a connection to the store.
- *
- * After a successful call, the connection is owned by the store and may
- * not be manipulated nor destroyed.
- *
- * @param this calling object
- * @param connection connection to add
- * @return
- * - SUCCESS, or
- * - FAILED
- */
- status_t (*add_connection) (connection_store_t *this, connection_t *connection);
-
- /**
- * @brief Delete a connection from the store.
- *
- * Remove a connection from the connection store, identified
- * by the connections name.
- *
- * @param this calling object
- * @param name name of the connection to delete
- * @return
- * - SUCCESS, or
- * - NOT_FOUND
- */
- status_t (*delete_connection) (connection_store_t *this, char *name);
-
- /**
- * @brief Get an iterator for the stored connections.
- *
- * @param this calling object
- * @return iterator over all stored connections
- */
- iterator_t* (*create_iterator) (connection_store_t *this);
-
- /**
- * @brief Destroys a connection_store_t object.
- *
- * @param this calling object
- */
- void (*destroy) (connection_store_t *this);
-};
-
-#endif /* CONNECTION_STORE_H_ */
diff --git a/src/charon/config/connections/local_connection_store.c b/src/charon/config/connections/local_connection_store.c
deleted file mode 100644
index df4ec230a..000000000
--- a/src/charon/config/connections/local_connection_store.c
+++ /dev/null
@@ -1,237 +0,0 @@
-/**
- * @file local_connection_store.c
- *
- * @brief Implementation of local_connection_store_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include "local_connection_store.h"
-
-#include <daemon.h>
-#include <utils/linked_list.h>
-
-
-typedef struct private_local_connection_store_t private_local_connection_store_t;
-
-/**
- * Private data of an local_connection_store_t object
- */
-struct private_local_connection_store_t {
-
- /**
- * Public part
- */
- local_connection_store_t public;
-
- /**
- * stored connection
- */
- linked_list_t *connections;
-
- /**
- * Mutex to exclusivly access connection list
- */
- pthread_mutex_t mutex;
-};
-
-
-/**
- * Implementation of connection_store_t.get_connection_by_hosts.
- */
-static connection_t *get_connection_by_hosts(private_local_connection_store_t *this, host_t *my_host, host_t *other_host)
-{
- typedef enum {
- PRIO_UNDEFINED= 0x00,
- PRIO_ADDR_ANY= 0x01,
- PRIO_ADDR_MATCH= 0x02
- } prio_t;
-
- prio_t best_prio = PRIO_UNDEFINED;
-
- iterator_t *iterator;
- connection_t *candidate;
- connection_t *found = NULL;
-
- DBG2(DBG_CFG, "looking for connection for host pair %H...%H",
- my_host, other_host);
-
- pthread_mutex_lock(&(this->mutex));
- iterator = this->connections->create_iterator(this->connections, TRUE);
- /* determine closest matching connection */
- while (iterator->iterate(iterator, (void**)&candidate))
- {
- host_t *candidate_my_host;
- host_t *candidate_other_host;
-
- candidate_my_host = candidate->get_my_host(candidate);
- candidate_other_host = candidate->get_other_host(candidate);
-
- /* my_host addresses must match*/
- if (my_host->ip_equals(my_host, candidate_my_host))
- {
- prio_t prio = PRIO_UNDEFINED;
-
- /* exact match of peer host address or wildcard address? */
- if (other_host->ip_equals(other_host, candidate_other_host))
- {
- prio |= PRIO_ADDR_MATCH;
- }
- else if (candidate_other_host->is_anyaddr(candidate_other_host))
- {
- prio |= PRIO_ADDR_ANY;
- }
-
- DBG2(DBG_CFG, "candidate connection \"%s\": %H...%H (prio=%d)",
- candidate->get_name(candidate),
- candidate_my_host, candidate_other_host, prio);
-
- if (prio > best_prio)
- {
- found = candidate;
- best_prio = prio;
- }
- }
- }
- iterator->destroy(iterator);
-
- if (found)
- {
- DBG2(DBG_CFG, "found matching connection \"%s\": %H...%H (prio=%d)",
- found->get_name(found), found->get_my_host(found),
- found->get_other_host(found), best_prio);
-
- /* give out a new reference to it */
- found->get_ref(found);
- }
- pthread_mutex_unlock(&(this->mutex));
- return found;
-}
-
-/**
- * Implementation of connection_store_t.get_connection_by_name.
- */
-static connection_t *get_connection_by_name(private_local_connection_store_t *this, char *name)
-{
- iterator_t *iterator;
- connection_t *current, *found = NULL;
-
- pthread_mutex_lock(&(this->mutex));
- iterator = this->connections->create_iterator(this->connections, TRUE);
- while (iterator->iterate(iterator, (void**)&current))
- {
- if (strcmp(name, current->get_name(current)) == 0)
- {
- found = current;
- break;
- }
- }
- iterator->destroy(iterator);
- pthread_mutex_unlock(&(this->mutex));
-
- if (found)
- {
- /* get a new reference for it */
- found->get_ref(found);
- }
- return found;
-}
-
-/**
- * Implementation of connection_store_t.delete_connection.
- */
-static status_t delete_connection(private_local_connection_store_t *this, char *name)
-{
- iterator_t *iterator;
- connection_t *current;
- bool found = FALSE;
-
- pthread_mutex_lock(&(this->mutex));
- iterator = this->connections->create_iterator(this->connections, TRUE);
- while (iterator->iterate(iterator, (void **)&current))
- {
- if (strcmp(current->get_name(current), name) == 0)
- {
- /* remove connection from list, and destroy it */
- iterator->remove(iterator);
- current->destroy(current);
- found = TRUE;
- break;
- }
- }
- iterator->destroy(iterator);
- pthread_mutex_unlock(&(this->mutex));
- if (found)
- {
- return SUCCESS;
- }
- return NOT_FOUND;
-}
-
-/**
- * Implementation of connection_store_t.add_connection.
- */
-static status_t add_connection(private_local_connection_store_t *this, connection_t *connection)
-{
- pthread_mutex_lock(&(this->mutex));
- this->connections->insert_last(this->connections, connection);
- pthread_mutex_unlock(&(this->mutex));
- return SUCCESS;
-}
-
-/**
- * Implementation of connection_store_t.create_iterator.
- */
-static iterator_t* create_iterator(private_local_connection_store_t *this)
-{
- return this->connections->create_iterator_locked(this->connections,
- &this->mutex);
-}
-
-/**
- * Implementation of connection_store_t.destroy.
- */
-static void destroy (private_local_connection_store_t *this)
-{
- pthread_mutex_lock(&(this->mutex));
- this->connections->destroy_offset(this->connections, offsetof(connection_t, destroy));
- pthread_mutex_unlock(&(this->mutex));
- free(this);
-}
-
-/**
- * Described in header.
- */
-local_connection_store_t * local_connection_store_create(void)
-{
- private_local_connection_store_t *this = malloc_thing(private_local_connection_store_t);
-
- this->public.connection_store.get_connection_by_hosts = (connection_t*(*)(connection_store_t*,host_t*,host_t*))get_connection_by_hosts;
- this->public.connection_store.get_connection_by_name = (connection_t*(*)(connection_store_t*,char*))get_connection_by_name;
- this->public.connection_store.delete_connection = (status_t(*)(connection_store_t*,char*))delete_connection;
- this->public.connection_store.add_connection = (status_t(*)(connection_store_t*,connection_t*))add_connection;
- this->public.connection_store.create_iterator = (iterator_t*(*)(connection_store_t*))create_iterator;
- this->public.connection_store.destroy = (void(*)(connection_store_t*))destroy;
-
- /* private variables */
- this->connections = linked_list_create();
- pthread_mutex_init(&(this->mutex), NULL);
-
- return (&this->public);
-}
diff --git a/src/charon/config/connections/local_connection_store.h b/src/charon/config/connections/local_connection_store.h
deleted file mode 100644
index e78ed809a..000000000
--- a/src/charon/config/connections/local_connection_store.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/**
- * @file local_connection_store.h
- *
- * @brief Interface of local_connection_store_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef LOCAL_CONNECTION_H_
-#define LOCAL_CONNECTION_H_
-
-typedef struct local_connection_store_t local_connection_store_t;
-
-#include <library.h>
-#include <config/connections/connection_store.h>
-
-/**
- * @brief A connection_store_t implementation using a simple connection list.
- *
- * The local_connection_store_t class implements the connection_store_t interface
- * as simple as possible. connection_t's are stored in an in-memory list.
- *
- * @b Constructors:
- * - local_connection_store_create()
- *
- * @todo Make thread-save first
- * @todo Add remove_connection method
- *
- * @ingroup config
- */
-struct local_connection_store_t {
-
- /**
- * Implements connection_store_t interface
- */
- connection_store_t connection_store;
-};
-
-/**
- * @brief Creates a local_connection_store_t instance.
- *
- * @return connection store instance.
- *
- * @ingroup config
- */
-local_connection_store_t * local_connection_store_create(void);
-
-#endif /* LOCAL_CONNECTION_H_ */
diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c
index b7b71b9e7..6964345b3 100644
--- a/src/charon/config/credentials/local_credential_store.c
+++ b/src/charon/config/credentials/local_credential_store.c
@@ -24,6 +24,7 @@
#include <dirent.h>
#include <string.h>
#include <pthread.h>
+#include <errno.h>
#include <library.h>
#include <utils/lexparser.h>
@@ -32,13 +33,13 @@
#include <crypto/certinfo.h>
#include <crypto/x509.h>
#include <crypto/ca.h>
+#include <crypto/ac.h>
#include <crypto/crl.h>
#include <asn1/ttodata.h>
#include "local_credential_store.h"
#define PATH_BUF 256
-#define MAX_CA_PATH_LEN 7
typedef struct shared_key_t shared_key_t;
@@ -103,24 +104,25 @@ static shared_key_t *shared_key_create(chunk_t secret)
| | ca_info_t |
| +--------------------------+
+---------------+ | char *name |
-| x509_t |<--| x509_t *cacert | +----------------------+
-+---------------+ | linked_list_t *certinfos |-->| certinfo_t |
-| chunk_t keyid | | linked_list_t *ocspuris | +----------------------+
-+---------------+ | crl_t *crl | | chunk_t serialNumber |
+| x509_t |<--| x509_t *cacert |
++---------------+ | linked_list_t *attrcerts | +----------------------+
+| chunk_t keyid | | linked_list_t *certinfos |-->| certinfo_t |
++---------------+ | linked_list_t *ocspuris | +----------------------+
+ | | crl_t *crl | | chunk_t serialNumber |
| | linked_list_t *crluris | | cert_status_t status |
- | | pthread_mutex_t mutex | | time_t thisUpdate |
-+---------------+ +--------------------------+ | time_t nextUpdate |
-| x509_t | | | bool once |
-+---------------+ | +----------------------+
-| chunk_t keyid | | |
-+---------------+ +------------------------- + +----------------------+
- | | ca_info_t | | certinfo_t |
- | +--------------------------+ +----------------------+
-+---------------+ | char *name | | chunk_t serialNumber |
-| x509_t |<--| x509_t *cacert | | cert_status_t status |
-+---------------+ | linked_list_t *certinfos | | time_t thisUpdate |
-| chunk_t keyid | | linked_list_t *ocspuris | | time_t nextUpdate |
-+---------------+ | crl_t *crl | | bool once |
++---------------+ | pthread_mutex_t mutex | | time_t thisUpdate |
+| x509_t | +--------------------------+ | time_t nextUpdate |
++---------------+ | | bool once |
+| chunk_t keyid | | +----------------------+
++---------------+ +------------------------- + |
+ | | ca_info_t | +----------------------+
+ | +--------------------------+ | certinfo_t |
++---------------+ | char *name | +----------------------+
+| x509_t |<--| x509_t *cacert | | chunk_t serialNumber |
++---------------+ | linked_list_t *attrcerts | | cert_status_t status |
+| chunk_t keyid | | linked_list_t *certinfos | | time_t thisUpdate |
++---------------+ | linked_list_t *ocspuris | | time_t nextUpdate |
+ | | crl_t *crl | | bool once |
| | linked_list_t *crluris | +----------------------+
| | pthread_mutex_t mutex; | |
| +--------------------------+
@@ -169,11 +171,6 @@ struct private_local_credential_store_t {
* list of X.509 CA information records
*/
linked_list_t *ca_infos;
-
- /**
- * enforce strict crl policy
- */
- bool strict;
};
@@ -302,39 +299,29 @@ static rsa_public_key_t *get_rsa_public_key(private_local_credential_store_t *th
}
/**
- * Implementation of local_credential_store_t.get_trusted_public_key.
+ * Implementation of credential_store_t.get_issuer.
*/
-static rsa_public_key_t *get_trusted_public_key(private_local_credential_store_t *this,
- identification_t *id)
+static ca_info_t* get_issuer(private_local_credential_store_t *this, x509_t *cert)
{
- cert_status_t status;
- err_t ugh;
-
- x509_t *cert = get_certificate(this, id);
-
- if (cert == NULL)
- return NULL;
+ ca_info_t *found = cert->get_ca_info(cert);
- ugh = cert->is_valid(cert, NULL);
- if (ugh != NULL)
+ if (found == NULL)
{
- DBG1(DBG_CFG, "certificate %s", ugh);
- return NULL;
- }
+ iterator_t *iterator = this->ca_infos->create_iterator(this->ca_infos, TRUE);
+ ca_info_t *ca_info;
- status = cert->get_status(cert);
- if (status == CERT_REVOKED || status == CERT_UNTRUSTED || (this->strict && status != CERT_GOOD))
- {
- DBG1(DBG_CFG, "certificate status: %N", cert_status_names, status);
- return NULL;
- }
- if (status == CERT_GOOD && cert->get_until(cert) < time(NULL))
- {
- DBG1(DBG_CFG, "certificate is good but crl is stale");
- return NULL;
+ while (iterator->iterate(iterator, (void**)&ca_info))
+ {
+ if (ca_info->is_cert_issuer(ca_info, cert))
+ {
+ found = ca_info;
+ cert->set_ca_info(cert, found);
+ break;
+ }
+ }
+ iterator->destroy(iterator);
}
-
- return cert->get_public_key(cert);
+ return found;
}
/**
@@ -435,29 +422,6 @@ static x509_t* get_ca_certificate_by_keyid(private_local_credential_store_t *thi
}
/**
- * Implementation of credential_store_t.get_issuer.
- */
-static ca_info_t* get_issuer(private_local_credential_store_t *this, const x509_t *cert)
-{
- ca_info_t *found = NULL;
- ca_info_t *ca_info;
-
- iterator_t *iterator = this->ca_infos->create_iterator(this->ca_infos, TRUE);
-
- while (iterator->iterate(iterator, (void**)&ca_info))
- {
- if (ca_info->is_cert_issuer(ca_info, cert))
- {
- found = ca_info;
- break;
- }
- }
- iterator->destroy(iterator);
-
- return found;
-}
-
-/**
* Find an exact copy of a certificate in a linked list
*/
static x509_t* find_certificate(linked_list_t *certs, x509_t *cert)
@@ -509,13 +473,13 @@ static void add_uris(ca_info_t *issuer, x509_t *cert)
/**
* Implementation of credential_store_t.is_trusted
*/
-static bool is_trusted(private_local_credential_store_t *this, x509_t *cert)
+static bool is_trusted(private_local_credential_store_t *this, const char *label, x509_t *cert)
{
int pathlen;
time_t until = UNDEFINED_TIME;
x509_t *cert_to_be_trusted = cert;
- DBG2(DBG_CFG, "establishing trust in certificate:");
+ DBG1(DBG_CFG, "establishing trust in %s certificate:", label);
for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
{
@@ -525,8 +489,8 @@ static bool is_trusted(private_local_credential_store_t *this, x509_t *cert)
rsa_public_key_t *issuer_public_key;
bool valid_signature;
- DBG2(DBG_CFG, "subject: '%D'", cert->get_subject(cert));
- DBG2(DBG_CFG, "issuer: '%D'", cert->get_issuer(cert));
+ DBG1(DBG_CFG, "subject: '%D'", cert->get_subject(cert));
+ DBG1(DBG_CFG, "issuer: '%D'", cert->get_issuer(cert));
ugh = cert->is_valid(cert, &until);
if (ugh != NULL)
@@ -558,18 +522,19 @@ static bool is_trusted(private_local_credential_store_t *this, x509_t *cert)
/* check if cert is a self-signed root ca */
if (pathlen > 0 && cert->is_self_signed(cert))
{
- DBG2(DBG_CFG, "reached self-signed root ca");
+ DBG1(DBG_CFG, "reached self-signed root ca");
cert_to_be_trusted->set_until(cert_to_be_trusted, until);
cert_to_be_trusted->set_status(cert_to_be_trusted, CERT_GOOD);
return TRUE;
}
else
{
- /* go up one step in the trust chain */
+ DBG1(DBG_CFG, "going up one step in the certificate trust chain (%d)",
+ pathlen + 1);
cert = issuer_cert;
}
}
- DBG1(DBG_CFG, "maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
+ DBG1(DBG_CFG, "maximum ca path length of %d levels reached", MAX_CA_PATH_LEN);
return FALSE;
}
@@ -584,7 +549,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
x509_t *end_cert = cert;
x509_t *cert_copy = find_certificate(this->certs, end_cert);
- DBG2(DBG_CFG, "verifying end entity certificate:");
+ DBG1(DBG_CFG, "verifying end entity certificate up to trust anchor:");
*found = (cert_copy != NULL);
if (*found)
@@ -595,14 +560,16 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
{
+ bool valid_signature;
err_t ugh = NULL;
ca_info_t *issuer;
x509_t *issuer_cert;
rsa_public_key_t *issuer_public_key;
- bool valid_signature;
+ chunk_t keyid = cert->get_keyid(cert);
DBG1(DBG_CFG, "subject: '%D'", cert->get_subject(cert));
DBG1(DBG_CFG, "issuer: '%D'", cert->get_issuer(cert));
+ DBG1(DBG_CFG, "keyid: %#B", &keyid);
ugh = cert->is_valid(cert, &until);
if (ugh != NULL)
@@ -647,24 +614,29 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
}
else
{
+ bool strict;
time_t nextUpdate;
cert_status_t status;
certinfo_t *certinfo = certinfo_create(cert->get_serialNumber(cert));
- certinfo->set_nextUpdate(certinfo, until);
-
if (pathlen == 0)
{
/* add any crl and ocsp uris contained in the certificate under test */
add_uris(issuer, cert);
}
+ strict = issuer->is_strict(issuer);
+ DBG1(DBG_CFG, "issuer %s a strict crl policy",
+ strict ? "enforces":"does not enforce");
+
/* first check certificate revocation using ocsp */
status = issuer->verify_by_ocsp(issuer, certinfo, &this->public.credential_store);
/* if ocsp service is not available then fall back to crl */
- if ((status == CERT_UNDEFINED) || (status == CERT_UNKNOWN && this->strict))
+ if ((status == CERT_UNDEFINED) || (status == CERT_UNKNOWN && strict))
{
+
+ certinfo->set_status(certinfo, CERT_UNKNOWN);
status = issuer->verify_by_crl(issuer, certinfo, CRL_DIR);
}
@@ -674,23 +646,23 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
switch (status)
{
case CERT_GOOD:
- /* set nextUpdate */
- cert->set_until(cert, nextUpdate);
+ /* with strict crl policy the public key must have the same
+ * lifetime as the validity of the ocsp status or crl lifetime
+ */
+ if (strict)
+ {
+ cert->set_until(cert, nextUpdate);
+ until = (nextUpdate < until)? nextUpdate : until;
+ }
/* if status information is stale */
- if (this->strict && nextUpdate < time(NULL))
+ if (strict && nextUpdate < time(NULL))
{
DBG2(DBG_CFG, "certificate is good but status is stale");
certinfo->destroy(certinfo);
return FALSE;
}
DBG1(DBG_CFG, "certificate is good");
-
- /* with strict crl policy the public key must have the same
- * lifetime as the validity of the ocsp status or crl lifetime
- */
- if (this->strict && nextUpdate < until)
- until = nextUpdate;
break;
case CERT_REVOKED:
{
@@ -724,7 +696,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
case CERT_UNDEFINED:
default:
DBG1(DBG_CFG, "certificate status unknown");
- if (this->strict)
+ if (strict)
{
/* update status of end certificate in the credential store */
if (cert_copy)
@@ -738,14 +710,97 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
}
certinfo->destroy(certinfo);
}
- /* go up one step in the trust chain */
+ DBG1(DBG_CFG, "going up one step in the certificate trust chain (%d)",
+ pathlen + 1);
cert = issuer_cert;
}
- DBG1(DBG_CFG, "maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
+ DBG1(DBG_CFG, "maximum ca path length of %d levels reached", MAX_CA_PATH_LEN);
return FALSE;
}
/**
+ * Implementation of local_credential_store_t.verify_signature.
+ */
+static status_t verify_signature(private_local_credential_store_t *this,
+ chunk_t hash, chunk_t sig,
+ identification_t *id, ca_info_t **issuer_p)
+{
+ iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE);
+ status_t sig_status;
+ x509_t *cert;
+
+ /* default return values in case of failure */
+ sig_status = NOT_FOUND;
+ *issuer_p = NULL;
+
+ while (iterator->iterate(iterator, (void**)&cert))
+ {
+ if (id->equals(id, cert->get_subject(cert))
+ || cert->equals_subjectAltName(cert, id))
+ {
+ rsa_public_key_t *public_key = cert->get_public_key(cert);
+ cert_status_t cert_status = cert->get_status(cert);
+
+ DBG2(DBG_CFG, "found candidate peer certificate");
+
+ if (cert_status == CERT_UNDEFINED || cert->get_until(cert) < time(NULL))
+ {
+ bool found;
+
+ if (!verify(this, cert, &found))
+ {
+ sig_status = VERIFY_ERROR;
+ DBG1(DBG_CFG, "candidate peer certificate was not successfully verified");
+ continue;
+ }
+ *issuer_p = get_issuer(this, cert);
+ }
+ else
+ {
+ ca_info_t *issuer = get_issuer(this, cert);
+ chunk_t keyid = public_key->get_keyid(public_key);
+
+ DBG2(DBG_CFG, "subject: '%D'", cert->get_subject(cert));
+ DBG2(DBG_CFG, "issuer: '%D'", cert->get_issuer(cert));
+ DBG2(DBG_CFG, "keyid: %#B", &keyid);
+
+ if (issuer == NULL)
+ {
+ DBG1(DBG_CFG, "candidate peer certificate has no retrievable issuer");
+ sig_status = NOT_FOUND;
+ continue;
+ }
+ if (cert_status == CERT_REVOKED || cert_status == CERT_UNTRUSTED
+ || ((issuer)->is_strict(issuer) && cert_status != CERT_GOOD))
+ {
+ DBG1(DBG_CFG, "candidate peer certificate has an inacceptable status: %N", cert_status_names, cert_status);
+ sig_status = VERIFY_ERROR;
+ continue;
+ }
+ *issuer_p = issuer;
+ }
+ sig_status = public_key->verify_emsa_pkcs1_signature(public_key, hash, sig);
+ if (sig_status == SUCCESS)
+ {
+ DBG2(DBG_CFG, "candidate peer certificate has a matching RSA public key");
+ break;
+ }
+ else
+ {
+ DBG1(DBG_CFG, "candidate peer certificate has a non-matching RSA public key");
+ *issuer_p = NULL;
+ }
+ }
+ }
+ iterator->destroy(iterator);
+ if (sig_status == NOT_FOUND)
+ {
+ DBG1(DBG_CFG, "no candidate peer certificate found");
+ }
+ return sig_status;
+}
+
+/**
* Add a unique certificate to a linked list
*/
static x509_t* add_certificate(linked_list_t *certs, x509_t *cert)
@@ -770,7 +825,7 @@ static x509_t* add_certificate(linked_list_t *certs, x509_t *cert)
/**
* Add a unique ca info record to a linked list
*/
-static void add_ca_info(private_local_credential_store_t *this, ca_info_t *ca_info)
+static ca_info_t* add_ca_info(private_local_credential_store_t *this, ca_info_t *ca_info)
{
ca_info_t *current_ca_info;
ca_info_t *found_ca_info = NULL;
@@ -791,11 +846,13 @@ static void add_ca_info(private_local_credential_store_t *this, ca_info_t *ca_in
{
current_ca_info->add_info(current_ca_info, ca_info);
ca_info->destroy(ca_info);
+ ca_info = found_ca_info;
}
else
{
this->ca_infos->insert_last(this->ca_infos, (void*)ca_info);
}
+ return ca_info;
}
/**
@@ -886,12 +943,12 @@ static void load_auth_certificates(private_local_credential_store_t *this,
struct stat stb;
DIR* dir;
- DBG1(DBG_CFG, "loading %s certificates from '%s/'", label, path);
+ DBG1(DBG_CFG, "loading %s certificates from '%s'", label, path);
dir = opendir(path);
if (dir == NULL)
{
- DBG1(DBG_CFG, "error opening %s certs directory %s'", label, path);
+ DBG1(DBG_CFG, "error opening %s certs directory '%s'", label, path);
return;
}
@@ -962,12 +1019,15 @@ static void load_ca_certificates(private_local_credential_store_t *this)
while (iterator->iterate(iterator, (void **)&ca_info))
{
- x509_t *cacert = ca_info->get_certificate(ca_info);
- ca_info_t *issuer = get_issuer(this, cacert);
-
- if (issuer)
+ if (ca_info->is_ca(ca_info))
{
- add_uris(issuer, cacert);
+ x509_t *cacert = ca_info->get_certificate(ca_info);
+ ca_info_t *issuer = get_issuer(this, cacert);
+
+ if (issuer)
+ {
+ add_uris(issuer, cacert);
+ }
}
}
iterator->destroy(iterator);
@@ -975,6 +1035,74 @@ static void load_ca_certificates(private_local_credential_store_t *this)
}
/**
+ * Implements local_credential_store_t.load_aa_certificates
+ */
+static void load_aa_certificates(private_local_credential_store_t *this)
+{
+ load_auth_certificates(this, AUTH_AA, "aa", AA_CERTIFICATE_DIR);
+}
+
+/**
+ * Add a unique attribute certificate to a linked list
+ */
+static void add_attr_certificate(private_local_credential_store_t *this, x509ac_t *cert)
+{
+ /* TODO add a new attribute certificate to the linked list */
+}
+
+/**
+ * Implements local_credential_store_t.load_attr_certificates
+ */
+static void load_attr_certificates(private_local_credential_store_t *this)
+{
+ struct dirent* entry;
+ struct stat stb;
+ DIR* dir;
+
+ const char *path = ATTR_CERTIFICATE_DIR;
+
+ DBG1(DBG_CFG, "loading attribute certificates from '%s'", path);
+
+ dir = opendir(ATTR_CERTIFICATE_DIR);
+ if (dir == NULL)
+ {
+ DBG1(DBG_CFG, "error opening attribute certs directory '%s'", path);
+ return;
+ }
+
+ while ((entry = readdir(dir)) != NULL)
+ {
+ char file[PATH_BUF];
+
+ snprintf(file, sizeof(file), "%s/%s", path, entry->d_name);
+
+ if (stat(file, &stb) == -1)
+ {
+ continue;
+ }
+ /* try to parse all regular files */
+ if (stb.st_mode & S_IFREG)
+ {
+ x509ac_t *cert = x509ac_create_from_file(file);
+
+ if (cert)
+ {
+ err_t ugh = cert->is_valid(cert, NULL);
+
+ if (ugh != NULL)
+ {
+ DBG1(DBG_CFG, "warning: attribute certificate %s", ugh);
+ }
+ add_attr_certificate(this, cert);
+ }
+ }
+ }
+ closedir(dir);
+
+
+}
+
+/**
* Implements local_credential_store_t.load_ocsp_certificates
*/
static void load_ocsp_certificates(private_local_credential_store_t *this)
@@ -993,7 +1121,7 @@ static void add_crl(private_local_credential_store_t *this, crl_t *crl, const ch
while (iterator->iterate(iterator, (void**)&ca_info))
{
- if (ca_info->is_crl_issuer(ca_info, crl))
+ if (ca_info->is_ca(ca_info) && ca_info->is_crl_issuer(ca_info, crl))
{
char buffer[BUF_LEN];
chunk_t uri = { buffer, 7 + strlen(path) };
@@ -1027,12 +1155,12 @@ static void load_crls(private_local_credential_store_t *this)
DIR* dir;
crl_t *crl;
- DBG1(DBG_CFG, "loading crls from '%s/'", CRL_DIR);
+ DBG1(DBG_CFG, "loading crls from '%s'", CRL_DIR);
dir = opendir(CRL_DIR);
if (dir == NULL)
{
- DBG1(DBG_CFG, "error opening crl directory %s'", CRL_DIR);
+ DBG1(DBG_CFG, "error opening crl directory '%s'", CRL_DIR);
return;
}
@@ -1300,7 +1428,8 @@ error:
}
else
{
- DBG1(DBG_CFG, "could not open file '%s'", SECRETS_FILE);
+ DBG1(DBG_CFG, "could not open file '%s': %s", SECRETS_FILE,
+ strerror(errno));
}
}
@@ -1321,7 +1450,7 @@ static void destroy(private_local_credential_store_t *this)
/**
* Described in header.
*/
-local_credential_store_t * local_credential_store_create(bool strict)
+local_credential_store_t * local_credential_store_create(void)
{
private_local_credential_store_t *this = malloc_thing(private_local_credential_store_t);
@@ -1330,21 +1459,23 @@ local_credential_store_t * local_credential_store_create(bool strict)
this->public.credential_store.get_rsa_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_rsa_public_key;
this->public.credential_store.get_rsa_private_key = (rsa_private_key_t* (*) (credential_store_t*,rsa_public_key_t*))get_rsa_private_key;
this->public.credential_store.has_rsa_private_key = (bool (*) (credential_store_t*,rsa_public_key_t*))has_rsa_private_key;
- this->public.credential_store.get_trusted_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_trusted_public_key;
this->public.credential_store.get_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_certificate;
this->public.credential_store.get_auth_certificate = (x509_t* (*) (credential_store_t*,u_int,identification_t*))get_auth_certificate;
this->public.credential_store.get_ca_certificate_by_keyid = (x509_t* (*) (credential_store_t*,chunk_t))get_ca_certificate_by_keyid;
- this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,const x509_t*))get_issuer;
- this->public.credential_store.is_trusted = (bool (*) (credential_store_t*,x509_t*))is_trusted;
+ this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,x509_t*))get_issuer;
+ this->public.credential_store.is_trusted = (bool (*) (credential_store_t*,const char*,x509_t*))is_trusted;
+ this->public.credential_store.verify_signature = (status_t (*) (credential_store_t*,chunk_t,chunk_t,identification_t*,ca_info_t**))verify_signature;
this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify;
this->public.credential_store.add_end_certificate = (x509_t* (*) (credential_store_t*,x509_t*))add_end_certificate;
this->public.credential_store.add_auth_certificate = (x509_t* (*) (credential_store_t*,x509_t*,u_int))add_auth_certificate;
- this->public.credential_store.add_ca_info = (void (*) (credential_store_t*,ca_info_t*))add_ca_info;
+ this->public.credential_store.add_ca_info = (ca_info_t* (*) (credential_store_t*,ca_info_t*))add_ca_info;
this->public.credential_store.release_ca_info = (status_t (*) (credential_store_t*,const char*))release_ca_info;
this->public.credential_store.create_cert_iterator = (iterator_t* (*) (credential_store_t*))create_cert_iterator;
this->public.credential_store.create_auth_cert_iterator = (iterator_t* (*) (credential_store_t*))create_auth_cert_iterator;
this->public.credential_store.create_cainfo_iterator = (iterator_t* (*) (credential_store_t*))create_cainfo_iterator;
this->public.credential_store.load_ca_certificates = (void (*) (credential_store_t*))load_ca_certificates;
+ this->public.credential_store.load_aa_certificates = (void (*) (credential_store_t*))load_aa_certificates;
+ this->public.credential_store.load_attr_certificates = (void (*) (credential_store_t*))load_attr_certificates;
this->public.credential_store.load_ocsp_certificates = (void (*) (credential_store_t*))load_ocsp_certificates;
this->public.credential_store.load_crls = (void (*) (credential_store_t*))load_crls;
this->public.credential_store.load_secrets = (void (*) (credential_store_t*))load_secrets;
@@ -1357,7 +1488,6 @@ local_credential_store_t * local_credential_store_create(bool strict)
this->certs = linked_list_create();
this->auth_certs = linked_list_create();
this->ca_infos = linked_list_create();
- this->strict = strict;
return (&this->public);
}
diff --git a/src/charon/config/credentials/local_credential_store.h b/src/charon/config/credentials/local_credential_store.h
index 88a94d6f9..87a12663a 100644
--- a/src/charon/config/credentials/local_credential_store.h
+++ b/src/charon/config/credentials/local_credential_store.h
@@ -54,11 +54,10 @@ struct local_credential_store_t {
/**
* @brief Creates a local_credential_store_t instance.
*
- * @param strict enforce a strict crl policy
* @return credential store instance.
*
* @ingroup config
*/
-local_credential_store_t *local_credential_store_create(bool strict);
+local_credential_store_t *local_credential_store_create(void);
#endif /* LOCAL_CREDENTIAL_H_ */
diff --git a/src/charon/config/ike_cfg.c b/src/charon/config/ike_cfg.c
new file mode 100644
index 000000000..35f46a6b7
--- /dev/null
+++ b/src/charon/config/ike_cfg.c
@@ -0,0 +1,228 @@
+/**
+ * @file ike_cfg.c
+ *
+ * @brief Implementation of ike_cfg_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005-2007 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ike_cfg.h"
+
+#include <string.h>
+
+
+typedef struct private_ike_cfg_t private_ike_cfg_t;
+
+/**
+ * Private data of an ike_cfg_t object
+ */
+struct private_ike_cfg_t {
+
+ /**
+ * Public part
+ */
+ ike_cfg_t public;
+
+ /**
+ * Number of references hold by others to this ike_cfg
+ */
+ refcount_t refcount;
+
+ /**
+ * Address of local host
+ */
+ host_t *my_host;
+
+ /**
+ * Address of remote host
+ */
+ host_t *other_host;
+
+ /**
+ * should we send a certificate request?
+ */
+ bool certreq;
+
+ /**
+ * List of proposals to use
+ */
+ linked_list_t *proposals;
+};
+
+/**
+ * Implementation of ike_cfg_t.certreq.
+ */
+static bool send_certreq(private_ike_cfg_t *this)
+{
+ return this->certreq;
+}
+
+/**
+ * Implementation of ike_cfg_t.get_my_host.
+ */
+static host_t *get_my_host (private_ike_cfg_t *this)
+{
+ return this->my_host;
+}
+
+/**
+ * Implementation of ike_cfg_t.get_other_host.
+ */
+static host_t *get_other_host (private_ike_cfg_t *this)
+{
+ return this->other_host;
+}
+
+/**
+ * Implementation of ike_cfg_t.add_proposal.
+ */
+static void add_proposal(private_ike_cfg_t *this, proposal_t *proposal)
+{
+ this->proposals->insert_last(this->proposals, proposal);
+}
+
+/**
+ * Implementation of ike_cfg_t.get_proposals.
+ */
+static linked_list_t* get_proposals(private_ike_cfg_t *this)
+{
+ iterator_t *iterator;
+ proposal_t *current;
+ linked_list_t *proposals = linked_list_create();
+
+ iterator = this->proposals->create_iterator(this->proposals, TRUE);
+ while (iterator->iterate(iterator, (void**)&current))
+ {
+ current = current->clone(current);
+ proposals->insert_last(proposals, (void*)current);
+ }
+ iterator->destroy(iterator);
+
+ return proposals;
+}
+
+/**
+ * Implementation of ike_cfg_t.select_proposal.
+ */
+static proposal_t *select_proposal(private_ike_cfg_t *this,
+ linked_list_t *proposals)
+{
+ iterator_t *stored_iter, *supplied_iter;
+ proposal_t *stored, *supplied, *selected;
+
+ stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
+ supplied_iter = proposals->create_iterator(proposals, TRUE);
+
+ /* compare all stored proposals with all supplied. Stored ones are preferred.*/
+ while (stored_iter->iterate(stored_iter, (void**)&stored))
+ {
+ supplied_iter->reset(supplied_iter);
+
+ while (supplied_iter->iterate(supplied_iter, (void**)&supplied))
+ {
+ selected = stored->select(stored, supplied);
+ if (selected)
+ {
+ /* they match, return */
+ stored_iter->destroy(stored_iter);
+ supplied_iter->destroy(supplied_iter);
+ return selected;
+ }
+ }
+ }
+ /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
+ stored_iter->destroy(stored_iter);
+ supplied_iter->destroy(supplied_iter);
+
+ return NULL;
+}
+
+/**
+ * Implementation of ike_cfg_t.get_dh_group.
+ */
+static diffie_hellman_group_t get_dh_group(private_ike_cfg_t *this)
+{
+ iterator_t *iterator;
+ proposal_t *proposal;
+ algorithm_t *algo;
+ diffie_hellman_group_t dh_group = MODP_NONE;
+
+ iterator = this->proposals->create_iterator(this->proposals, TRUE);
+ while (iterator->iterate(iterator, (void**)&proposal))
+ {
+ if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &algo))
+ {
+ dh_group = algo->algorithm;
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+ return dh_group;
+}
+
+/**
+ * Implementation of ike_cfg_t.get_ref.
+ */
+static void get_ref(private_ike_cfg_t *this)
+{
+ ref_get(&this->refcount);
+}
+
+/**
+ * Implementation of ike_cfg_t.destroy.
+ */
+static void destroy(private_ike_cfg_t *this)
+{
+ if (ref_put(&this->refcount))
+ {
+ this->proposals->destroy_offset(this->proposals,
+ offsetof(proposal_t, destroy));
+ this->my_host->destroy(this->my_host);
+ this->other_host->destroy(this->other_host);
+ free(this);
+ }
+}
+
+/**
+ * Described in header.
+ */
+ike_cfg_t *ike_cfg_create(bool certreq, host_t *my_host, host_t *other_host)
+{
+ private_ike_cfg_t *this = malloc_thing(private_ike_cfg_t);
+
+ /* public functions */
+ this->public.send_certreq = (bool(*)(ike_cfg_t*))send_certreq;
+ this->public.get_my_host = (host_t*(*)(ike_cfg_t*))get_my_host;
+ this->public.get_other_host = (host_t*(*)(ike_cfg_t*))get_other_host;
+ this->public.add_proposal = (void(*)(ike_cfg_t*, proposal_t*)) add_proposal;
+ this->public.get_proposals = (linked_list_t*(*)(ike_cfg_t*))get_proposals;
+ this->public.select_proposal = (proposal_t*(*)(ike_cfg_t*,linked_list_t*))select_proposal;
+ this->public.get_dh_group = (diffie_hellman_group_t(*)(ike_cfg_t*)) get_dh_group;
+ this->public.get_ref = (void(*)(ike_cfg_t*))get_ref;
+ this->public.destroy = (void(*)(ike_cfg_t*))destroy;
+
+ /* private variables */
+ this->refcount = 1;
+ this->certreq = certreq;
+ this->my_host = my_host;
+ this->other_host = other_host;
+
+ this->proposals = linked_list_create();
+
+ return &this->public;
+}
diff --git a/src/charon/config/ike_cfg.h b/src/charon/config/ike_cfg.h
new file mode 100644
index 000000000..bcdc90d9e
--- /dev/null
+++ b/src/charon/config/ike_cfg.h
@@ -0,0 +1,151 @@
+/**
+ * @file ike_cfg.h
+ *
+ * @brief Interface of ike_cfg_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005-2007 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef IKE_CFG_H_
+#define IKE_CFG_H_
+
+typedef struct ike_cfg_t ike_cfg_t;
+
+#include <library.h>
+#include <utils/host.h>
+#include <utils/linked_list.h>
+#include <utils/identification.h>
+#include <config/proposal.h>
+#include <crypto/diffie_hellman.h>
+
+/**
+ * @brief An ike_cfg_t defines the rules to set up an IKE_SA.
+ *
+ * @see peer_cfg_t to get an overview over the configurations.
+ *
+ * @b Constructors:
+ * - ike_cfg_create()
+ *
+ * @ingroup config
+ */
+struct ike_cfg_t {
+
+ /**
+ * @brief Get own address.
+ *
+ * @param this calling object
+ * @return host information as host_t object
+ */
+ host_t* (*get_my_host) (ike_cfg_t *this);
+
+ /**
+ * @brief Get peers address.
+ *
+ * @param this calling object
+ * @return host information as host_t object
+ */
+ host_t* (*get_other_host) (ike_cfg_t *this);
+
+ /**
+ * @brief Adds a proposal to the list.
+ *
+ * The first added proposal has the highest priority, the last
+ * added the lowest.
+ *
+ * @param this calling object
+ * @param proposal proposal to add
+ */
+ void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
+
+ /**
+ * @brief Returns a list of all supported proposals.
+ *
+ * Returned list and its proposals must be destroyed after use.
+ *
+ * @param this calling object
+ * @return list containing all the proposals
+ */
+ linked_list_t* (*get_proposals) (ike_cfg_t *this);
+
+ /**
+ * @brief Select a proposed from suggested proposals.
+ *
+ * Returned proposal must be destroyed after use.
+ *
+ * @param this calling object
+ * @param proposals list of proposals to select from
+ * @return selected proposal, or NULL if none matches.
+ */
+ proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals);
+
+ /**
+ * @brief Should we send a certificate request in IKE_SA_INIT?
+ *
+ * @param this calling object
+ * @return certificate request sending policy
+ */
+ bool (*send_certreq) (ike_cfg_t *this);
+
+ /**
+ * @brief Get the DH group to use for IKE_SA setup.
+ *
+ * @param this calling object
+ * @return dh group to use for initialization
+ */
+ diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
+
+ /**
+ * @brief Get a new reference to this ike_cfg.
+ *
+ * Get a new reference to this ike_cfg by increasing
+ * it's internal reference counter.
+ * Do not call get_ref or any other function until you
+ * already have a reference. Otherwise the object may get
+ * destroyed while calling get_ref(),
+ *
+ * @param this calling object
+ */
+ void (*get_ref) (ike_cfg_t *this);
+
+ /**
+ * @brief Destroys a ike_cfg_t object.
+ *
+ * Decrements the internal reference counter and
+ * destroys the ike_cfg when it reaches zero.
+ *
+ * @param this calling object
+ */
+ void (*destroy) (ike_cfg_t *this);
+};
+
+/**
+ * @brief Creates a ike_cfg_t object.
+ *
+ * Supplied hosts become owned by ike_cfg, the name gets cloned.
+ *
+ * @param name ike_cfg identifier
+ * @param certreq TRUE to send a certificate request
+ * @param my_host host_t representing local address
+ * @param other_host host_t representing remote address
+ * @return ike_cfg_t object.
+ *
+ * @ingroup config
+ */
+ike_cfg_t *ike_cfg_create(bool certreq, host_t *my_host, host_t *other_host);
+
+#endif /* IKE_CFG_H_ */
diff --git a/src/charon/config/peer_cfg.c b/src/charon/config/peer_cfg.c
new file mode 100644
index 000000000..1d9176e0d
--- /dev/null
+++ b/src/charon/config/peer_cfg.c
@@ -0,0 +1,479 @@
+/**
+ * @file peer_cfg.c
+ *
+ * @brief Implementation of peer_cfg_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005-2007 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+#include <pthread.h>
+
+#include "peer_cfg.h"
+
+#include <utils/linked_list.h>
+#include <utils/identification.h>
+
+ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
+ "CERT_ALWAYS_SEND",
+ "CERT_SEND_IF_ASKED",
+ "CERT_NEVER_SEND"
+);
+
+ENUM(dpd_action_names, DPD_NONE, DPD_RESTART,
+ "DPD_NONE",
+ "DPD_CLEAR",
+ "DPD_ROUTE",
+ "DPD_RESTART"
+);
+
+typedef struct private_peer_cfg_t private_peer_cfg_t;
+
+/**
+ * Private data of an peer_cfg_t object
+ */
+struct private_peer_cfg_t {
+
+ /**
+ * Public part
+ */
+ peer_cfg_t public;
+
+ /**
+ * Number of references hold by others to this peer_cfg
+ */
+ refcount_t refcount;
+
+ /**
+ * Name of the peer_cfg, used to query it
+ */
+ char *name;
+
+ /**
+ * IKE version to use for initiation
+ */
+ u_int ike_version;
+
+ /**
+ * IKE config associated to this peer config
+ */
+ ike_cfg_t *ike_cfg;
+
+ /**
+ * list of child configs associated to this peer config
+ */
+ linked_list_t *child_cfgs;
+
+ /**
+ * mutex to lock access to list of child_cfgs
+ */
+ pthread_mutex_t mutex;
+
+ /**
+ * id to use to identify us
+ */
+ identification_t *my_id;
+
+ /**
+ * allowed id for other
+ */
+ identification_t *other_id;
+
+ /**
+ * we have a cert issued by this CA
+ */
+ identification_t *my_ca;
+
+ /**
+ * we require the other end to have a cert issued by this CA
+ */
+ identification_t *other_ca;
+
+ /**
+ * should we send a certificate
+ */
+ cert_policy_t cert_policy;
+
+ /**
+ * Method to use for own authentication data
+ */
+ auth_method_t auth_method;
+
+ /**
+ * EAP type to use for peer authentication
+ */
+ eap_type_t eap_type;
+
+ /**
+ * number of tries after giving up if peer does not respond
+ */
+ u_int32_t keyingtries;
+
+ /**
+ * user reauthentication instead of rekeying
+ */
+ bool use_reauth;
+
+ /**
+ * Time before an SA gets invalid
+ */
+ u_int32_t lifetime;
+
+ /**
+ * Time before an SA gets rekeyed
+ */
+ u_int32_t rekeytime;
+
+ /**
+ * Time, which specifies the range of a random value
+ * substracted from lifetime.
+ */
+ u_int32_t jitter;
+
+ /**
+ * What to do with an SA when other peer seams to be dead?
+ */
+ bool dpd_delay;
+
+ /**
+ * What to do with CHILDren when other peer seams to be dead?
+ */
+ bool dpd_action;
+
+ /**
+ * virtual IP to use locally
+ */
+ host_t *my_virtual_ip;
+
+ /**
+ * virtual IP to use remotly
+ */
+ host_t *other_virtual_ip;
+};
+
+/**
+ * Implementation of peer_cfg_t.get_name
+ */
+static char *get_name(private_peer_cfg_t *this)
+{
+ return this->name;
+}
+
+/**
+ * Implementation of peer_cfg_t.get_ike_version
+ */
+static u_int get_ike_version(private_peer_cfg_t *this)
+{
+ return this->ike_version;
+}
+
+/**
+ * Implementation of peer_cfg_t.get_ike_cfg
+ */
+static ike_cfg_t* get_ike_cfg(private_peer_cfg_t *this)
+{
+ return this->ike_cfg;
+}
+
+/**
+ * Implementation of peer_cfg_t.add_child_cfg.
+ */
+static void add_child_cfg(private_peer_cfg_t *this, child_cfg_t *child_cfg)
+{
+ pthread_mutex_lock(&this->mutex);
+ this->child_cfgs->insert_last(this->child_cfgs, child_cfg);
+ pthread_mutex_unlock(&this->mutex);
+}
+
+/**
+ * Implementation of peer_cfg_t.create_child_cfg_iterator.
+ */
+static iterator_t* create_child_cfg_iterator(private_peer_cfg_t *this)
+{
+ return this->child_cfgs->create_iterator_locked(this->child_cfgs,
+ &this->mutex);
+}
+
+/**
+ * Check if child_cfg contains traffic selectors
+ */
+static bool contains_ts(child_cfg_t *child, bool mine, linked_list_t *ts,
+ host_t *host)
+{
+ linked_list_t *selected;
+ bool contains = FALSE;
+
+ selected = child->get_traffic_selectors(child, mine, ts, host);
+ contains = selected->get_count(selected);
+ selected->destroy_offset(selected, offsetof(traffic_selector_t, destroy));
+ return contains;
+}
+
+/**
+ * Implementation of peer_cfg_t.select_child_cfg
+ */
+static child_cfg_t* select_child_cfg(private_peer_cfg_t *this,
+ linked_list_t *my_ts,
+ linked_list_t *other_ts,
+ host_t *my_host, host_t *other_host)
+{
+ child_cfg_t *current, *found = NULL;
+ iterator_t *iterator;
+
+ iterator = create_child_cfg_iterator(this);
+ while (iterator->iterate(iterator, (void**)&current))
+ {
+ if (contains_ts(current, TRUE, my_ts, my_host) &&
+ contains_ts(current, FALSE, other_ts, other_host))
+ {
+ found = current;
+ found->get_ref(found);
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+ return found;
+}
+
+/**
+ * Implementation of peer_cfg_t.get_my_id
+ */
+static identification_t *get_my_id(private_peer_cfg_t *this)
+{
+ return this->my_id;
+}
+
+/**
+ * Implementation of peer_cfg_t.get_other_id
+ */
+static identification_t *get_other_id(private_peer_cfg_t *this)
+{
+ return this->other_id;
+}
+
+/**
+ * Implementation of peer_cfg_t.get_my_ca
+ */
+static identification_t *get_my_ca(private_peer_cfg_t *this)
+{
+ return this->my_ca;
+}
+
+static identification_t *get_other_ca(private_peer_cfg_t *this)
+{
+ return this->other_ca;
+}
+
+/**
+ * Implementation of peer_cfg_t.get_cert_policy.
+ */
+static cert_policy_t get_cert_policy(private_peer_cfg_t *this)
+{
+ return this->cert_policy;
+}
+
+/**
+ * Implementation of connection_t.auth_method_t.
+ */
+static auth_method_t get_auth_method(private_peer_cfg_t *this)
+{
+ return this->auth_method;
+}
+
+/**
+ * Implementation of connection_t.get_eap_type.
+ */
+static eap_type_t get_eap_type(private_peer_cfg_t *this)
+{
+ return this->eap_type;
+}
+
+/**
+ * Implementation of connection_t.get_keyingtries.
+ */
+static u_int32_t get_keyingtries(private_peer_cfg_t *this)
+{
+ return this->keyingtries;
+}
+
+/**
+ * Implementation of peer_cfg_t.get_soft_lifetime
+ */
+static u_int32_t get_lifetime(private_peer_cfg_t *this, bool rekey)
+{
+ if (rekey)
+ {
+ if (this->jitter == 0)
+ {
+ return this->rekeytime;
+ }
+ return this->rekeytime - (random() % this->jitter);
+ }
+ return this->lifetime;
+}
+
+/**
+ * Implementation of peer_cfg_t.use_reauth.
+ */
+static bool use_reauth(private_peer_cfg_t *this, bool rekey)
+{
+ return this->use_reauth;
+}
+
+/**
+ * Implements peer_cfg_t.get_dpd_delay
+ */
+static u_int32_t get_dpd_delay(private_peer_cfg_t *this)
+{
+ return this->dpd_delay;
+}
+
+/**
+ * Implements peer_cfg_t.get_dpd_action
+ */
+static dpd_action_t get_dpd_action(private_peer_cfg_t *this)
+{
+ return this->dpd_action;
+}
+
+/**
+ * Implementation of peer_cfg_t.get_my_virtual_ip.
+ */
+static host_t* get_my_virtual_ip(private_peer_cfg_t *this)
+{
+ if (this->my_virtual_ip == NULL)
+ {
+ return NULL;
+ }
+ return this->my_virtual_ip->clone(this->my_virtual_ip);
+}
+
+/**
+ * Implementation of peer_cfg_t.get_other_virtual_ip.
+ */
+static host_t* get_other_virtual_ip(private_peer_cfg_t *this, host_t *suggestion)
+{
+ if (this->other_virtual_ip == NULL)
+ { /* disallow */
+ return NULL;
+ }
+ if (!this->other_virtual_ip->is_anyaddr(this->other_virtual_ip))
+ { /* force own configuration */
+ return this->other_virtual_ip->clone(this->other_virtual_ip);
+ }
+ if (suggestion == NULL || suggestion->is_anyaddr(suggestion))
+ {
+ return NULL;
+ }
+ return suggestion->clone(suggestion);
+}
+
+/**
+ * Implements peer_cfg_t.get_ref.
+ */
+static void get_ref(private_peer_cfg_t *this)
+{
+ ref_get(&this->refcount);
+}
+
+/**
+ * Implements peer_cfg_t.destroy.
+ */
+static void destroy(private_peer_cfg_t *this)
+{
+ if (ref_put(&this->refcount))
+ {
+ this->ike_cfg->destroy(this->ike_cfg);
+ this->child_cfgs->destroy_offset(this->child_cfgs, offsetof(child_cfg_t, destroy));
+ this->my_id->destroy(this->my_id);
+ this->other_id->destroy(this->other_id);
+ DESTROY_IF(this->my_ca);
+ DESTROY_IF(this->other_ca);
+
+ DESTROY_IF(this->my_virtual_ip);
+ DESTROY_IF(this->other_virtual_ip);
+ free(this->name);
+ free(this);
+ }
+}
+
+/*
+ * Described in header-file
+ */
+peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg,
+ identification_t *my_id, identification_t *other_id,
+ identification_t *my_ca, identification_t *other_ca,
+ cert_policy_t cert_policy, auth_method_t auth_method,
+ eap_type_t eap_type, u_int32_t keyingtries,
+ u_int32_t lifetime, u_int32_t rekeytime,
+ u_int32_t jitter, bool reauth,
+ u_int32_t dpd_delay, dpd_action_t dpd_action,
+ host_t *my_virtual_ip, host_t *other_virtual_ip)
+{
+ private_peer_cfg_t *this = malloc_thing(private_peer_cfg_t);
+
+ /* public functions */
+ this->public.get_name = (char* (*) (peer_cfg_t *))get_name;
+ this->public.get_ike_version = (u_int(*) (peer_cfg_t *))get_ike_version;
+ this->public.get_ike_cfg = (ike_cfg_t* (*) (peer_cfg_t *))get_ike_cfg;
+ this->public.add_child_cfg = (void (*) (peer_cfg_t *, child_cfg_t*))add_child_cfg;
+ this->public.create_child_cfg_iterator = (iterator_t* (*) (peer_cfg_t *))create_child_cfg_iterator;
+ this->public.select_child_cfg = (child_cfg_t* (*) (peer_cfg_t *,linked_list_t*,linked_list_t*,host_t*,host_t*))select_child_cfg;
+ this->public.get_my_id = (identification_t* (*)(peer_cfg_t*))get_my_id;
+ this->public.get_other_id = (identification_t* (*)(peer_cfg_t *))get_other_id;
+ this->public.get_my_ca = (identification_t* (*)(peer_cfg_t *))get_my_ca;
+ this->public.get_other_ca = (identification_t* (*)(peer_cfg_t *))get_other_ca;
+ this->public.get_cert_policy = (cert_policy_t (*) (peer_cfg_t *))get_cert_policy;
+ this->public.get_auth_method = (auth_method_t (*) (peer_cfg_t *))get_auth_method;
+ this->public.get_eap_type = (eap_type_t (*) (peer_cfg_t *))get_eap_type;
+ this->public.get_keyingtries = (u_int32_t (*) (peer_cfg_t *))get_keyingtries;
+ this->public.get_lifetime = (u_int32_t (*) (peer_cfg_t *, bool rekey))get_lifetime;
+ this->public.use_reauth = (bool (*) (peer_cfg_t *))use_reauth;
+ this->public.get_dpd_delay = (u_int32_t (*) (peer_cfg_t *))get_dpd_delay;
+ this->public.get_dpd_action = (dpd_action_t (*) (peer_cfg_t *))get_dpd_action;
+ this->public.get_my_virtual_ip = (host_t* (*) (peer_cfg_t *))get_my_virtual_ip;
+ this->public.get_other_virtual_ip = (host_t* (*) (peer_cfg_t *, host_t *))get_other_virtual_ip;
+ this->public.get_ref = (void(*)(peer_cfg_t *))get_ref;
+ this->public.destroy = (void(*)(peer_cfg_t *))destroy;
+
+ /* apply init values */
+ this->name = strdup(name);
+ this->ike_version = ike_version;
+ this->ike_cfg = ike_cfg;
+ this->child_cfgs = linked_list_create();
+ pthread_mutex_init(&this->mutex, NULL);
+ this->my_id = my_id;
+ this->other_id = other_id;
+ this->my_ca = my_ca;
+ this->other_ca = other_ca;
+ this->cert_policy = cert_policy;
+ this->auth_method = auth_method;
+ this->eap_type = eap_type;
+ this->keyingtries = keyingtries;
+ this->lifetime = lifetime;
+ this->rekeytime = rekeytime;
+ this->jitter = jitter;
+ this->use_reauth = reauth;
+ this->dpd_delay = dpd_delay;
+ this->dpd_action = dpd_action;
+ this->my_virtual_ip = my_virtual_ip;
+ this->other_virtual_ip = other_virtual_ip;
+ this->refcount = 1;
+
+ return &this->public;
+}
diff --git a/src/charon/config/peer_cfg.h b/src/charon/config/peer_cfg.h
new file mode 100644
index 000000000..63c87674c
--- /dev/null
+++ b/src/charon/config/peer_cfg.h
@@ -0,0 +1,368 @@
+/**
+ * @file peer_cfg.h
+ *
+ * @brief Interface of peer_cfg_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005-2007 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef PEER_CFG_H_
+#define PEER_CFG_H_
+
+typedef enum dpd_action_t dpd_action_t;
+typedef enum cert_policy_t cert_policy_t;
+typedef struct peer_cfg_t peer_cfg_t;
+
+#include <library.h>
+#include <utils/identification.h>
+#include <config/traffic_selector.h>
+#include <config/proposal.h>
+#include <config/ike_cfg.h>
+#include <config/child_cfg.h>
+#include <sa/authenticators/authenticator.h>
+#include <sa/authenticators/eap/eap_method.h>
+
+/**
+ * Certificate sending policy. This is also used for certificate
+ * requests when using this definition for the other peer. If
+ * it is CERT_NEVER_SEND, a certreq is omitted, otherwise its
+ * included.
+ *
+ * @ingroup config
+ *
+ * @warning These definitions must be the same as in pluto/starter,
+ * as they are sent over the stroke socket.
+ */
+enum cert_policy_t {
+ /** always send certificates, even when not requested */
+ CERT_ALWAYS_SEND = 0,
+ /** send certificate upon cert request */
+ CERT_SEND_IF_ASKED = 1,
+ /** never send a certificate, even when requested */
+ CERT_NEVER_SEND = 2,
+};
+
+/**
+ * enum strings for cert_policy_t
+ *
+ * @ingroup config
+ */
+extern enum_name_t *cert_policy_names;
+
+/**
+ * @brief Actions to take when a peer does not respond (dead peer detected).
+ *
+ * These values are the same as in pluto/starter, so do not modify them!
+ *
+ * @ingroup config
+ */
+enum dpd_action_t {
+ /** DPD disabled */
+ DPD_NONE,
+ /** remove CHILD_SAs without replacement */
+ DPD_CLEAR,
+ /** route the CHILD_SAs to resetup when needed */
+ DPD_ROUTE,
+ /** restart CHILD_SAs in a new IKE_SA, immediately */
+ DPD_RESTART,
+};
+
+/**
+ * enum names for dpd_action_t.
+ */
+extern enum_name_t *dpd_action_names;
+
+/**
+ * @brief Configuration of a peer, specified by IDs.
+ *
+ * The peer config defines a connection between two given IDs. It contains
+ * exactly one ike_cfg_t, which is use for initiation. Additionally, it contains
+ * multiple child_cfg_t defining which CHILD_SAs are allowed for this peer.
+ * @verbatim
+
+ +-------------------+ +---------------+
+ +---------------+ | peer_cfg | +---------------+ |
+ | ike_cfg | +-------------------+ | child_cfg | |
+ +---------------+ | - ids | +---------------+ |
+ | - hosts | 1 1 | - cas | 1 n | - proposals | |
+ | - proposals |<------| - auth info |-------->| - traffic sel | |
+ | - ... | | - dpd config | | - ... |-+
+ +---------------+ | - ... | +---------------+
+ +-------------------+
+ @endverbatim
+ *
+ * @b Constructors:
+ * - peer_cfg_create()
+ *
+ * @ingroup config
+ */
+struct peer_cfg_t {
+
+ /**
+ * @brief Get the name of the peer_cfg.
+ *
+ * Returned object is not getting cloned.
+ *
+ * @param this calling object
+ * @return peer_cfg's name
+ */
+ char* (*get_name) (peer_cfg_t *this);
+
+ /**
+ * @brief Get the IKE version to use for initiating.
+ *
+ * @param this calling object
+ * @return IKE major version
+ */
+ u_int (*get_ike_version)(peer_cfg_t *this);
+
+ /**
+ * @brief Get the IKE config to use for initiaton.
+ *
+ * @param this calling object
+ * @return the IKE config to use
+ */
+ ike_cfg_t* (*get_ike_cfg) (peer_cfg_t *this);
+
+ /**
+ * @brief Attach a CHILD config.
+ *
+ * @param this calling object
+ * @param child_cfg CHILD config to add
+ */
+ void (*add_child_cfg) (peer_cfg_t *this, child_cfg_t *child_cfg);
+
+ /**
+ * @brief Create an iterator for all attached CHILD configs.
+ *
+ * @param this calling object
+ * @return an iterator over all CHILD configs.
+ */
+ iterator_t* (*create_child_cfg_iterator) (peer_cfg_t *this);
+
+ /**
+ * @brief Select a CHILD config from traffic selectors.
+ *
+ * @param this calling object
+ * @param my_ts TS for local side
+ * @param other_ts TS for remote side
+ * @param my_host host to narrow down dynamic TS for local side
+ * @param other_host host to narrow down dynamic TS for remote side
+ * @return selected CHILD config, or NULL if no match found
+ */
+ child_cfg_t* (*select_child_cfg) (peer_cfg_t *this, linked_list_t *my_ts,
+ linked_list_t *other_ts, host_t *my_host,
+ host_t *other_host);
+
+ /**
+ * @brief Get own ID.
+ *
+ * @param this calling object
+ * @return own id
+ */
+ identification_t* (*get_my_id)(peer_cfg_t *this);
+
+ /**
+ * @brief Get peers ID.
+ *
+ * @param this calling object
+ * @return other id
+ */
+ identification_t* (*get_other_id)(peer_cfg_t *this);
+
+ /**
+ * @brief Get own CA.
+ *
+ * @param this calling object
+ * @return own ca
+ */
+ identification_t* (*get_my_ca)(peer_cfg_t *this);
+
+ /**
+ * @brief Get peers CA.
+ *
+ * @param this calling object
+ * @return other ca
+ */
+ identification_t* (*get_other_ca)(peer_cfg_t *this);
+
+ /**
+ * @brief Should be sent a certificate for this connection?
+ *
+ * @param this calling object
+ * @return certificate sending policy
+ */
+ cert_policy_t (*get_cert_policy) (peer_cfg_t *this);
+
+ /**
+ * @brief Get the authentication method to use to authenticate us.
+ *
+ * @param this calling object
+ * @return authentication method
+ */
+ auth_method_t (*get_auth_method) (peer_cfg_t *this);
+
+ /**
+ * @brief Get the EAP type to use for peer authentication.
+ *
+ * @param this calling object
+ * @return authentication method
+ */
+ eap_type_t (*get_eap_type) (peer_cfg_t *this);
+
+ /**
+ * @brief Get the max number of retries after timeout.
+ *
+ * @param this calling object
+ * @return max number retries
+ */
+ u_int32_t (*get_keyingtries) (peer_cfg_t *this);
+
+ /**
+ * @brief Get the lifetime of a IKE_SA.
+ *
+ * If "rekey" is set to TRUE, a lifetime is returned before the first
+ * rekeying should be started. If it is FALSE, the actual lifetime is
+ * returned when the IKE_SA must be deleted.
+ * The rekey time automatically contains a jitter to avoid simlutaneous
+ * rekeying.
+ *
+ * @param this child_config
+ * @param rekey TRUE to get rekey time
+ * @return lifetime in seconds
+ */
+ u_int32_t (*get_lifetime) (peer_cfg_t *this, bool rekey);
+
+ /**
+ * @brief Should a full reauthentication be done instead of rekeying?
+ *
+ * @param this calling object
+ * @return TRUE to use full reauthentication
+ */
+ bool (*use_reauth) (peer_cfg_t *this);
+
+ /**
+ * @brief Get the DPD check interval.
+ *
+ * @param this calling object
+ * @return dpd_delay in seconds
+ */
+ u_int32_t (*get_dpd_delay) (peer_cfg_t *this);
+
+ /**
+ * @brief What should be done with a CHILD_SA, when other peer does not respond.
+ *
+ * @param this calling object
+ * @return dpd action
+ */
+ dpd_action_t (*get_dpd_action) (peer_cfg_t *this);
+
+ /**
+ * @brief Get a virtual IP for the local peer.
+ *
+ * If no virtual IP should be used, NULL is returned. %any means to request
+ * a virtual IP using configuration payloads. A specific address is also
+ * used for a request and may be changed by the server.
+ *
+ * @param this peer_cfg
+ * @param suggestion NULL, %any or specific
+ * @return clone of an IP, %any or NULL
+ */
+ host_t* (*get_my_virtual_ip) (peer_cfg_t *this);
+
+ /**
+ * @brief Get a virtual IP for the remote peer.
+ *
+ * An IP may be supplied, if one was requested by the initiator. However,
+ * the suggestion is not more as it says, any address may be returned, even
+ * NULL to not use virtual IPs.
+ *
+ * @param this peer_cfg
+ * @param suggestion NULL, %any or specific
+ * @return clone of an IP to use
+ */
+ host_t* (*get_other_virtual_ip) (peer_cfg_t *this, host_t *suggestion);
+
+ /**
+ * @brief Get a new reference.
+ *
+ * Get a new reference to this peer_cfg by increasing
+ * it's internal reference counter.
+ * Do not call get_ref or any other function until you
+ * already have a reference. Otherwise the object may get
+ * destroyed while calling get_ref(),
+ *
+ * @param this calling object
+ */
+ void (*get_ref) (peer_cfg_t *this);
+
+ /**
+ * @brief Destroys the peer_cfg object.
+ *
+ * Decrements the internal reference counter and
+ * destroys the peer_cfg when it reaches zero.
+ *
+ * @param this calling object
+ */
+ void (*destroy) (peer_cfg_t *this);
+};
+
+/**
+ * @brief Create a configuration object for IKE_AUTH and later.
+ *
+ * name-string gets cloned, ID's not.
+ * Virtual IPs are used if they are != NULL. A %any host means the virtual
+ * IP should be obtained from the other peer.
+ * Lifetimes are in seconds. To prevent to peers to start rekeying at the
+ * same time, a jitter may be specified. Rekeying of an SA starts at
+ * (rekeylifetime - random(0, jitter)).
+ *
+ * @param name name of the peer_cfg
+ * @param ike_version which IKE version we sould use for this peer
+ * @param ike_cfg IKE config to use when acting as initiator
+ * @param my_id identification_t for ourselves
+ * @param other_id identification_t for the remote guy
+ * @param my_ca CA to use for us
+ * @param other_ca CA to use for other
+ * @param cert_policy should we send a certificate payload?
+ * @param auth_method auth method to use to authenticate us
+ * @param eap_type EAP type to use for peer authentication
+ * @param keyingtries how many keying tries should be done before giving up
+ * @param lifetime lifetime before deleting an SA
+ * @param rekeytime lifetime before rekeying an SA
+ * @param jitter range of random to substract from rekeytime
+ * @param use_reauth sould be done reauthentication instead of rekeying?
+ * @param dpd_delay after how many seconds of inactivity to check DPD
+ * @param dpd_action what to do with CHILD_SAs when detected a dead peer
+ * @param my_virtual_ip virtual IP for local host, or NULL
+ * @param other_virtual_ip virtual IP for remote host, or NULL
+ * @return peer_cfg_t object
+ *
+ * @ingroup config
+ */
+peer_cfg_t *peer_cfg_create(char *name, u_int ikev_version, ike_cfg_t *ike_cfg,
+ identification_t *my_id, identification_t *other_id,
+ identification_t *my_ca, identification_t *other_ca,
+ cert_policy_t cert_policy, auth_method_t auth_method,
+ eap_type_t eap_type, u_int32_t keyingtries,
+ u_int32_t lifetime, u_int32_t rekeytime,
+ u_int32_t jitter, bool use_reauth,
+ u_int32_t dpd_delay, dpd_action_t dpd_action,
+ host_t *my_virtual_ip, host_t *other_virtual_ip);
+
+#endif /* PEER_CFG_H_ */
diff --git a/src/charon/config/policies/local_policy_store.c b/src/charon/config/policies/local_policy_store.c
deleted file mode 100644
index dd22b43a0..000000000
--- a/src/charon/config/policies/local_policy_store.c
+++ /dev/null
@@ -1,282 +0,0 @@
-/**
- * @file local_policy_store.c
- *
- * @brief Implementation of local_policy_store_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include "local_policy_store.h"
-
-#include <daemon.h>
-#include <utils/linked_list.h>
-
-
-typedef struct private_local_policy_store_t private_local_policy_store_t;
-
-/**
- * Private data of an local_policy_store_t object
- */
-struct private_local_policy_store_t {
-
- /**
- * Public part
- */
- local_policy_store_t public;
-
- /**
- * list of policy_t's
- */
- linked_list_t *policies;
-
- /**
- * Mutex to exclusivly access list
- */
- pthread_mutex_t mutex;
-};
-
-/**
- * Implementation of policy_store_t.add_policy.
- */
-static void add_policy(private_local_policy_store_t *this, policy_t *policy)
-{
- pthread_mutex_lock(&(this->mutex));
- this->policies->insert_last(this->policies, (void*)policy);
- pthread_mutex_unlock(&(this->mutex));
-}
-
-/**
- * Check if a policy contains traffic selectors
- */
-static bool contains_traffic_selectors(policy_t *policy, bool mine,
- linked_list_t *ts, host_t *host)
-{
- linked_list_t *selected;
- bool contains = FALSE;
-
- if (mine)
- {
- selected = policy->select_my_traffic_selectors(policy, ts, host);
- }
- else
- {
- selected = policy->select_other_traffic_selectors(policy, ts, host);
- }
- if (selected->get_count(selected))
- {
- contains = TRUE;
- }
- selected->destroy_offset(selected, offsetof(traffic_selector_t, destroy));
- return contains;
-}
-
-/**
- * Implementation of policy_store_t.get_policy.
- */
-static policy_t *get_policy(private_local_policy_store_t *this,
- identification_t *my_id, identification_t *other_id,
- linked_list_t *my_ts, linked_list_t *other_ts,
- host_t *my_host, host_t *other_host)
-{
- typedef enum {
- PRIO_UNDEFINED = 0x00,
- PRIO_TS_MISMATCH = 0x01,
- PRIO_ID_ANY = 0x02,
- PRIO_ID_MATCH = PRIO_ID_ANY + MAX_WILDCARDS,
- } prio_t;
-
- prio_t best_prio = PRIO_UNDEFINED;
-
- iterator_t *iterator;
- policy_t *candidate;
- policy_t *found = NULL;
- traffic_selector_t *ts;
-
- DBG1(DBG_CFG, "searching policy for '%D'...'%D'", my_id, other_id);
- iterator = my_ts->create_iterator(my_ts, TRUE);
- while (iterator->iterate(iterator, (void**)&ts))
- {
- DBG1(DBG_CFG, " local TS: %R", ts);
- }
- iterator->destroy(iterator);
- iterator = other_ts->create_iterator(other_ts, TRUE);
- while (iterator->iterate(iterator, (void**)&ts))
- {
- DBG1(DBG_CFG, " remote TS: %R", ts);
- }
- iterator->destroy(iterator);
-
- pthread_mutex_lock(&(this->mutex));
- iterator = this->policies->create_iterator(this->policies, TRUE);
-
- /* determine closest matching policy */
- while (iterator->iterate(iterator, (void**)&candidate))
- {
- identification_t *candidate_my_id;
- identification_t *candidate_other_id;
- int wildcards;
-
- candidate_my_id = candidate->get_my_id(candidate);
- candidate_other_id = candidate->get_other_id(candidate);
-
- /* my_id is either %any or if set must match exactly */
- if (candidate_my_id->matches(candidate_my_id, my_id, &wildcards))
- {
- prio_t prio = PRIO_UNDEFINED;
-
- /* wildcard match for other_id */
- if (!other_id->matches(other_id, candidate_other_id, &wildcards))
- {
- continue;
- }
- prio = PRIO_ID_MATCH - wildcards;
-
- /* only accept if traffic selectors match */
- if (!contains_traffic_selectors(candidate, TRUE, my_ts, my_host) ||
- !contains_traffic_selectors(candidate, FALSE, other_ts, other_host))
- {
- DBG2(DBG_CFG, "candidate '%s' inacceptable due traffic "
- "selector mismatch", candidate->get_name(candidate));
- prio = PRIO_TS_MISMATCH;
- }
-
- DBG2(DBG_CFG, "candidate policy '%s': '%D'...'%D' (prio=%d)",
- candidate->get_name(candidate),
- candidate_my_id, candidate_other_id, prio);
-
- if (prio > best_prio)
- {
- found = candidate;
- best_prio = prio;
- }
- }
- }
- iterator->destroy(iterator);
-
- if (found)
- {
- DBG1(DBG_CFG, "found matching policy '%s': '%D'...'%D' (prio=%d)",
- found->get_name(found), found->get_my_id(found),
- found->get_other_id(found), best_prio);
- /* give out a new reference to it */
- found->get_ref(found);
- }
- pthread_mutex_unlock(&(this->mutex));
- return found;
-}
-
-/**
- * Implementation of policy_store_t.get_policy_by_name.
- */
-static policy_t *get_policy_by_name(private_local_policy_store_t *this, char *name)
-{
- iterator_t *iterator;
- policy_t *current, *found = NULL;
-
- DBG2(DBG_CFG, "looking for policy '%s'", name);
-
- pthread_mutex_lock(&(this->mutex));
- iterator = this->policies->create_iterator(this->policies, TRUE);
- while (iterator->iterate(iterator, (void **)&current))
- {
- if (strcmp(current->get_name(current), name) == 0)
- {
- found = current;
- }
- }
- iterator->destroy(iterator);
- pthread_mutex_unlock(&(this->mutex));
-
- /* give out a new reference */
- found->get_ref(found);
- return found;
-}
-
-/**
- * Implementation of policy_store_t.delete_policy.
- */
-static status_t delete_policy(private_local_policy_store_t *this, char *name)
-{
- iterator_t *iterator;
- policy_t *current;
- bool found = FALSE;
-
- pthread_mutex_lock(&(this->mutex));
- iterator = this->policies->create_iterator(this->policies, TRUE);
- while (iterator->iterate(iterator, (void **)&current))
- {
- if (strcmp(current->get_name(current), name) == 0)
- {
- /* remove policy from list, and destroy it */
- iterator->remove(iterator);
- current->destroy(current);
- found = TRUE;
- /* we do not break here, as there may be multipe policies */
- }
- }
- iterator->destroy(iterator);
- pthread_mutex_unlock(&(this->mutex));
- if (found)
- {
- return SUCCESS;
- }
- return NOT_FOUND;
-}
-
-/**
- * Implementation of policy_store_t.create_iterator.
- */
-static iterator_t* create_iterator(private_local_policy_store_t *this)
-{
- return this->policies->create_iterator_locked(this->policies,
- &this->mutex);
-}
-
-/**
- * Implementation of policy_store_t.destroy.
- */
-static void destroy(private_local_policy_store_t *this)
-{
- pthread_mutex_lock(&(this->mutex));
- this->policies->destroy_offset(this->policies, offsetof(policy_t, destroy));
- pthread_mutex_unlock(&(this->mutex));
- free(this);
-}
-
-/**
- * Described in header.
- */
-local_policy_store_t *local_policy_store_create(void)
-{
- private_local_policy_store_t *this = malloc_thing(private_local_policy_store_t);
-
- this->public.policy_store.add_policy = (void (*) (policy_store_t*,policy_t*))add_policy;
- this->public.policy_store.get_policy = (policy_t* (*) (policy_store_t*,identification_t*,identification_t*,
- linked_list_t*,linked_list_t*,host_t*,host_t*))get_policy;
- this->public.policy_store.get_policy_by_name = (policy_t* (*) (policy_store_t*,char*))get_policy_by_name;
- this->public.policy_store.delete_policy = (status_t (*) (policy_store_t*,char*))delete_policy;
- this->public.policy_store.create_iterator = (iterator_t* (*) (policy_store_t*))create_iterator;
- this->public.policy_store.destroy = (void (*) (policy_store_t*))destroy;
-
- /* private variables */
- this->policies = linked_list_create();
- pthread_mutex_init(&(this->mutex), NULL);
-
- return (&this->public);
-}
diff --git a/src/charon/config/policies/local_policy_store.h b/src/charon/config/policies/local_policy_store.h
deleted file mode 100644
index 01d5d2d60..000000000
--- a/src/charon/config/policies/local_policy_store.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * @file local_policy_store.h
- *
- * @brief Interface of local_policy_store_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef LOCAL_POLICY_STORE_H_
-#define LOCAL_POLICY_STORE_H_
-
-typedef struct local_policy_store_t local_policy_store_t;
-
-#include <library.h>
-#include <config/policies/policy_store.h>
-
-
-/**
- * @brief A policy_store_t implementation using a simple policy lists.
- *
- * The local_policy_store_t class implements the policy_store_t interface
- * as simple as possible. The policies are stored in a in-memory list.
- *
- * @b Constructors:
- * - local_policy_store_create()
- *
- * @ingroup config
- */
-struct local_policy_store_t {
-
- /**
- * Implements policy_store_t interface
- */
- policy_store_t policy_store;
-};
-
-/**
- * @brief Creates a local_policy_store_t instance.
- *
- * @return policy store instance.
- *
- * @ingroup config
- */
-local_policy_store_t *local_policy_store_create(void);
-
-#endif /* LOCAL_POLICY_STORE_H_ */
diff --git a/src/charon/config/policies/policy.c b/src/charon/config/policies/policy.c
deleted file mode 100644
index 363d1609f..000000000
--- a/src/charon/config/policies/policy.c
+++ /dev/null
@@ -1,635 +0,0 @@
-/**
- * @file policy.c
- *
- * @brief Implementation of policy_t.
- *
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <time.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "policy.h"
-
-#include <daemon.h>
-#include <utils/linked_list.h>
-#include <utils/identification.h>
-
-ENUM(dpd_action_names, DPD_NONE, DPD_RESTART,
- "DPD_NONE",
- "DPD_CLEAR",
- "DPD_ROUTE",
- "DPD_RESTART"
-);
-
-ENUM(mode_names, MODE_TRANSPORT, MODE_BEET,
- "TRANSPORT",
- "TUNNEL",
- "2",
- "3",
- "BEET"
-);
-
-typedef struct private_policy_t private_policy_t;
-
-/**
- * Private data of an policy_t object
- */
-struct private_policy_t {
-
- /**
- * Public part
- */
- policy_t public;
-
- /**
- * Number of references hold by others to this policy
- */
- refcount_t refcount;
-
- /**
- * Name of the policy, used to query it
- */
- char *name;
-
- /**
- * id to use to identify us
- */
- identification_t *my_id;
-
- /**
- * allowed id for other
- */
- identification_t *other_id;
-
- /**
- * virtual IP to use locally
- */
- host_t *my_virtual_ip;
-
- /**
- * virtual IP to use remotly
- */
- host_t *other_virtual_ip;
-
- /**
- * Method to use for own authentication data
- */
- auth_method_t auth_method;
-
- /**
- * EAP type to use for peer authentication
- */
- eap_type_t eap_type;
-
- /**
- * we have a cert issued by this CA
- */
- identification_t *my_ca;
-
- /**
- * we require the other end to have a cert issued by this CA
- */
- identification_t *other_ca;
-
- /**
- * updown script
- */
- char *updown;
-
- /**
- * allow host access
- */
- bool hostaccess;
-
- /**
- * list for all proposals
- */
- linked_list_t *proposals;
-
- /**
- * list for traffic selectors for my site
- */
- linked_list_t *my_ts;
-
- /**
- * list for traffic selectors for others site
- */
- linked_list_t *other_ts;
-
- /**
- * Time before an SA gets invalid
- */
- u_int32_t soft_lifetime;
-
- /**
- * Time before an SA gets rekeyed
- */
- u_int32_t hard_lifetime;
-
- /**
- * Time, which specifies the range of a random value
- * substracted from soft_lifetime.
- */
- u_int32_t jitter;
-
- /**
- * What to do with an SA when other peer seams to be dead?
- */
- bool dpd_action;
-
- /**
- * Mode to propose for a initiated CHILD: tunnel/transport
- */
- mode_t mode;
-};
-
-/**
- * Implementation of policy_t.get_name
- */
-static char *get_name(private_policy_t *this)
-{
- return this->name;
-}
-
-/**
- * Implementation of policy_t.get_my_id
- */
-static identification_t *get_my_id(private_policy_t *this)
-{
- return this->my_id;
-}
-
-/**
- * Implementation of policy_t.get_other_id
- */
-static identification_t *get_other_id(private_policy_t *this)
-{
- return this->other_id;
-}
-
-/**
- * Implementation of policy_t.get_my_ca
- */
-static identification_t *get_my_ca(private_policy_t *this)
-{
- return this->my_ca;
-}
-
-/**
- * Implementation of policy_t.get_other_ca
- */
-static identification_t *get_other_ca(private_policy_t *this)
-{
- return this->other_ca;
-}
-
-/**
- * Implementation of connection_t.auth_method_t.
- */
-static auth_method_t get_auth_method(private_policy_t *this)
-{
- return this->auth_method;
-}
-
-/**
- * Implementation of connection_t.get_eap_type.
- */
-static eap_type_t get_eap_type(private_policy_t *this)
-{
- return this->eap_type;
-}
-
-/**
- * Get traffic selectors, with wildcard-address update
- */
-static linked_list_t *get_traffic_selectors(private_policy_t *this,
- linked_list_t *list, host_t *host)
-{
- iterator_t *iterator;
- traffic_selector_t *current;
- linked_list_t *result = linked_list_create();
-
- iterator = list->create_iterator(list, TRUE);
-
- while (iterator->iterate(iterator, (void**)&current))
- {
- /* we make a copy of the TS, this allows us to update wildcard
- * addresses in it. We won't pollute the shared policy. */
- current = current->clone(current);
- if (host)
- {
- current->set_address(current, host);
- }
-
- result->insert_last(result, (void*)current);
- }
- iterator->destroy(iterator);
- return result;
-}
-
-/**
- * Implementation of policy_t.get_my_traffic_selectors
- */
-static linked_list_t *get_my_traffic_selectors(private_policy_t *this, host_t *me)
-{
- return get_traffic_selectors(this, this->my_ts, me);
-}
-
-/**
- * Implementation of policy_t.get_other_traffic_selectors
- */
-static linked_list_t *get_other_traffic_selectors(private_policy_t *this, host_t *other)
-{
- return get_traffic_selectors(this, this->other_ts, other);
-}
-
-/**
- * Narrow traffic selectors, with wildcard-address update in "stored".
- */
-static linked_list_t *select_traffic_selectors(private_policy_t *this,
- linked_list_t *stored,
- linked_list_t *supplied,
- host_t *host)
-{
- iterator_t *supplied_iter, *stored_iter, *i1, *i2;
- traffic_selector_t *supplied_ts, *stored_ts, *selected_ts, *ts1, *ts2;
- linked_list_t *selected = linked_list_create();
-
- DBG2(DBG_CFG, "selecting traffic selectors");
-
- stored_iter = stored->create_iterator(stored, TRUE);
- supplied_iter = supplied->create_iterator(supplied, TRUE);
-
- /* iterate over all stored selectors */
- while (stored_iter->iterate(stored_iter, (void**)&stored_ts))
- {
- /* we make a copy of the TS, this allows us to update wildcard
- * addresses in it. We won't pollute the shared policy. */
- stored_ts = stored_ts->clone(stored_ts);
- if (host)
- {
- stored_ts->set_address(stored_ts, host);
- }
-
- supplied_iter->reset(supplied_iter);
- /* iterate over all supplied traffic selectors */
- while (supplied_iter->iterate(supplied_iter, (void**)&supplied_ts))
- {
- DBG2(DBG_CFG, "stored %R <=> %R received",
- stored_ts, supplied_ts);
-
- selected_ts = stored_ts->get_subset(stored_ts, supplied_ts);
- if (selected_ts)
- {
- /* got a match, add to list */
- selected->insert_last(selected, (void*)selected_ts);
-
- DBG2(DBG_CFG, "found traffic selector for %s: %R",
- stored == this->my_ts ? "us" : "other", selected_ts);
- }
- }
- stored_ts->destroy(stored_ts);
- }
- stored_iter->destroy(stored_iter);
- supplied_iter->destroy(supplied_iter);
-
- /* remove any redundant traffic selectors in the list */
- i1 = selected->create_iterator(selected, TRUE);
- i2 = selected->create_iterator(selected, TRUE);
- while (i1->iterate(i1, (void**)&ts1))
- {
- while (i2->iterate(i2, (void**)&ts2))
- {
- if (ts1 != ts2)
- {
- if (ts2->is_contained_in(ts2, ts1))
- {
- i2->remove(i2);
- ts2->destroy(ts2);
- i1->reset(i1);
- break;
- }
- if (ts1->is_contained_in(ts1, ts2))
- {
- i1->remove(i1);
- ts1->destroy(ts1);
- i2->reset(i2);
- break;
- }
- }
- }
- }
- i1->destroy(i1);
- i2->destroy(i2);
-
- return selected;
-}
-
-/**
- * Implementation of private_policy_t.select_my_traffic_selectors
- */
-static linked_list_t *select_my_traffic_selectors(private_policy_t *this,
- linked_list_t *supplied,
- host_t *me)
-{
- return select_traffic_selectors(this, this->my_ts, supplied, me);
-}
-
-/**
- * Implementation of private_policy_t.select_other_traffic_selectors
- */
-static linked_list_t *select_other_traffic_selectors(private_policy_t *this,
- linked_list_t *supplied,
- host_t* other)
-{
- return select_traffic_selectors(this, this->other_ts, supplied, other);
-}
-
-/**
- * Implementation of policy_t.get_proposal_iterator
- */
-static linked_list_t *get_proposals(private_policy_t *this)
-{
- iterator_t *iterator;
- proposal_t *current;
- linked_list_t *proposals = linked_list_create();
-
- iterator = this->proposals->create_iterator(this->proposals, TRUE);
- while (iterator->iterate(iterator, (void**)&current))
- {
- current = current->clone(current);
- proposals->insert_last(proposals, (void*)current);
- }
- iterator->destroy(iterator);
-
- return proposals;
-}
-
-/**
- * Implementation of policy_t.select_proposal
- */
-static proposal_t *select_proposal(private_policy_t *this, linked_list_t *proposals)
-{
- iterator_t *stored_iter, *supplied_iter;
- proposal_t *stored, *supplied, *selected;
-
- stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
- supplied_iter = proposals->create_iterator(proposals, TRUE);
-
- /* compare all stored proposals with all supplied. Stored ones are preferred. */
- while (stored_iter->iterate(stored_iter, (void**)&stored))
- {
- supplied_iter->reset(supplied_iter);
- while (supplied_iter->iterate(supplied_iter, (void**)&supplied))
- {
- selected = stored->select(stored, supplied);
- if (selected)
- {
- /* they match, return */
- stored_iter->destroy(stored_iter);
- supplied_iter->destroy(supplied_iter);
- return selected;
- }
- }
- }
-
- /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
- stored_iter->destroy(stored_iter);
- supplied_iter->destroy(supplied_iter);
-
- return NULL;
-}
-
-/**
- * Implementation of policy_t.add_authorities
- */
-static void add_authorities(private_policy_t *this, identification_t *my_ca, identification_t *other_ca)
-{
- this->my_ca = my_ca;
- this->other_ca = other_ca;
-}
-
-/**
- * Implementation of policy_t.get_updown
- */
-static char* get_updown(private_policy_t *this)
-{
- return this->updown;
-}
-
-/**
- * Implementation of policy_t.get_hostaccess
- */
-static bool get_hostaccess(private_policy_t *this)
-{
- return this->hostaccess;
-}
-
-/**
- * Implements policy_t.get_dpd_action
- */
-static dpd_action_t get_dpd_action(private_policy_t *this)
-{
- return this->dpd_action;
-}
-
-/**
- * Implementation of policy_t.add_my_traffic_selector
- */
-static void add_my_traffic_selector(private_policy_t *this, traffic_selector_t *traffic_selector)
-{
- this->my_ts->insert_last(this->my_ts, (void*)traffic_selector);
-}
-
-/**
- * Implementation of policy_t.add_other_traffic_selector
- */
-static void add_other_traffic_selector(private_policy_t *this, traffic_selector_t *traffic_selector)
-{
- this->other_ts->insert_last(this->other_ts, (void*)traffic_selector);
-}
-
-/**
- * Implementation of policy_t.add_proposal
- */
-static void add_proposal(private_policy_t *this, proposal_t *proposal)
-{
- this->proposals->insert_last(this->proposals, (void*)proposal);
-}
-
-/**
- * Implementation of policy_t.get_soft_lifetime
- */
-static u_int32_t get_soft_lifetime(private_policy_t *this)
-{
- if (this->jitter == 0)
- {
- return this->soft_lifetime ;
- }
- return this->soft_lifetime - (random() % this->jitter);
-}
-
-/**
- * Implementation of policy_t.get_hard_lifetime
- */
-static u_int32_t get_hard_lifetime(private_policy_t *this)
-{
- return this->hard_lifetime;
-}
-
-/**
- * Implementation of policy_t.get_mode.
- */
-static mode_t get_mode(private_policy_t *this)
-{
- return this->mode;
-}
-
-/**
- * Implementation of policy_t.get_virtual_ip.
- */
-static host_t* get_virtual_ip(private_policy_t *this, host_t *suggestion)
-{
- if (suggestion == NULL)
- {
- if (this->my_virtual_ip)
- {
- return this->my_virtual_ip->clone(this->my_virtual_ip);
- }
- return NULL;
- }
- if (this->other_virtual_ip)
- {
- return this->other_virtual_ip->clone(this->other_virtual_ip);
- }
- if (suggestion->is_anyaddr(suggestion))
- {
- return NULL;
- }
- return suggestion->clone(suggestion);
-}
-
-/**
- * Implements policy_t.get_ref.
- */
-static void get_ref(private_policy_t *this)
-{
- ref_get(&this->refcount);
-}
-
-/**
- * Implements policy_t.destroy.
- */
-static void destroy(private_policy_t *this)
-{
- if (ref_put(&this->refcount))
- {
-
- this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
- this->my_ts->destroy_offset(this->my_ts, offsetof(traffic_selector_t, destroy));
- this->other_ts->destroy_offset(this->other_ts, offsetof(traffic_selector_t, destroy));
-
- /* delete certification authorities */
- DESTROY_IF(this->my_ca);
- DESTROY_IF(this->other_ca);
-
- /* delete updown script */
- if (this->updown)
- {
- free(this->updown);
- }
-
- /* delete ids */
- this->my_id->destroy(this->my_id);
- this->other_id->destroy(this->other_id);
- DESTROY_IF(this->my_virtual_ip);
- DESTROY_IF(this->other_virtual_ip);
-
- free(this->name);
- free(this);
- }
-}
-
-/*
- * Described in header-file
- */
-policy_t *policy_create(char *name, identification_t *my_id, identification_t *other_id,
- host_t *my_virtual_ip, host_t *other_virtual_ip,
- auth_method_t auth_method, eap_type_t eap_type,
- u_int32_t hard_lifetime, u_int32_t soft_lifetime,
- u_int32_t jitter, char *updown, bool hostaccess,
- mode_t mode, dpd_action_t dpd_action)
-{
- private_policy_t *this = malloc_thing(private_policy_t);
-
- /* public functions */
- this->public.get_name = (char* (*) (policy_t*))get_name;
- this->public.get_my_id = (identification_t* (*) (policy_t*))get_my_id;
- this->public.get_other_id = (identification_t* (*) (policy_t*))get_other_id;
- this->public.get_my_ca = (identification_t* (*) (policy_t*))get_my_ca;
- this->public.get_other_ca = (identification_t* (*) (policy_t*))get_other_ca;
- this->public.get_auth_method = (auth_method_t (*) (policy_t*)) get_auth_method;
- this->public.get_eap_type = (eap_type_t (*) (policy_t*)) get_eap_type;
- this->public.get_my_traffic_selectors = (linked_list_t* (*) (policy_t*,host_t*))get_my_traffic_selectors;
- this->public.get_other_traffic_selectors = (linked_list_t* (*) (policy_t*,host_t*))get_other_traffic_selectors;
- this->public.select_my_traffic_selectors = (linked_list_t* (*) (policy_t*,linked_list_t*,host_t*))select_my_traffic_selectors;
- this->public.select_other_traffic_selectors = (linked_list_t* (*) (policy_t*,linked_list_t*,host_t*))select_other_traffic_selectors;
- this->public.get_proposals = (linked_list_t* (*) (policy_t*))get_proposals;
- this->public.select_proposal = (proposal_t* (*) (policy_t*,linked_list_t*))select_proposal;
- this->public.add_my_traffic_selector = (void (*) (policy_t*,traffic_selector_t*))add_my_traffic_selector;
- this->public.add_other_traffic_selector = (void (*) (policy_t*,traffic_selector_t*))add_other_traffic_selector;
- this->public.add_proposal = (void (*) (policy_t*,proposal_t*))add_proposal;
- this->public.add_authorities = (void (*) (policy_t*,identification_t*,identification_t*))add_authorities;
- this->public.get_updown = (char* (*) (policy_t*))get_updown;
- this->public.get_hostaccess = (bool (*) (policy_t*))get_hostaccess;
- this->public.get_dpd_action = (dpd_action_t (*) (policy_t*))get_dpd_action;
- this->public.get_soft_lifetime = (u_int32_t (*) (policy_t *))get_soft_lifetime;
- this->public.get_hard_lifetime = (u_int32_t (*) (policy_t *))get_hard_lifetime;
- this->public.get_mode = (mode_t (*) (policy_t *))get_mode;
- this->public.get_virtual_ip = (host_t* (*)(policy_t*,host_t*))get_virtual_ip;
- this->public.get_ref = (void (*) (policy_t*))get_ref;
- this->public.destroy = (void (*) (policy_t*))destroy;
-
- /* apply init values */
- this->name = strdup(name);
- this->my_id = my_id;
- this->other_id = other_id;
- this->my_virtual_ip = my_virtual_ip;
- this->other_virtual_ip = other_virtual_ip;
- this->auth_method = auth_method;
- this->eap_type = eap_type;
- this->hard_lifetime = hard_lifetime;
- this->soft_lifetime = soft_lifetime;
- this->jitter = jitter;
- this->updown = (updown == NULL) ? NULL : strdup(updown);
- this->hostaccess = hostaccess;
- this->dpd_action = dpd_action;
- this->mode = mode;
-
- /* initialize private members*/
- this->refcount = 1;
- this->my_ca = NULL;
- this->other_ca = NULL;
- this->proposals = linked_list_create();
- this->my_ts = linked_list_create();
- this->other_ts = linked_list_create();
-
- return &this->public;
-}
diff --git a/src/charon/config/policies/policy.h b/src/charon/config/policies/policy.h
deleted file mode 100644
index d8916b29e..000000000
--- a/src/charon/config/policies/policy.h
+++ /dev/null
@@ -1,413 +0,0 @@
-/**
- * @file policy.h
- *
- * @brief Interface of policy_t.
- *
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef POLICY_H_
-#define POLICY_H_
-
-typedef enum dpd_action_t dpd_action_t;
-typedef struct policy_t policy_t;
-
-#include <library.h>
-#include <utils/identification.h>
-#include <config/traffic_selector.h>
-#include <config/proposal.h>
-#include <sa/authenticators/authenticator.h>
-#include <sa/authenticators/eap/eap_method.h>
-
-
-/**
- * @brief Actions to take when a peer does not respond (dead peer detected).
- *
- * These values are the same as in pluto/starter, so do not modify them!
- *
- * @ingroup config
- */
-enum dpd_action_t {
- /** DPD disabled */
- DPD_NONE,
- /** remove CHILD_SA without replacement */
- DPD_CLEAR,
- /** route the CHILD_SA to resetup when needed */
- DPD_ROUTE,
- /** restart CHILD_SA in a new IKE_SA, immediately */
- DPD_RESTART,
-};
-
-/**
- * enum names for dpd_action_t.
- */
-extern enum_name_t *dpd_action_names;
-
-/**
- * @brief Mode of an IPsec SA.
- *
- * These are equal to those defined in XFRM, so don't change.
- *
- * @ingroup config
- */
-enum mode_t {
- /** transport mode, no inner address */
- MODE_TRANSPORT = 0,
- /** tunnel mode, inner and outer addresses */
- MODE_TUNNEL = 1,
- /** BEET mode, tunnel mode but fixed, bound inner addresses */
- MODE_BEET = 4,
-};
-
-/**
- * enum names for mode_t.
- */
-extern enum_name_t *mode_names;
-
-/**
- * @brief A policy_t defines the policies to apply to CHILD_SAs.
- *
- * The given two IDs identify a policy. These rules define how
- * child SAs may be set up and which traffic may be IPsec'ed.
- *
- * @b Constructors:
- * - policy_create()
- *
- * @ingroup config
- */
-struct policy_t {
-
- /**
- * @brief Get the name of the policy.
- *
- * Returned object is not getting cloned.
- *
- * @param this calling object
- * @return policy's name
- */
- char *(*get_name) (policy_t *this);
-
- /**
- * @brief Get own id.
- *
- * Returned object is not getting cloned.
- *
- * @param this calling object
- * @return own id
- */
- identification_t *(*get_my_id) (policy_t *this);
-
- /**
- * @brief Get peer id.
- *
- * Returned object is not getting cloned.
- *
- * @param this calling object
- * @return other id
- */
- identification_t *(*get_other_id) (policy_t *this);
-
- /**
- * @brief Get own ca.
- *
- * Returned object is not getting cloned.
- *
- * @param this calling object
- * @return own ca
- */
- identification_t *(*get_my_ca) (policy_t *this);
-
- /**
- * @brief Get peer ca.
- *
- * Returned object is not getting cloned.
- *
- * @param this calling object
- * @return other ca
- */
- identification_t *(*get_other_ca) (policy_t *this);
-
- /**
- * @brief Get the authentication method to use.
- *
- * @param this calling object
- * @return authentication method
- */
- auth_method_t (*get_auth_method) (policy_t *this);
-
- /**
- * @brief Get the EAP type to use for peer authentication.
- *
- * @param this calling object
- * @return authentication method
- */
- eap_type_t (*get_eap_type) (policy_t *this);
-
- /**
- * @brief Get configured traffic selectors for our site.
- *
- * Returns a list with all traffic selectors for the local
- * site. List and items must be destroyed after usage.
- *
- * @param this calling object
- * @return list with traffic selectors
- */
- linked_list_t *(*get_my_traffic_selectors) (policy_t *this, host_t *me);
-
- /**
- * @brief Get configured traffic selectors for others site.
- *
- * Returns a list with all traffic selectors for the remote
- * site. List and items must be destroyed after usage.
- *
- * @param this calling object
- * @return list with traffic selectors
- */
- linked_list_t *(*get_other_traffic_selectors) (policy_t *this, host_t* other);
-
- /**
- * @brief Select traffic selectors from a supplied list for local site.
- *
- * Resulted list and traffic selectors must be destroyed after usage.
- * As the traffic selectors may contain a wildcard address (0.0.0.0) for
- * addresses we don't know in previous, an address may be supplied to
- * replace these 0.0.0.0 addresses on-the-fly.
- *
- * @param this calling object
- * @param supplied linked list with traffic selectors
- * @param me host address used by us
- * @return list containing the selected traffic selectors
- */
- linked_list_t *(*select_my_traffic_selectors) (policy_t *this,
- linked_list_t *supplied,
- host_t *me);
-
- /**
- * @brief Select traffic selectors from a supplied list for remote site.
- *
- * Resulted list and traffic selectors must be destroyed after usage.
- * As the traffic selectors may contain a wildcard address (0.0.0.0) for
- * addresses we don't know in previous, an address may be supplied to
- * replace these 0.0.0.0 addresses on-the-fly.
- *
- * @param this calling object
- * @param supplied linked list with traffic selectors
- * @return list containing the selected traffic selectors
- */
- linked_list_t *(*select_other_traffic_selectors) (policy_t *this,
- linked_list_t *supplied,
- host_t *other);
-
- /**
- * @brief Get the list of internally stored proposals.
- *
- * policy_t does store proposals for AH/ESP, IKE proposals are in
- * the connection_t.
- * Resulting list and all of its proposals must be freed after usage.
- *
- * @param this calling object
- * @return lists with proposals
- */
- linked_list_t *(*get_proposals) (policy_t *this);
-
- /**
- * @brief Select a proposal from a supplied list.
- *
- * Returned propsal is newly created and must be destroyed after usage.
- *
- * @param this calling object
- * @param proposals list from from wich proposals are selected
- * @return selected proposal, or NULL if nothing matches
- */
- proposal_t *(*select_proposal) (policy_t *this, linked_list_t *proposals);
-
- /**
- * @brief Add a traffic selector to the list for local site.
- *
- * After add, traffic selector is owned by policy.
- *
- * @param this calling object
- * @param traffic_selector traffic_selector to add
- */
- void (*add_my_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
-
- /**
- * @brief Add a traffic selector to the list for remote site.
- *
- * After add, traffic selector is owned by policy.
- *
- * @param this calling object
- * @param traffic_selector traffic_selector to add
- */
- void (*add_other_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
-
- /**
- * @brief Add a proposal to the list.
- *
- * The proposals are stored by priority, first added
- * is the most prefered.
- * After add, proposal is owned by policy.
- *
- * @param this calling object
- * @param proposal proposal to add
- */
- void (*add_proposal) (policy_t *this, proposal_t *proposal);
-
- /**
- * @brief Add certification authorities.
- *
- * @param this calling object
- * @param my_ca issuer of my certificate
- * @param other_ca required issuer of the peer's certificate
- */
- void (*add_authorities) (policy_t *this, identification_t *my_ca, identification_t *other_ca);
-
- /**
- * @brief Get updown script
- *
- * @param this calling object
- * @return path to updown script
- */
- char* (*get_updown) (policy_t *this);
-
- /**
- * @brief Get hostaccess flag
- *
- * @param this calling object
- * @return value of hostaccess flag
- */
- bool (*get_hostaccess) (policy_t *this);
-
- /**
- * @brief What should be done with a CHILD_SA, when other peer does not respond.
- *
- * @param this calling object
- * @return dpd action
- */
- dpd_action_t (*get_dpd_action) (policy_t *this);
-
- /**
- * @brief Get the lifetime of a policy, before rekeying starts.
- *
- * A call to this function automatically adds a jitter to
- * avoid simultanous rekeying.
- *
- * @param this policy
- * @return lifetime in seconds
- */
- u_int32_t (*get_soft_lifetime) (policy_t *this);
-
- /**
- * @brief Get the lifetime of a policy, before SA gets deleted.
- *
- * @param this policy
- * @return lifetime in seconds
- */
- u_int32_t (*get_hard_lifetime) (policy_t *this);
-
- /**
- * @brief Get the mode to use for the CHILD_SA, tunnel, transport or BEET.
- *
- * @param this policy
- * @return lifetime in seconds
- */
- mode_t (*get_mode) (policy_t *this);
-
- /**
- * @brief Get a virtual IP for the local or the remote host.
- *
- * By supplying NULL as IP, an IP for the local host is requested. It
- * may be %any or specific.
- * By supplying %any as host, an IP from the pool is selected to be
- * served to the peer.
- * If a specified host is supplied, it is checked if this address
- * is acceptable to serve to the peer. If so, it is returned. Otherwise,
- * an alternative IP is returned.
- * In any mode, this call may return NULL indicating virtual IP should
- * not be used.
- *
- * @param this policy
- * @param suggestion NULL, %any or specific, see description
- * @return clone of an IP to use, or NULL
- */
- host_t* (*get_virtual_ip) (policy_t *this, host_t *suggestion);
-
- /**
- * @brief Get a new reference.
- *
- * Get a new reference to this policy by increasing
- * it's internal reference counter.
- * Do not call get_ref or any other function until you
- * already have a reference. Otherwise the object may get
- * destroyed while calling get_ref(),
- *
- * @param this calling object
- */
- void (*get_ref) (policy_t *this);
-
- /**
- * @brief Destroys the policy object.
- *
- * Decrements the internal reference counter and
- * destroys the policy when it reaches zero.
- *
- * @param this calling object
- */
- void (*destroy) (policy_t *this);
-};
-
-/**
- * @brief Create a configuration object for IKE_AUTH and later.
- *
- * name-string gets cloned, ID's not.
- * Virtual IPs are used if they are != NULL. A %any host means the virtual
- * IP should be obtained from the other peer.
- * Lifetimes are in seconds. To prevent to peers to start rekeying at the
- * same time, a jitter may be specified. Rekeying of an SA starts at
- * (soft_lifetime - random(0, jitter)). After a successful rekeying,
- * the hard_lifetime limit counter is reset. You should specify
- * hard_lifetime > soft_lifetime > jitter.
- * After a call to create, a reference is obtained (refcount = 1).
- *
- * @param name name of the policy
- * @param my_id identification_t for ourselves
- * @param other_id identification_t for the remote guy
- * @param my_virtual_ip virtual IP for local host, or NULL
- * @param other_virtual_ip virtual IP for remote host, or NULL
- * @param auth_method Authentication method to use for our(!) auth data
- * @param eap_type EAP type to use for peer authentication
- * @param hard_lifetime lifetime before deleting an SA
- * @param soft_lifetime lifetime before rekeying an SA
- * @param jitter range of randomization time
- * @param updown updown script to execute on up/down event
- * @param hostaccess allow access to the host itself (used by the updown script)
- * @param mode mode to propose for CHILD_SA, transport, tunnel or BEET
- * @param dpd_action what to to with a CHILD_SA when other peer does not respond
- * @return policy_t object
- *
- * @ingroup config
- */
-policy_t *policy_create(char *name,
- identification_t *my_id, identification_t *other_id,
- host_t *my_virtual_ip, host_t *other_virtual_ip,
- auth_method_t auth_method, eap_type_t eap_type,
- u_int32_t hard_lifetime, u_int32_t soft_lifetime,
- u_int32_t jitter, char *updown, bool hostaccess,
- mode_t mode, dpd_action_t dpd_action);
-
-#endif /* POLICY_H_ */
diff --git a/src/charon/config/policies/policy_store.h b/src/charon/config/policies/policy_store.h
deleted file mode 100755
index cd8870953..000000000
--- a/src/charon/config/policies/policy_store.h
+++ /dev/null
@@ -1,119 +0,0 @@
-/**
- * @file policy_store.h
- *
- * @brief Interface policy_store_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef POLICY_STORE_H_
-#define POLICY_STORE_H_
-
-typedef struct policy_store_t policy_store_t;
-
-#include <library.h>
-#include <config/policies/policy.h>
-#include <utils/linked_list.h>
-
-
-/**
- * @brief The interface for a store of policy_t's.
- *
- * The store uses reference counting to manage their lifetime. Call
- * destroy() for a policy which is returned from the store after usage.
- *
- * @b Constructors:
- * - stroke_create()
- *
- * @ingroup config
- */
-struct policy_store_t {
-
- /**
- * @brief Returns a policy identified by two IDs and a set of traffic selectors.
- *
- * other_id must be fully qualified. my_id may be %any, as the
- * other peer may not include an IDr Request.
- *
- * @param this calling object
- * @param my_id own ID of the policy
- * @param other_id others ID of the policy
- * @param my_ts traffic selectors requested for local host
- * @param other_ts traffic selectors requested for remote host
- * @param my_host host to use for wilcards in TS compare
- * @param other_host host to use for wildcards in TS compare
- * @return
- * - matching policy_t, if found
- * - NULL otherwise
- */
- policy_t *(*get_policy) (policy_store_t *this,
- identification_t *my_id, identification_t *other_id,
- linked_list_t *my_ts, linked_list_t *other_ts,
- host_t *my_host, host_t* other_host);
-
- /**
- * @brief Returns a policy identified by a connection name.
- *
- * @param this calling object
- * @param name name of the policy
- * @return
- * - matching policy_t, if found
- * - NULL otherwise
- */
- policy_t *(*get_policy_by_name) (policy_store_t *this, char *name);
-
- /**
- * @brief Add a policy to the list.
- *
- * The policy is owned by the store after the call. Do
- * not modify nor free.
- *
- * @param this calling object
- * @param policy policy to add
- */
- void (*add_policy) (policy_store_t *this, policy_t *policy);
-
- /**
- * @brief Delete a policy from the store.
- *
- * Remove a policy from the store identified by its name.
- *
- * @param this calling object
- * @param policy policy to add
- * @return
- * - SUCCESS, or
- * - NOT_FOUND
- */
- status_t (*delete_policy) (policy_store_t *this, char *name);
-
- /**
- * @brief Get an iterator for the stored policies.
- *
- * @param this calling object
- * @return iterator over all stored policies
- */
- iterator_t* (*create_iterator) (policy_store_t *this);
-
- /**
- * @brief Destroys a policy_store_t object.
- *
- * @param this calling object
- */
- void (*destroy) (policy_store_t *this);
-};
-
-#endif /*POLICY_STORE_H_*/
diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c
index dcab8cbdd..cff9859c1 100644
--- a/src/charon/config/proposal.c
+++ b/src/charon/config/proposal.c
@@ -144,39 +144,6 @@ static void add_algorithm(private_proposal_t *this, transform_type_t type, u_int
}
/**
- * Implements proposal_t.get_algorithm.
- */
-static bool get_algorithm(private_proposal_t *this, transform_type_t type, algorithm_t** algo)
-{
- linked_list_t *list;
- switch (type)
- {
- case ENCRYPTION_ALGORITHM:
- list = this->encryption_algos;
- break;
- case INTEGRITY_ALGORITHM:
- list = this->integrity_algos;
- break;
- case PSEUDO_RANDOM_FUNCTION:
- list = this->prf_algos;
- break;
- case DIFFIE_HELLMAN_GROUP:
- list = this->dh_groups;
- break;
- case EXTENDED_SEQUENCE_NUMBERS:
- list = this->esns;
- break;
- default:
- return FALSE;
- }
- if (list->get_first(list, (void**)algo) != SUCCESS)
- {
- return FALSE;
- }
- return TRUE;
-}
-
-/**
* Implements proposal_t.create_algorithm_iterator.
*/
static iterator_t *create_algorithm_iterator(private_proposal_t *this, transform_type_t type)
@@ -200,6 +167,50 @@ static iterator_t *create_algorithm_iterator(private_proposal_t *this, transform
}
/**
+ * Implements proposal_t.get_algorithm.
+ */
+static bool get_algorithm(private_proposal_t *this, transform_type_t type, algorithm_t** algo)
+{
+ iterator_t *iterator = create_algorithm_iterator(this, type);
+ if (iterator->iterate(iterator, (void**)algo))
+ {
+ iterator->destroy(iterator);
+ return TRUE;
+ }
+ iterator->destroy(iterator);
+ return FALSE;
+}
+
+/**
+ * Implements proposal_t.has_dh_group
+ */
+static bool has_dh_group(private_proposal_t *this, diffie_hellman_group_t group)
+{
+ algorithm_t *current;
+ iterator_t *iterator;
+ bool result = FALSE;
+
+ iterator = this->dh_groups->create_iterator(this->dh_groups, TRUE);
+ if (iterator->get_count(iterator))
+ {
+ while (iterator->iterate(iterator, (void**)&current))
+ {
+ if (current->algorithm == group)
+ {
+ result = TRUE;
+ break;
+ }
+ }
+ }
+ else if (group == MODP_NONE)
+ {
+ result = TRUE;
+ }
+ iterator->destroy(iterator);
+ return result;
+}
+
+/**
* Find a matching alg/keysize in two linked lists
*/
static bool select_algo(linked_list_t *first, linked_list_t *second, bool *add, u_int16_t *alg, size_t *key_size)
@@ -399,6 +410,10 @@ static proposal_t *clone_(private_proposal_t *this)
return &clone->public;
}
+/**
+ * add a algorithm identified by a string to the proposal.
+ * TODO: we could use gperf here.
+ */
static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
{
if (strncmp(alg.ptr, "null", alg.len) == 0)
@@ -443,8 +458,9 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
{
add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0);
}
- }
- else if (strncmp(alg.ptr, "sha256", alg.len) == 0)
+ }
+ else if (strncmp(alg.ptr, "sha256", alg.len) == 0 ||
+ strncmp(alg.ptr, "sha2_256", alg.len) == 0)
{
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
if (this->protocol == PROTO_IKE)
@@ -452,7 +468,8 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0);
}
}
- else if (strncmp(alg.ptr, "sha384", alg.len) == 0)
+ else if (strncmp(alg.ptr, "sha384", alg.len) == 0 ||
+ strncmp(alg.ptr, "sha2_384", alg.len) == 0)
{
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
if (this->protocol == PROTO_IKE)
@@ -460,7 +477,8 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0);
}
}
- else if (strncmp(alg.ptr, "sha512", alg.len) == 0)
+ else if (strncmp(alg.ptr, "sha512", alg.len) == 0 ||
+ strncmp(alg.ptr, "sha2_512", alg.len) == 0)
{
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
if (this->protocol == PROTO_IKE)
@@ -476,6 +494,14 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0);
}
}
+ else if (strncmp(alg.ptr, "aesxcbc", alg.len) == 0)
+ {
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
+ if (this->protocol == PROTO_IKE)
+ {
+ add_algorithm(this, PSEUDO_RANDOM_FUNCTION, AUTH_AES_XCBC_96, 0);
+ }
+ }
else if (strncmp(alg.ptr, "modp768", alg.len) == 0)
{
add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
@@ -530,6 +556,7 @@ proposal_t *proposal_create(protocol_id_t protocol)
this->public.add_algorithm = (void (*)(proposal_t*,transform_type_t,u_int16_t,size_t))add_algorithm;
this->public.create_algorithm_iterator = (iterator_t* (*)(proposal_t*,transform_type_t))create_algorithm_iterator;
this->public.get_algorithm = (bool (*)(proposal_t*,transform_type_t,algorithm_t**))get_algorithm;
+ this->public.has_dh_group = (bool (*)(proposal_t*,diffie_hellman_group_t))has_dh_group;
this->public.select = (proposal_t* (*)(proposal_t*,proposal_t*))select_proposal;
this->public.get_protocol = (protocol_id_t(*)(proposal_t*))get_protocol;
this->public.set_spi = (void(*)(proposal_t*,u_int64_t))set_spi;
@@ -586,11 +613,13 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
break;
case PROTO_AH:
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
break;
diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h
index abcb40999..379550f44 100644
--- a/src/charon/config/proposal.h
+++ b/src/charon/config/proposal.h
@@ -102,6 +102,8 @@ extern enum_name_t *extended_sequence_numbers_names;
/**
* Struct used to store different kinds of algorithms. The internal
* lists of algorithms contain such structures.
+ *
+ * @ingroup config
*/
struct algorithm_t {
/**
@@ -162,7 +164,6 @@ struct proposal_t {
* @brief Get the algorithm for a type to use.
*
* If there are multiple algorithms, only the first is returned.
- * Result is still owned by proposal, do not modify!
*
* @param this calling object
* @param type kind of algorithm
@@ -170,6 +171,15 @@ struct proposal_t {
* @return TRUE if algorithm of this kind available
*/
bool (*get_algorithm) (proposal_t *this, transform_type_t type, algorithm_t** algo);
+
+ /**
+ * @brief Check if the proposal has a specific DH group.
+ *
+ * @param this calling object
+ * @param group group to check for
+ * @return TRUE if algorithm included
+ */
+ bool (*has_dh_group) (proposal_t *this, diffie_hellman_group_t group);
/**
* @brief Compare two proposal, and select a matching subset.
diff --git a/src/charon/config/traffic_selector.c b/src/charon/config/traffic_selector.c
index 2fb012e16..b399074d1 100644
--- a/src/charon/config/traffic_selector.c
+++ b/src/charon/config/traffic_selector.c
@@ -167,6 +167,8 @@ static int print(FILE *stream, const struct printf_info *info,
const void *const *args)
{
private_traffic_selector_t *this = *((private_traffic_selector_t**)(args[0]));
+ linked_list_t *list = *((linked_list_t**)(args[0]));
+ iterator_t *iterator;
char addr_str[INET6_ADDRSTRLEN] = "";
char *serv_proto = NULL;
u_int8_t mask;
@@ -179,6 +181,24 @@ static int print(FILE *stream, const struct printf_info *info,
return fprintf(stream, "(null)");
}
+ if (info->alt)
+ {
+ iterator = list->create_iterator(list, TRUE);
+ while (iterator->iterate(iterator, (void**)&this))
+ {
+ /* call recursivly */
+ written += fprintf(stream, "%R ", this);
+ }
+ iterator->destroy(iterator);
+ return written;
+ }
+
+ if (this->dynamic)
+ {
+ return fprintf(stream, "dynamic/%d",
+ this->type == TS_IPV4_ADDR_RANGE ? 32 : 128);
+ }
+
if (this->type == TS_IPV4_ADDR_RANGE)
{
inet_ntop(AF_INET, &this->from4, addr_str, sizeof(addr_str));
diff --git a/src/charon/control/interface_manager.c b/src/charon/control/interface_manager.c
new file mode 100644
index 000000000..700174c5b
--- /dev/null
+++ b/src/charon/control/interface_manager.c
@@ -0,0 +1,705 @@
+/**
+ * @file interface_manager.c
+ *
+ * @brief Implementation of interface_manager_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "interface_manager.h"
+
+#include <sys/types.h>
+#include <dirent.h>
+#include <sys/stat.h>
+#include <dlfcn.h>
+
+#include <daemon.h>
+#include <library.h>
+#include <control/interfaces/interface.h>
+
+
+typedef struct private_interface_manager_t private_interface_manager_t;
+typedef struct interface_bus_listener_t interface_bus_listener_t;
+
+/**
+ * Private data of an stroke_t object.
+ */
+struct private_interface_manager_t {
+
+ /**
+ * Public part of stroke_t object.
+ */
+ interface_manager_t public;
+
+ /**
+ * a list of all loaded interfaces
+ */
+ linked_list_t *interfaces;
+
+ /**
+ * dlopen() handles of interfaces
+ */
+ linked_list_t *handles;
+};
+
+/**
+ * helper struct to map bus listener callbacks to interface callbacks
+ */
+struct interface_bus_listener_t {
+
+ /**
+ * bus listener callback function (called)
+ */
+ bus_listener_t listener;
+
+ /**
+ * IKE_SA to use for message filtering
+ */
+ ike_sa_t *ike_sa;
+
+ /**
+ * interface callback (listener gets redirected to here)
+ */
+ interface_manager_cb_t callback;
+
+ /**
+ * user parameter to pass to callback
+ */
+ void *param;
+
+ /**
+ * caller has cancelled its listening subscription
+ */
+ bool cancelled;
+};
+
+/**
+ * Implementation of interface_manager_t.create_ike_sa_iterator.
+ */
+static iterator_t* create_ike_sa_iterator(interface_manager_t *this)
+{
+ return charon->ike_sa_manager->create_iterator(charon->ike_sa_manager);
+}
+
+/**
+ * listener function for initiate
+ */
+static bool initiate_listener(interface_bus_listener_t *this, signal_t signal,
+ level_t level, int thread, ike_sa_t *ike_sa,
+ char* format, va_list args)
+{
+ if (this->ike_sa == ike_sa)
+ {
+ if (!this->callback(this->param, signal, level, ike_sa, format, args))
+ {
+ this->cancelled = TRUE;
+ return FALSE;
+ }
+ switch (signal)
+ {
+ case IKE_UP_FAILED:
+ case CHILD_UP_FAILED:
+ case CHILD_UP_SUCCESS:
+ {
+ return FALSE;
+ }
+ default:
+ break;
+ }
+ }
+ return TRUE;
+}
+
+/**
+ * listener function for terminate_ike
+ */
+static bool terminate_ike_listener(interface_bus_listener_t *this, signal_t signal,
+ level_t level, int thread, ike_sa_t *ike_sa,
+ char* format, va_list args)
+{
+ if (this->ike_sa == ike_sa)
+ {
+ if (!this->callback(this->param, signal, level, ike_sa, format, args))
+ {
+ this->cancelled = TRUE;
+ return FALSE;
+ }
+ switch (signal)
+ {
+ case IKE_DOWN_FAILED:
+ case IKE_DOWN_SUCCESS:
+ {
+ return FALSE;
+ }
+ default:
+ break;
+ }
+ }
+ return TRUE;
+}
+
+/**
+ * listener function for terminate_child
+ */
+static bool terminate_child_listener(interface_bus_listener_t *this, signal_t signal,
+ level_t level, int thread, ike_sa_t *ike_sa,
+ char* format, va_list args)
+{
+ if (this->ike_sa == ike_sa)
+ {
+ if (!this->callback(this->param, signal, level, ike_sa, format, args))
+ {
+ this->cancelled = TRUE;
+ return FALSE;
+ }
+ switch (signal)
+ {
+ case IKE_DOWN_FAILED:
+ case IKE_DOWN_SUCCESS:
+ case CHILD_DOWN_FAILED:
+ case CHILD_DOWN_SUCCESS:
+ {
+ return FALSE;
+ }
+ default:
+ break;
+ }
+ }
+ return TRUE;
+}
+
+/**
+ * listener function for route
+ */
+static bool route_listener(interface_bus_listener_t *this, signal_t signal,
+ level_t level, int thread, ike_sa_t *ike_sa,
+ char* format, va_list args)
+{
+ if (this->ike_sa == ike_sa)
+ {
+ if (!this->callback(this->param, signal, level, ike_sa, format, args))
+ {
+ this->cancelled = TRUE;
+ return FALSE;
+ }
+ switch (signal)
+ {
+ case CHILD_ROUTE_SUCCESS:
+ case CHILD_ROUTE_FAILED:
+ {
+ return FALSE;
+ }
+ default:
+ break;
+ }
+ }
+ return TRUE;
+}
+
+/**
+ * listener function for unroute
+ */
+static bool unroute_listener(interface_bus_listener_t *this, signal_t signal,
+ level_t level, int thread, ike_sa_t *ike_sa,
+ char* format, va_list args)
+{
+ if (this->ike_sa == ike_sa)
+ {
+ if (!this->callback(this->param, signal, level, ike_sa, format, args))
+ {
+ this->cancelled = TRUE;
+ return FALSE;
+ }
+ switch (signal)
+ {
+ case CHILD_UNROUTE_SUCCESS:
+ case CHILD_UNROUTE_FAILED:
+ {
+ return FALSE;
+ }
+ default:
+ break;
+ }
+ }
+ return TRUE;
+}
+
+/**
+ * remove a previously registered listener from the bus
+ */
+static void remove_listener(interface_bus_listener_t *listener)
+{
+ charon->bus->remove_listener(charon->bus, &listener->listener);
+}
+
+/**
+ * Implementation of interface_manager_t.initiate.
+ */
+static status_t initiate(private_interface_manager_t *this,
+ peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
+ interface_manager_cb_t callback, void *param)
+{
+ ike_sa_t *ike_sa;
+ ike_cfg_t *ike_cfg;
+ status_t retval = FAILED;
+ interface_bus_listener_t listener;
+
+ ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
+ ike_sa = charon->ike_sa_manager->checkout_by_peer(charon->ike_sa_manager,
+ ike_cfg->get_my_host(ike_cfg), ike_cfg->get_other_host(ike_cfg),
+ peer_cfg->get_my_id(peer_cfg), peer_cfg->get_other_id(peer_cfg));
+
+ if (ike_sa->get_peer_cfg(ike_sa) == NULL)
+ {
+ ike_sa->set_peer_cfg(ike_sa, peer_cfg);
+ }
+ peer_cfg->destroy(peer_cfg);
+
+ listener.listener.signal = (void*)initiate_listener;
+ listener.callback = callback;
+ listener.ike_sa = ike_sa;
+ listener.param = param;
+ listener.cancelled = FALSE;
+
+ /* we listen passively to catch the signals we are raising in
+ * ike_sa->delete(). */
+ if (callback)
+ {
+ charon->bus->add_listener(charon->bus, &listener.listener);
+ }
+ charon->bus->set_listen_state(charon->bus, TRUE);
+ if (ike_sa->initiate(ike_sa, child_cfg) != SUCCESS)
+ {
+ charon->bus->set_listen_state(charon->bus, FALSE);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
+ return FAILED;
+ }
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+
+ /* wait until we get a result */
+ while (TRUE)
+ {
+ level_t level;
+ signal_t signal;
+ int thread;
+ ike_sa_t *current;
+ char* format;
+ va_list args;
+
+ /* stop listening if the passive listener returned FALSE */
+ if (listener.cancelled)
+ {
+ retval = NEED_MORE;
+ break;
+ }
+ pthread_cleanup_push((void*)remove_listener, &listener);
+ signal = charon->bus->listen(charon->bus, &level, &thread,
+ &current, &format, &args);
+ pthread_cleanup_pop(0);
+ /* ike_sa is a valid pointer until we get one of the signals */
+ if (ike_sa == current)
+ {
+ switch (signal)
+ {
+ case CHILD_UP_SUCCESS:
+ retval = SUCCESS;
+ case CHILD_UP_FAILED:
+ case IKE_UP_FAILED:
+ break;
+ default:
+ continue;
+ }
+ break;
+ }
+ }
+ charon->bus->set_listen_state(charon->bus, FALSE);
+ return retval;
+}
+
+/**
+ * Implementation of interface_manager_t.terminate_ike.
+ */
+static status_t terminate_ike(interface_manager_t *this, u_int32_t unique_id,
+ interface_manager_cb_t callback, void *param)
+{
+ ike_sa_t *ike_sa;
+ status_t status = FAILED;;
+ interface_bus_listener_t listener;
+
+ ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
+ unique_id, FALSE);
+ if (ike_sa == NULL)
+ {
+ return NOT_FOUND;
+ }
+
+ /* we listen passively to catch the signals we are raising in
+ * ike_sa->delete(). */
+ listener.listener.signal = (void*)terminate_ike_listener;
+ listener.callback = callback;
+ listener.ike_sa = ike_sa;
+ listener.param = param;
+ listener.cancelled = FALSE;
+ if (callback)
+ {
+ charon->bus->add_listener(charon->bus, &listener.listener);
+ }
+ charon->bus->set_listen_state(charon->bus, TRUE);
+ status = ike_sa->delete(ike_sa);
+ if (status == DESTROY_ME)
+ {
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
+ }
+ else
+ {
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+
+ /* wait until IKE_SA is cleanly deleted using a delete message */
+ while (TRUE)
+ {
+ level_t level;
+ signal_t signal;
+ int thread;
+ ike_sa_t *current;
+ char* format;
+ va_list args;
+
+ /* stop listening if the passive listener returned FALSE */
+ if (listener.cancelled)
+ {
+ status = NEED_MORE;
+ break;
+ }
+ pthread_cleanup_push((void*)remove_listener, &listener);
+ signal = charon->bus->listen(charon->bus, &level, &thread,
+ &current, &format, &args);
+ pthread_cleanup_pop(0);
+
+ /* even if we checked in the IKE_SA, the pointer is valid until
+ * we get an IKE_DOWN_... */
+ if (ike_sa == current)
+ {
+ switch (signal)
+ {
+ case IKE_DOWN_FAILED:
+ case IKE_DOWN_SUCCESS:
+ {
+ status = SUCCESS;
+ break;
+ }
+ default:
+ continue;
+ }
+ break;
+ }
+ }
+ }
+ charon->bus->set_listen_state(charon->bus, FALSE);
+
+ return status;
+}
+
+/**
+ * Implementation of interface_manager_t.terminate_child.
+ */
+static status_t terminate_child(interface_manager_t *this, u_int32_t reqid,
+ interface_manager_cb_t callback, void *param)
+{
+ ike_sa_t *ike_sa;
+ child_sa_t *child_sa;
+ iterator_t *iterator;
+ status_t status = FAILED;
+ interface_bus_listener_t listener;
+
+ ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
+ reqid, TRUE);
+ if (ike_sa == NULL)
+ {
+ return NOT_FOUND;
+ }
+
+ iterator = ike_sa->create_child_sa_iterator(ike_sa);
+ while (iterator->iterate(iterator, (void**)&child_sa))
+ {
+ if (child_sa->get_state(child_sa) != CHILD_ROUTED &&
+ child_sa->get_reqid(child_sa) == reqid)
+ {
+ break;
+ }
+ child_sa = NULL;
+ }
+ iterator->destroy(iterator);
+
+ if (child_sa == NULL)
+ {
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+ return NOT_FOUND;
+ }
+
+ listener.listener.signal = (void*)terminate_child_listener;
+ listener.callback = callback;
+ listener.ike_sa = ike_sa;
+ listener.param = param;
+ listener.cancelled = FALSE;
+
+ /* we listen passively to catch the signals we are raising */
+ if (callback)
+ {
+ charon->bus->add_listener(charon->bus, &listener.listener);
+ }
+ charon->bus->set_listen_state(charon->bus, TRUE);
+ status = ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa),
+ child_sa->get_spi(child_sa, TRUE));
+ if (status == DESTROY_ME)
+ {
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
+ }
+ else
+ {
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+
+ /* wait until CHILD_SA is cleanly deleted using a delete message */
+ while (TRUE)
+ {
+ level_t level;
+ signal_t signal;
+ int thread;
+ ike_sa_t *current;
+ char* format;
+ va_list args;
+
+ /* stop listening if the passive listener returned FALSE */
+ if (listener.cancelled)
+ {
+ status = NEED_MORE;
+ break;
+ }
+ pthread_cleanup_push((void*)remove_listener, &listener);
+ signal = charon->bus->listen(charon->bus, &level, &thread,
+ &current, &format, &args);
+ pthread_cleanup_pop(0);
+ /* even if we checked in the IKE_SA, the pointer is valid until
+ * we get an IKE_DOWN_... */
+ if (ike_sa == current)
+ {
+ switch (signal)
+ {
+ case IKE_DOWN_FAILED:
+ case IKE_DOWN_SUCCESS:
+ case CHILD_DOWN_FAILED:
+ case CHILD_DOWN_SUCCESS:
+ {
+ status = SUCCESS;
+ break;
+ }
+ default:
+ continue;
+ }
+ break;
+ }
+ }
+ }
+ charon->bus->set_listen_state(charon->bus, FALSE);
+
+ return status;
+}
+
+/**
+ * Implementation of interface_manager_t.route.
+ */
+static status_t route(interface_manager_t *this,
+ peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
+ interface_manager_cb_t callback, void *param)
+{
+ ike_sa_t *ike_sa;
+ ike_cfg_t *ike_cfg;
+ status_t status = SUCCESS;
+
+ ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
+
+ ike_sa = charon->ike_sa_manager->checkout_by_peer(charon->ike_sa_manager,
+ ike_cfg->get_my_host(ike_cfg), ike_cfg->get_other_host(ike_cfg),
+ peer_cfg->get_my_id(peer_cfg), peer_cfg->get_other_id(peer_cfg));
+
+ if (ike_sa->get_peer_cfg(ike_sa) == NULL)
+ {
+ ike_sa->set_peer_cfg(ike_sa, peer_cfg);
+ }
+
+ /* we listen passively only, as routing is done by one thread only */
+ if (callback)
+ {
+ interface_bus_listener_t listener;
+
+ listener.listener.signal = (void*)route_listener;
+ listener.callback = callback;
+ listener.ike_sa = ike_sa;
+ listener.param = param;
+ listener.cancelled = FALSE;
+ charon->bus->add_listener(charon->bus, &listener.listener);
+ }
+
+ if (ike_sa->route(ike_sa, child_cfg) != SUCCESS)
+ {
+ status = FAILED;
+ }
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+ return status;
+}
+
+/**
+ * Implementation of interface_manager_t.unroute.
+ */
+static status_t unroute(interface_manager_t *this, u_int32_t reqid,
+ interface_manager_cb_t callback, void *param)
+{
+ ike_sa_t *ike_sa;
+ status_t status;
+
+ ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
+ reqid, TRUE);
+ if (ike_sa == NULL)
+ {
+ return NOT_FOUND;
+ }
+
+ /* we listen passively only, as routing is done by one thread only */
+ if (callback)
+ {
+ interface_bus_listener_t listener;
+
+ listener.listener.signal = (void*)unroute_listener;
+ listener.callback = callback;
+ listener.ike_sa = ike_sa;
+ listener.param = param;
+ listener.cancelled = FALSE;
+ charon->bus->add_listener(charon->bus, &listener.listener);
+ }
+ status = ike_sa->unroute(ike_sa, reqid);
+ if (status == DESTROY_ME)
+ {
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
+ status = SUCCESS;
+ }
+ else
+ {
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+ }
+ return status;
+}
+
+/**
+ * load the control interface modules
+ */
+static void load_interfaces(private_interface_manager_t *this)
+{
+ struct dirent* entry;
+ DIR* dir;
+
+ dir = opendir(IPSEC_INTERFACEDIR);
+ if (dir == NULL)
+ {
+ DBG1(DBG_CFG, "error opening interface modules directory "IPSEC_INTERFACEDIR);
+ return;
+ }
+
+ DBG1(DBG_CFG, "loading control interface modules from '"IPSEC_INTERFACEDIR"'");
+
+ while ((entry = readdir(dir)) != NULL)
+ {
+ char file[256];
+ interface_t *interface;
+ interface_constructor_t constructor;
+ void *handle;
+ char *ending;
+
+ snprintf(file, sizeof(file), IPSEC_INTERFACEDIR"/%s", entry->d_name);
+
+ ending = entry->d_name + strlen(entry->d_name) - 3;
+ if (ending <= entry->d_name || !streq(ending, ".so"))
+ {
+ /* skip anything which does not look like a library */
+ DBG2(DBG_CFG, " skipping %s, doesn't look like a library",
+ entry->d_name);
+ continue;
+ }
+ /* try to load the library */
+ handle = dlopen(file, RTLD_LAZY);
+ if (handle == NULL)
+ {
+ DBG1(DBG_CFG, " opening control interface module %s failed: %s",
+ entry->d_name, dlerror());
+ continue;
+ }
+ constructor = dlsym(handle, "interface_create");
+ if (constructor == NULL)
+ {
+ DBG1(DBG_CFG, " interface module %s has no interface_create() "
+ "function, skipped", entry->d_name);
+ dlclose(handle);
+ continue;
+ }
+
+ interface = constructor();
+ if (interface == NULL)
+ {
+ DBG1(DBG_CFG, " unable to create instance of interface "
+ "module %s, skipped", entry->d_name);
+ dlclose(handle);
+ continue;
+ }
+ DBG1(DBG_CFG, " loaded control interface module successfully from %s", entry->d_name);
+ this->interfaces->insert_last(this->interfaces, interface);
+ this->handles->insert_last(this->handles, handle);
+ }
+ closedir(dir);
+}
+
+
+/**
+ * Implementation of stroke_t.destroy.
+ */
+static void destroy(private_interface_manager_t *this)
+{
+ this->interfaces->destroy_offset(this->interfaces, offsetof(interface_t, destroy));
+ this->handles->destroy_function(this->handles, (void*)dlclose);
+ free(this);
+}
+
+/*
+ * Described in header-file
+ */
+interface_manager_t *interface_manager_create(void)
+{
+ private_interface_manager_t *this = malloc_thing(private_interface_manager_t);
+
+ this->public.create_ike_sa_iterator = (iterator_t*(*)(interface_manager_t*))create_ike_sa_iterator;
+ this->public.initiate = (status_t(*)(interface_manager_t*,peer_cfg_t*,child_cfg_t*,bool(*)(void*,signal_t,level_t,ike_sa_t*,char*,va_list),void*))initiate;
+ this->public.terminate_ike = (status_t(*)(interface_manager_t*,u_int32_t,interface_manager_cb_t, void*))terminate_ike;
+ this->public.terminate_child = (status_t(*)(interface_manager_t*,u_int32_t,interface_manager_cb_t, void *param))terminate_child;
+ this->public.route = (status_t(*)(interface_manager_t*,peer_cfg_t*, child_cfg_t*,interface_manager_cb_t,void*))route;
+ this->public.unroute = (status_t(*)(interface_manager_t*,u_int32_t,interface_manager_cb_t,void*))unroute;
+ this->public.destroy = (void (*)(interface_manager_t*))destroy;
+
+ this->interfaces = linked_list_create();
+ this->handles = linked_list_create();
+
+ load_interfaces(this);
+
+ return &this->public;
+}
+
diff --git a/src/charon/control/interface_manager.h b/src/charon/control/interface_manager.h
new file mode 100644
index 000000000..06a5fe6c4
--- /dev/null
+++ b/src/charon/control/interface_manager.h
@@ -0,0 +1,192 @@
+/**
+ * @file interface_manager.h
+ *
+ * @brief Interface of interface_manager_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef INTERFACE_MANAGER_H_
+#define INTERFACE_MANAGER_H_
+
+#include <bus/bus.h>
+
+/**
+ * callback to log things triggered by interface_manager.
+ *
+ * @param param echoed parameter supplied when function invoked
+ * @param signal type of signal
+ * @param level verbosity level if log
+ * @param ike_sa associated IKE_SA, if any
+ * @param format printf like format string
+ * @param args list of arguments to use for format
+ * @return FALSE to return from invoked function
+ * @ingroup control
+ */
+typedef bool(*interface_manager_cb_t)(void* param, signal_t signal, level_t level,
+ ike_sa_t* ike_sa, char* format, va_list args);
+
+typedef struct interface_manager_t interface_manager_t;
+
+/**
+ * @brief The interface_manager loads control interfaces and has helper methods.
+ *
+ * One job of the interface manager is to load pluggable control interface
+ * modules, implemented as interface_t.
+ * @verbatim
+
+ +---------+ +------------+ +--------------+ |
+ | | | |<----- +--------------+ | |
+ | daemon |<-----| interface- | +--------------+ |-+ <==|==> IPC
+ | core | | manager |<----| interfaces |-+ |
+ | |<-----| | +--------------+ |
+ | | | | |
+ +---------+ +------------+ |
+
+ @endverbatim
+ * The manager does not really use the interfaces, instead, the interface
+ * use the manager to fullfill their tasks (initiating, terminating, ...).
+ * The interface_manager starts actions by creating jobs. It then tries to
+ * evaluate the result of the operation by listening on the bus.
+ *
+ * @b Constructors:
+ * - interface_manager_create()
+ *
+ * @ingroup control
+ */
+struct interface_manager_t {
+
+ /**
+ * @brief Create an iterator for all IKE_SAs.
+ *
+ * The iterator blocks the IKE_SA manager until it gets destroyed. Do
+ * not call another interface/manager method while the iterator is alive.
+ *
+ * @param this calling object
+ * @return iterator, locks IKE_SA manager until destroyed
+ */
+ iterator_t* (*create_ike_sa_iterator)(interface_manager_t *this);
+
+ /**
+ * @brief Initiate a CHILD_SA, and if required, an IKE_SA.
+ *
+ * The inititate() function is synchronous and thus blocks until the
+ * IKE_SA is established or failed. Because of this, the initiate() function
+ * contains a thread cancellation point.
+ *
+ * @param this calling object
+ * @param peer_cfg peer_cfg to use for IKE_SA setup
+ * @param child_cfg child_cfg to set up CHILD_SA from
+ * @param cb logging callback
+ * @param param parameter to include in each call of cb
+ * @return
+ * - SUCCESS, if CHILD_SA established
+ * - FAILED, if setup failed
+ * - NEED_MORE, if callback returned FALSE
+ */
+ status_t (*initiate)(interface_manager_t *this,
+ peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
+ interface_manager_cb_t callback, void *param);
+
+ /**
+ * @brief Terminate an IKE_SA and all of its CHILD_SAs.
+ *
+ * The terminate() function is synchronous and thus blocks until the
+ * IKE_SA is properly deleted, or the delete timed out.
+ * The terminate() function contains a thread cancellation point.
+ *
+ * @param this calling object
+ * @param unique_id unique id of the IKE_SA to terminate.
+ * @param cb logging callback
+ * @param param parameter to include in each call of cb
+ * @return
+ * - SUCCESS, if CHILD_SA terminated
+ * - NOT_FOUND, if no such CHILD_SA found
+ * - NEED_MORE, if callback returned FALSE
+ */
+ status_t (*terminate_ike)(interface_manager_t *this, u_int32_t unique_id,
+ interface_manager_cb_t callback, void *param);
+
+ /**
+ * @brief Terminate a CHILD_SA.
+ *
+ * @param this calling object
+ * @param reqid reqid of the CHILD_SA to terminate
+ * @param cb logging callback
+ * @param param parameter to include in each call of cb
+ * @return
+ * - SUCCESS, if CHILD_SA terminated
+ * - NOT_FOUND, if no such CHILD_SA found
+ * - NEED_MORE, if callback returned FALSE
+ */
+ status_t (*terminate_child)(interface_manager_t *this, u_int32_t reqid,
+ interface_manager_cb_t callback, void *param);
+
+ /**
+ * @brief Route a CHILD_SA (install triggering policies).
+ *
+ * @param this calling object
+ * @param peer_cfg peer_cfg to use for IKE_SA setup, if triggered
+ * @param child_cfg child_cfg to route
+ * @param cb logging callback
+ * @param param parameter to include in each call of cb
+ * @return
+ * - SUCCESS, if CHILD_SA routed
+ * - FAILED, if routing failed
+ * - NEED_MORE, if callback returned FALSE
+ */
+ status_t (*route)(interface_manager_t *this,
+ peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
+ interface_manager_cb_t callback, void *param);
+
+ /**
+ * @brief Unroute a routed CHILD_SA (uninstall triggering policies).
+ *
+ * Only the route is removed, not the CHILD_SAs the route triggered.
+ *
+ * @param this calling object
+ * @param reqid reqid of the CHILD_SA to unroute
+ * @param cb logging callback
+ * @param param parameter to include in each call of cb
+ * @return
+ * - SUCCESS, if CHILD_SA terminated
+ * - NOT_FOUND, if no such CHILD_SA routed
+ * - NEED_MORE, if callback returned FALSE
+ */
+ status_t (*unroute)(interface_manager_t *this, u_int32_t reqid,
+ interface_manager_cb_t callback, void *param);
+
+ /**
+ * @brief Destroy a interface_manager_t instance.
+ *
+ * @param this interface_manager_t objec to destroy
+ */
+ void (*destroy) (interface_manager_t *this);
+};
+
+
+/**
+ * @brief Creates a interface_manager instance and loads all interface modules.
+ *
+ * @return interface_manager_t object
+ *
+ * @ingroup control
+ */
+interface_manager_t *interface_manager_create(void);
+
+#endif /* INTERFACE_MANAGER_H_ */
+
diff --git a/src/charon/control/interfaces/dbus_interface.c b/src/charon/control/interfaces/dbus_interface.c
new file mode 100644
index 000000000..443df635c
--- /dev/null
+++ b/src/charon/control/interfaces/dbus_interface.c
@@ -0,0 +1,479 @@
+/**
+ * @file dbus_interface.c
+ *
+ * @brief Implementation of dbus_interface_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define DBUS_API_SUBJECT_TO_CHANGE
+#include <dbus/dbus.h>
+#include <NetworkManager/NetworkManager.h>
+#include <NetworkManager/NetworkManagerVPN.h>
+#include <stdlib.h>
+
+#include "dbus_interface.h"
+
+#include <library.h>
+#include <daemon.h>
+
+
+#define NM_DBUS_SERVICE_STRONG "org.freedesktop.NetworkManager.strongswan"
+#define NM_DBUS_INTERFACE_STRONG "org.freedesktop.NetworkManager.strongswan"
+#define NM_DBUS_PATH_STRONG "/org/freedesktop/NetworkManager/strongswan"
+
+typedef struct private_dbus_interface_t private_dbus_interface_t;
+
+/**
+ * Private data of an dbus_interface_t object.
+ */
+struct private_dbus_interface_t {
+
+ /**
+ * Public part of dbus_t object.
+ */
+ dbus_interface_t public;
+
+ /**
+ * DBUS connection
+ */
+ DBusConnection* conn;
+
+ /**
+ * error value used here and there
+ */
+ DBusError err;
+
+ /**
+ * state of the daemon
+ */
+ NMVPNState state;
+
+ /**
+ * dispatcher thread for DBUS messages
+ */
+ pthread_t thread;
+
+ /**
+ * name of the currently active connection
+ */
+ char *name;
+};
+
+/**
+ * set daemon state and send StateChange signal to the bus
+ */
+static void set_state(private_dbus_interface_t *this, NMVPNState state)
+{
+ DBusMessage* msg;
+
+ msg = dbus_message_new_signal(NM_DBUS_PATH_STRONG, NM_DBUS_INTERFACE_STRONG, NM_DBUS_VPN_SIGNAL_STATE_CHANGE);
+
+ if (!dbus_message_append_args(msg, DBUS_TYPE_UINT32, &this->state,
+ DBUS_TYPE_UINT32, &state, DBUS_TYPE_INVALID) ||
+ !dbus_connection_send(this->conn, msg, NULL))
+ {
+ DBG1(DBG_CFG, "unable to send DBUS StateChange signal");
+ }
+ dbus_connection_flush(this->conn);
+ dbus_message_unref(msg);
+ this->state = state;
+}
+
+
+/**
+ * get the child_cfg with the same name as the peer cfg
+ */
+static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name)
+{
+ child_cfg_t *current, *found = NULL;
+ iterator_t *iterator;
+
+ iterator = peer_cfg->create_child_cfg_iterator(peer_cfg);
+ while (iterator->iterate(iterator, (void**)&current))
+ {
+ if (streq(current->get_name(current), name))
+ {
+ found = current;
+ found->get_ref(found);
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+ return found;
+}
+
+/**
+ * get a peer configuration by its name, or a name of its children
+ */
+static peer_cfg_t *get_peer_cfg_by_name(char *name)
+{
+ iterator_t *i1, *i2;
+ peer_cfg_t *current, *found = NULL;
+ child_cfg_t *child;
+
+ i1 = charon->backends->create_iterator(charon->backends);
+ while (i1->iterate(i1, (void**)&current))
+ {
+ /* compare peer_cfgs name first */
+ if (streq(current->get_name(current), name))
+ {
+ found = current;
+ found->get_ref(found);
+ break;
+ }
+ /* compare all child_cfg names otherwise */
+ i2 = current->create_child_cfg_iterator(current);
+ while (i2->iterate(i2, (void**)&child))
+ {
+ if (streq(child->get_name(child), name))
+ {
+ found = current;
+ found->get_ref(found);
+ break;
+ }
+ }
+ i2->destroy(i2);
+ if (found)
+ {
+ break;
+ }
+ }
+ i1->destroy(i1);
+ return found;
+}
+
+/**
+ * logging dummy
+ */
+static bool dbus_log(void *param, signal_t signal, level_t level,
+ ike_sa_t *ike_sa, char *format, va_list args)
+{
+ return TRUE;
+}
+
+
+/**
+ * process NetworkManagers startConnection method call
+ */
+static bool start_connection(private_dbus_interface_t *this, DBusMessage* msg)
+{
+ DBusMessage *reply, *signal;
+ char *name, *user, **data, **passwords, **routes;
+ int data_count, passwords_count, routes_count;
+ u_int32_t me, other, p2p, netmask, mss;
+ char *dev, *domain, *banner;
+ const dbus_int32_t array[] = {};
+ const dbus_int32_t *varray = array;
+ peer_cfg_t *peer_cfg;
+ child_cfg_t *child_cfg;
+ status_t status = FAILED;
+
+ dbus_error_free(&this->err);
+
+ if (!dbus_message_get_args(msg, &this->err,
+ DBUS_TYPE_STRING, &name, DBUS_TYPE_STRING, &user,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &passwords, &passwords_count,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &data, &data_count,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &routes, &routes_count,
+ DBUS_TYPE_INVALID))
+ {
+ return FALSE;
+ }
+ set_state(this, NM_VPN_STATE_STARTING);
+
+ peer_cfg = get_peer_cfg_by_name(name);
+ if (peer_cfg)
+ {
+ free(this->name);
+ this->name = strdup(peer_cfg->get_name(peer_cfg));
+ child_cfg = get_child_from_peer(peer_cfg, name);
+ if (child_cfg)
+ {
+ status = charon->interfaces->initiate(charon->interfaces, peer_cfg,
+ child_cfg, dbus_log, NULL);
+ }
+ else
+ {
+ peer_cfg->destroy(peer_cfg);
+ }
+ }
+ reply = dbus_message_new_method_return(msg);
+ dbus_connection_send(this->conn, reply, NULL);
+ dbus_message_unref(reply);
+
+ if (status == SUCCESS)
+ {
+
+ set_state(this, NM_VPN_STATE_STARTED);
+ signal = dbus_message_new_signal(NM_DBUS_PATH_STRONG,
+ NM_DBUS_INTERFACE_STRONG,
+ NM_DBUS_VPN_SIGNAL_IP4_CONFIG);
+ me = other = p2p = mss = netmask = 0;
+ dev = domain = banner = "";
+ if (dbus_message_append_args(signal,
+ DBUS_TYPE_UINT32, &other,
+ DBUS_TYPE_STRING, &dev,
+ DBUS_TYPE_UINT32, &me,
+ DBUS_TYPE_UINT32, &p2p,
+ DBUS_TYPE_UINT32, &netmask,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_UINT32, &varray, 0,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_UINT32, &varray, 0,
+ DBUS_TYPE_UINT32, &mss,
+ DBUS_TYPE_STRING, &domain,
+ DBUS_TYPE_STRING, &banner, DBUS_TYPE_INVALID))
+ {
+ dbus_connection_send(this->conn, signal, NULL);
+ }
+ dbus_message_unref(signal);
+ }
+ else
+ {
+ set_state(this, NM_VPN_STATE_STOPPED);
+ }
+
+ dbus_connection_flush(this->conn);
+ return TRUE;
+}
+
+/**
+ * process NetworkManagers stopConnection method call
+ */
+static bool stop_connection(private_dbus_interface_t *this, DBusMessage* msg)
+{
+ u_int32_t id;
+ iterator_t *iterator;
+ ike_sa_t *ike_sa;
+
+ if (this->name == NULL)
+ {
+ return FALSE;
+ }
+
+ dbus_error_free(&this->err);
+
+ set_state(this, NM_VPN_STATE_STOPPING);
+
+ iterator = charon->interfaces->create_ike_sa_iterator(charon->interfaces);
+ while (iterator->iterate(iterator, (void**)&ike_sa))
+ {
+ child_sa_t *child_sa;
+ iterator_t *children;
+
+ if (this->name && streq(this->name, ike_sa->get_name(ike_sa)))
+ {
+ id = ike_sa->get_unique_id(ike_sa);
+ iterator->destroy(iterator);
+ charon->interfaces->terminate_ike(charon->interfaces, id, NULL, NULL);
+ set_state(this, NM_VPN_STATE_STOPPED);
+ return TRUE;;
+ }
+ children = ike_sa->create_child_sa_iterator(ike_sa);
+ while (children->iterate(children, (void**)&child_sa))
+ {
+ if (this->name && streq(this->name, child_sa->get_name(child_sa)))
+ {
+ id = child_sa->get_reqid(child_sa);
+ children->destroy(children);
+ iterator->destroy(iterator);
+ charon->interfaces->terminate_child(charon->interfaces, id, NULL, NULL);
+ set_state(this, NM_VPN_STATE_STOPPED);
+ return TRUE;
+ }
+ }
+ children->destroy(children);
+ }
+ iterator->destroy(iterator);
+ set_state(this, NM_VPN_STATE_STOPPED);
+ return TRUE;
+}
+
+/**
+ * process NetworkManagers getState method call
+ */
+static bool get_state(private_dbus_interface_t *this, DBusMessage* msg)
+{
+ DBusMessage* reply;
+ reply = dbus_message_new_method_return(msg);
+ if (!reply || !dbus_message_append_args(reply,
+ DBUS_TYPE_UINT32, &this->state,
+ DBUS_TYPE_INVALID))
+ {
+ return FALSE;
+ }
+ dbus_connection_send(this->conn, reply, NULL);
+ return TRUE;
+}
+
+/**
+ * Handle incoming messages
+ */
+static DBusHandlerResult message_handler(DBusConnection *con, DBusMessage *msg,
+ private_dbus_interface_t *this)
+{
+ bool handled;
+
+ if (dbus_message_is_method_call(msg, NM_DBUS_INTERFACE_STRONG,
+ "startConnection"))
+ {
+ handled = start_connection(this, msg);
+ }
+ else if (dbus_message_is_method_call(msg, NM_DBUS_INTERFACE_STRONG,
+ "stopConnection"))
+ {
+ handled = stop_connection(this, msg);
+ }
+ else if (dbus_message_is_method_call(msg, NM_DBUS_INTERFACE_STRONG,
+ "getState"))
+ {
+ handled = get_state(this, msg);
+ }
+ else
+ {
+ DBG1(DBG_CFG, "ignoring DBUS message %s.%s",
+ dbus_message_get_interface(msg), dbus_message_get_member(msg));
+ handled = FALSE;
+ }
+
+ if (handled)
+ {
+ return DBUS_HANDLER_RESULT_HANDLED;
+ }
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+}
+
+/**
+ * Handle received signals
+
+static DBusHandlerResult signal_handler(DBusConnection *con, DBusMessage *msg,
+ private_dbus_interface_t *this)
+{
+ bool handled;
+
+ if (dbus_message_is_signal(msg, NM_DBUS_INTERFACE, "VPNConnectionStateChange"))
+ {
+ NMVPNState state;
+ char *name;
+
+ if (dbus_message_get_args(msg, &this->err, DBUS_TYPE_STRING, &name,
+ DBUS_TYPE_UINT32, &state, DBUS_TYPE_INVALID))
+ {
+ DBG1(DBG_CFG, "got state %d for %s", state, name);
+ }
+ handled = TRUE;
+ }
+ else
+ {
+ DBG1(DBG_CFG, "ignoring DBUS signal %s.%s",
+ dbus_message_get_interface(msg), dbus_message_get_member(msg));
+ handled = FALSE;
+ }
+ if (handled)
+ {
+ return DBUS_HANDLER_RESULT_HANDLED;
+ }
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+} */
+
+/**
+ * dispatcher function processed by a seperate thread
+ */
+static void dispatch(private_dbus_interface_t *this)
+{
+ charon->drop_capabilities(charon, TRUE);
+
+ while (dbus_connection_read_write_dispatch(this->conn, -1))
+ {
+ /* nothing */
+ }
+}
+
+/**
+ * Implementation of interface_t.destroy.
+ */
+static void destroy(private_dbus_interface_t *this)
+{
+ pthread_cancel(this->thread);
+ pthread_join(this->thread, NULL);
+ dbus_connection_close(this->conn);
+ dbus_error_free(&this->err);
+ dbus_shutdown();
+ free(this->name);
+ free(this);
+}
+
+/*
+ * Described in header file
+ */
+interface_t *interface_create()
+{
+ int ret;
+ DBusObjectPathVTable v = {NULL, (void*)&message_handler, NULL, NULL, NULL, NULL};
+ private_dbus_interface_t *this = malloc_thing(private_dbus_interface_t);
+
+ this->public.interface.destroy = (void (*)(interface_t*))destroy;
+
+ dbus_error_init(&this->err);
+ this->conn = dbus_bus_get(DBUS_BUS_SYSTEM, &this->err);
+ if (dbus_error_is_set(&this->err))
+ {
+ DBG1(DBG_CFG, "unable to open DBUS connection: %s", this->err.message);
+ charon->kill(charon, "DBUS initialization failed");
+ }
+ dbus_connection_set_exit_on_disconnect(this->conn, FALSE);
+
+ ret = dbus_bus_request_name(this->conn, NM_DBUS_SERVICE_STRONG,
+ DBUS_NAME_FLAG_REPLACE_EXISTING , &this->err);
+ if (dbus_error_is_set(&this->err))
+ {
+ DBG1(DBG_CFG, "unable to set DBUS name: %s", this->err.message);
+ charon->kill(charon, "unable to set DBUS name");
+ }
+ if (ret != DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER)
+ {
+ charon->kill(charon, "DBUS name already owned");
+ }
+ if (!dbus_connection_register_object_path(this->conn, NM_DBUS_PATH_STRONG, &v, this))
+ {
+ charon->kill(charon, "unable to register DBUS message handler");
+ }
+ /*
+ if (!dbus_connection_add_filter(this->conn, (void*)signal_handler, this, NULL))
+ {
+ charon->kill(charon, "unable to register DBUS signal handler");
+ }
+
+ dbus_bus_add_match(this->conn, "type='signal', "
+ "interface='" NM_DBUS_INTERFACE_VPN "',"
+ "path='" NM_DBUS_PATH_VPN "'", &this->err);
+ if (dbus_error_is_set (&this->err))
+ {
+ charon->kill(charon, "unable to add DBUS signal match");
+ }*/
+
+ this->name = NULL;
+ this->state = NM_VPN_STATE_INIT;
+ set_state(this, NM_VPN_STATE_STOPPED);
+
+ if (pthread_create(&this->thread, NULL, (void*(*)(void*))dispatch, this) != 0)
+ {
+ charon->kill(charon, "unable to create stroke thread");
+ }
+
+ return &this->public.interface;
+}
+
diff --git a/src/charon/control/interfaces/dbus_interface.h b/src/charon/control/interfaces/dbus_interface.h
new file mode 100644
index 000000000..0ce57bbbc
--- /dev/null
+++ b/src/charon/control/interfaces/dbus_interface.h
@@ -0,0 +1,57 @@
+/**
+ * @file dbus_interface.h
+ *
+ * @brief Interface of dbus_interface_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef DBUS_INTERFACE_H_
+#define DBUS_INTERFACE_H_
+
+typedef struct dbus_interface_t dbus_interface_t;
+
+#include <control/interfaces/interface.h>
+
+/**
+ * @brief The DBUS interface uses the DBUS system bus to communicate.
+ *
+ * @b Constructors:
+ * - dbus_interface_create()
+ *
+ * @ingroup interfaces
+ */
+struct dbus_interface_t {
+
+ /**
+ * implements interface_t.
+ */
+ interface_t interface;
+};
+
+
+/**
+ * @brief Create the DBUS interface.
+ *
+ * @return stroke_t object
+ *
+ * @ingroup interfaces
+ */
+interface_t *interface_create();
+
+#endif /* DBUS_INTERFACE_H_ */
+
diff --git a/src/charon/control/interfaces/interface.h b/src/charon/control/interfaces/interface.h
new file mode 100644
index 000000000..955f4a4eb
--- /dev/null
+++ b/src/charon/control/interfaces/interface.h
@@ -0,0 +1,59 @@
+/**
+ * @file interface.h
+ *
+ * @brief Interface of interface_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef INTERFACE_H_
+#define INTERFACE_H_
+
+typedef struct interface_t interface_t;
+
+/**
+ * @brief Interface for a controller.
+ *
+ * An interface controls the daemon by calling functions on the
+ * interface_manager. All interfaces are manager by the interface_manager
+ * in a generic way, so they need their own class.
+ *
+ * @b Constructors:
+ * - interface_create() of one of the modules
+ *
+ * @ingroup interfaces
+ */
+struct interface_t {
+
+ /**
+ * @brief Destroy all interfaces
+ *
+ * @param this stroke_t objec to destroy
+ */
+ void (*destroy) (interface_t *this);
+};
+
+
+/**
+ * Constructor in a control interface module to create the interface.
+ *
+ * @ingroup interfaces
+ */
+typedef interface_t*(*interface_constructor_t)(void);
+
+#endif /* INTERFACE_H_ */
+
diff --git a/src/charon/control/interfaces/stroke_interface.c b/src/charon/control/interfaces/stroke_interface.c
new file mode 100755
index 000000000..6e3427e8e
--- /dev/null
+++ b/src/charon/control/interfaces/stroke_interface.c
@@ -0,0 +1,1728 @@
+/**
+ * @file stroke_interface.c
+ *
+ * @brief Implementation of stroke_interface_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006-2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/fcntl.h>
+#include <unistd.h>
+#include <dirent.h>
+#include <errno.h>
+#include <pthread.h>
+#include <signal.h>
+
+#include "stroke_interface.h"
+
+#include <library.h>
+#include <stroke.h>
+#include <daemon.h>
+#include <crypto/x509.h>
+#include <crypto/ca.h>
+#include <crypto/crl.h>
+#include <control/interface_manager.h>
+#include <control/interfaces/interface.h>
+#include <utils/leak_detective.h>
+
+#define IKE_PORT 500
+#define PATH_BUF 256
+#define STROKE_THREADS 3
+
+struct sockaddr_un socket_addr = { AF_UNIX, STROKE_SOCKET};
+
+
+typedef struct private_stroke_interface_t private_stroke_interface_t;
+
+/**
+ * Private data of an stroke_interfacet object.
+ */
+struct private_stroke_interface_t {
+
+ /**
+ * Public part of stroke_interfacet object.
+ */
+ stroke_interface_t public;
+
+ /**
+ * Unix socket to listen for strokes
+ */
+ int socket;
+
+ /**
+ * Thread which reads from the Socket
+ */
+ pthread_t threads[STROKE_THREADS];
+};
+
+typedef struct stroke_log_info_t stroke_log_info_t;
+
+/**
+ * helper struct to say what and where to log when using controller callback
+ */
+struct stroke_log_info_t {
+
+ /**
+ * level to log up to
+ */
+ level_t level;
+
+ /**
+ * where to write log
+ */
+ FILE* out;
+};
+
+/**
+ * Helper function which corrects the string pointers
+ * in a stroke_msg_t. Strings in a stroke_msg sent over "wire"
+ * contains RELATIVE addresses (relative to the beginning of the
+ * stroke_msg). They must be corrected if they reach our address
+ * space...
+ */
+static void pop_string(stroke_msg_t *msg, char **string)
+{
+ if (*string == NULL)
+ return;
+
+ /* check for sanity of string pointer and string */
+ if (string < (char**)msg
+ || string > (char**)msg + sizeof(stroke_msg_t)
+ || (unsigned long)*string < (unsigned long)((char*)msg->buffer - (char*)msg)
+ || (unsigned long)*string > msg->length)
+ {
+ *string = "(invalid pointer in stroke msg)";
+ }
+ else
+ {
+ *string = (char*)msg + (unsigned long)*string;
+ }
+}
+
+/**
+ * Load end entitity certificate
+ */
+static x509_t* load_end_certificate(const char *filename, identification_t **idp)
+{
+ char path[PATH_BUF];
+ x509_t *cert;
+
+ if (*filename == '/')
+ {
+ /* absolute path name */
+ snprintf(path, sizeof(path), "%s", filename);
+ }
+ else
+ {
+ /* relative path name */
+ snprintf(path, sizeof(path), "%s/%s", CERTIFICATE_DIR, filename);
+ }
+
+ cert = x509_create_from_file(path, "end entity");
+
+ if (cert)
+ {
+ identification_t *id = *idp;
+ identification_t *subject = cert->get_subject(cert);
+
+ err_t ugh = cert->is_valid(cert, NULL);
+
+ if (ugh != NULL)
+ {
+ DBG1(DBG_CFG, "warning: certificate %s", ugh);
+ }
+ if (!id->equals(id, subject) && !cert->equals_subjectAltName(cert, id))
+ {
+ id->destroy(id);
+ id = subject;
+ *idp = id->clone(id);
+ }
+ return charon->credentials->add_end_certificate(charon->credentials, cert);
+ }
+ return NULL;
+}
+
+/**
+ * Load ca certificate
+ */
+static x509_t* load_ca_certificate(const char *filename)
+{
+ char path[PATH_BUF];
+ x509_t *cert;
+
+ if (*filename == '/')
+ {
+ /* absolute path name */
+ snprintf(path, sizeof(path), "%s", filename);
+ }
+ else
+ {
+ /* relative path name */
+ snprintf(path, sizeof(path), "%s/%s", CA_CERTIFICATE_DIR, filename);
+ }
+
+ cert = x509_create_from_file(path, "ca");
+
+ if (cert)
+ {
+ if (cert->is_ca(cert))
+ {
+ return charon->credentials->add_auth_certificate(charon->credentials, cert, AUTH_CA);
+ }
+ else
+ {
+ DBG1(DBG_CFG, " CA basic constraints flag not set, cert discarded");
+ cert->destroy(cert);
+ }
+ }
+ return NULL;
+}
+
+/**
+ * Pop the strings of a stroke_end_t struct and log them for debugging purposes
+ */
+static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end)
+{
+ pop_string(msg, &end->address);
+ pop_string(msg, &end->subnet);
+ pop_string(msg, &end->sourceip);
+ pop_string(msg, &end->id);
+ pop_string(msg, &end->cert);
+ pop_string(msg, &end->ca);
+ pop_string(msg, &end->groups);
+ pop_string(msg, &end->updown);
+
+ DBG2(DBG_CFG, " %s=%s", label, end->address);
+ DBG2(DBG_CFG, " %ssubnet=%s", label, end->subnet);
+ DBG2(DBG_CFG, " %ssourceip=%s", label, end->sourceip);
+ DBG2(DBG_CFG, " %sid=%s", label, end->id);
+ DBG2(DBG_CFG, " %scert=%s", label, end->cert);
+ DBG2(DBG_CFG, " %sca=%s", label, end->ca);
+ DBG2(DBG_CFG, " %sgroups=%s", label, end->groups);
+ DBG2(DBG_CFG, " %supdown=%s", label, end->updown);
+}
+
+/**
+ * Add a connection to the configuration list
+ */
+static void stroke_add_conn(private_stroke_interface_t *this,
+ stroke_msg_t *msg, FILE *out)
+{
+ ike_cfg_t *ike_cfg;
+ peer_cfg_t *peer_cfg;
+ child_cfg_t *child_cfg;
+ identification_t *my_id, *other_id;
+ identification_t *my_ca = NULL;
+ identification_t *other_ca = NULL;
+ bool my_ca_same = FALSE;
+ bool other_ca_same =FALSE;
+ host_t *my_host, *other_host, *my_subnet, *other_subnet;
+ host_t *my_vip = NULL, *other_vip = NULL;
+ proposal_t *proposal;
+ traffic_selector_t *my_ts, *other_ts;
+ char *interface;
+ bool use_existing = FALSE;
+ iterator_t *iterator;
+
+ pop_string(msg, &msg->add_conn.name);
+ DBG1(DBG_CFG, "received stroke: add connection '%s'", msg->add_conn.name);
+ DBG2(DBG_CFG, "conn %s", msg->add_conn.name);
+ pop_end(msg, "left", &msg->add_conn.me);
+ pop_end(msg, "right", &msg->add_conn.other);
+ pop_string(msg, &msg->add_conn.algorithms.ike);
+ pop_string(msg, &msg->add_conn.algorithms.esp);
+ DBG2(DBG_CFG, " ike=%s", msg->add_conn.algorithms.ike);
+ DBG2(DBG_CFG, " esp=%s", msg->add_conn.algorithms.esp);
+
+ my_host = msg->add_conn.me.address?
+ host_create_from_string(msg->add_conn.me.address, IKE_PORT) : NULL;
+ if (my_host == NULL)
+ {
+ DBG1(DBG_CFG, "invalid host: %s\n", msg->add_conn.me.address);
+ return;
+ }
+
+ other_host = msg->add_conn.other.address ?
+ host_create_from_string(msg->add_conn.other.address, IKE_PORT) : NULL;
+ if (other_host == NULL)
+ {
+ DBG1(DBG_CFG, "invalid host: %s\n", msg->add_conn.other.address);
+ my_host->destroy(my_host);
+ return;
+ }
+
+ interface = charon->kernel_interface->get_interface(charon->kernel_interface,
+ other_host);
+ if (interface)
+ {
+ stroke_end_t tmp_end;
+ host_t *tmp_host;
+
+ DBG2(DBG_CFG, "left is other host, swapping ends\n");
+
+ tmp_host = my_host;
+ my_host = other_host;
+ other_host = tmp_host;
+
+ tmp_end = msg->add_conn.me;
+ msg->add_conn.me = msg->add_conn.other;
+ msg->add_conn.other = tmp_end;
+ free(interface);
+ }
+ if (!interface)
+ {
+ interface = charon->kernel_interface->get_interface(
+ charon->kernel_interface, my_host);
+ if (!interface)
+ {
+ DBG1(DBG_CFG, "left nor right host is our side, aborting\n");
+ goto destroy_hosts;
+ }
+ free(interface);
+ }
+
+ my_id = identification_create_from_string(msg->add_conn.me.id ?
+ msg->add_conn.me.id : msg->add_conn.me.address);
+ if (my_id == NULL)
+ {
+ DBG1(DBG_CFG, "invalid ID: %s\n", msg->add_conn.me.id);
+ goto destroy_hosts;
+ }
+
+ other_id = identification_create_from_string(msg->add_conn.other.id ?
+ msg->add_conn.other.id : msg->add_conn.other.address);
+ if (other_id == NULL)
+ {
+ DBG1(DBG_CFG, "invalid ID: %s\n", msg->add_conn.other.id);
+ my_id->destroy(my_id);
+ goto destroy_hosts;
+ }
+
+ my_subnet = host_create_from_string(msg->add_conn.me.subnet ?
+ msg->add_conn.me.subnet : msg->add_conn.me.address, IKE_PORT);
+ if (my_subnet == NULL)
+ {
+ DBG1(DBG_CFG, "invalid subnet: %s\n", msg->add_conn.me.subnet);
+ goto destroy_ids;
+ }
+
+ other_subnet = host_create_from_string(msg->add_conn.other.subnet ?
+ msg->add_conn.other.subnet : msg->add_conn.other.address, IKE_PORT);
+ if (other_subnet == NULL)
+ {
+ DBG1(DBG_CFG, "invalid subnet: %s\n", msg->add_conn.me.subnet);
+ my_subnet->destroy(my_subnet);
+ goto destroy_ids;
+ }
+
+ if (msg->add_conn.me.virtual_ip)
+ {
+ my_vip = host_create_from_string(msg->add_conn.me.sourceip, 0);
+ }
+ if (msg->add_conn.other.virtual_ip)
+ {
+ other_vip = host_create_from_string(msg->add_conn.other.sourceip, 0);
+ }
+
+ if (msg->add_conn.me.tohost)
+ {
+ my_ts = traffic_selector_create_dynamic(msg->add_conn.me.protocol,
+ my_host->get_family(my_host) == AF_INET ?
+ TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE,
+ msg->add_conn.me.port ? msg->add_conn.me.port : 0,
+ msg->add_conn.me.port ? msg->add_conn.me.port : 65535);
+ }
+ else
+ {
+ my_ts = traffic_selector_create_from_subnet(my_subnet,
+ msg->add_conn.me.subnet ? msg->add_conn.me.subnet_mask : 0,
+ msg->add_conn.me.protocol, msg->add_conn.me.port);
+ }
+ my_subnet->destroy(my_subnet);
+
+ if (msg->add_conn.other.tohost)
+ {
+ other_ts = traffic_selector_create_dynamic(msg->add_conn.other.protocol,
+ other_host->get_family(other_host) == AF_INET ?
+ TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE,
+ msg->add_conn.other.port ? msg->add_conn.other.port : 0,
+ msg->add_conn.other.port ? msg->add_conn.other.port : 65535);
+ }
+ else
+ {
+ other_ts = traffic_selector_create_from_subnet(other_subnet,
+ msg->add_conn.other.subnet ? msg->add_conn.other.subnet_mask : 0,
+ msg->add_conn.other.protocol, msg->add_conn.other.port);
+ }
+ other_subnet->destroy(other_subnet);
+
+ if (msg->add_conn.me.ca)
+ {
+ if (streq(msg->add_conn.me.ca, "%same"))
+ {
+ my_ca_same = TRUE;
+ }
+ else
+ {
+ my_ca = identification_create_from_string(msg->add_conn.me.ca);
+ }
+ }
+ if (msg->add_conn.other.ca)
+ {
+ if (streq(msg->add_conn.other.ca, "%same"))
+ {
+ other_ca_same = TRUE;
+ }
+ else
+ {
+ other_ca = identification_create_from_string(msg->add_conn.other.ca);
+ }
+ }
+ if (msg->add_conn.me.cert)
+ {
+ x509_t *cert = load_end_certificate(msg->add_conn.me.cert, &my_id);
+
+ if (cert)
+ {
+ ca_info_t *ca_info;
+
+ if (cert->is_self_signed(cert))
+ {
+ /* a self-signed certificate is its own ca */
+ ca_info = ca_info_create(NULL, cert);
+ ca_info = charon->credentials->add_ca_info(charon->credentials, ca_info);
+ cert->set_ca_info(cert, ca_info);
+ }
+ else
+ {
+ /* get_issuer() automatically sets cert->ca_info */
+ ca_info = charon->credentials->get_issuer(charon->credentials, cert);
+ }
+ if (my_ca == NULL && !my_ca_same)
+ {
+ identification_t *issuer = cert->get_issuer(cert);
+
+ my_ca = issuer->clone(issuer);
+ }
+ }
+ }
+ if (msg->add_conn.other.cert)
+ {
+ x509_t *cert = load_end_certificate(msg->add_conn.other.cert, &other_id);
+
+ if (cert)
+ {
+ ca_info_t *ca_info;
+
+ if (cert->is_self_signed(cert))
+ {
+ /* a self-signed certificate is its own ca */
+ ca_info = ca_info_create(NULL, cert);
+ ca_info = charon->credentials->add_ca_info(charon->credentials, ca_info);
+ cert->set_ca_info(cert, ca_info);
+ }
+ else
+ {
+ /* get_issuer() automatically sets cert->ca_info */
+ ca_info = charon->credentials->get_issuer(charon->credentials, cert);
+ }
+ if (other_ca == NULL && !other_ca_same)
+ {
+ identification_t *issuer = cert->get_issuer(cert);
+
+ other_ca = issuer->clone(issuer);
+ }
+ }
+ }
+ if (other_ca_same && my_ca)
+ {
+ other_ca = my_ca->clone(my_ca);
+ }
+ else if (my_ca_same && other_ca)
+ {
+ my_ca = other_ca->clone(other_ca);
+ }
+ if (my_ca == NULL)
+ {
+ my_ca = identification_create_from_string("%any");
+ }
+ if (other_ca == NULL)
+ {
+ other_ca = identification_create_from_string("%any");
+ }
+ DBG2(DBG_CFG, " my ca: '%D'", my_ca);
+ DBG2(DBG_CFG, " other ca:'%D'", other_ca);
+
+ /* have a look for an (almost) identical peer config to reuse */
+ iterator = charon->backends->create_iterator(charon->backends);
+ while (iterator->iterate(iterator, (void**)&peer_cfg))
+ {
+ ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
+ if (my_id->equals(my_id, peer_cfg->get_my_id(peer_cfg))
+ && other_id->equals(other_id, peer_cfg->get_other_id(peer_cfg))
+ && my_host->equals(my_host, ike_cfg->get_my_host(ike_cfg))
+ && other_host->equals(other_host, ike_cfg->get_other_host(ike_cfg))
+ && other_ca->equals(other_ca, peer_cfg->get_other_ca(peer_cfg))
+ && peer_cfg->get_ike_version(peer_cfg) == (msg->add_conn.ikev2 ? 2 : 1)
+ && peer_cfg->get_auth_method(peer_cfg) == msg->add_conn.auth_method
+ && peer_cfg->get_eap_type(peer_cfg) == msg->add_conn.eap_type)
+ {
+ DBG1(DBG_CFG, "reusing existing configuration '%s'",
+ peer_cfg->get_name(peer_cfg));
+ use_existing = TRUE;
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+
+ if (use_existing)
+ {
+ DESTROY_IF(my_vip);
+ DESTROY_IF(other_vip);
+ my_host->destroy(my_host);
+ my_id->destroy(my_id);
+ my_ca->destroy(my_ca);
+ other_host->destroy(other_host);
+ other_id->destroy(other_id);
+ other_ca->destroy(other_ca);
+ }
+ else
+ {
+ ike_cfg = ike_cfg_create(msg->add_conn.other.sendcert != CERT_NEVER_SEND,
+ my_host, other_host);
+
+ if (msg->add_conn.algorithms.ike)
+ {
+ char *proposal_string;
+ char *strict = msg->add_conn.algorithms.ike + strlen(msg->add_conn.algorithms.ike) - 1;
+
+ if (*strict == '!')
+ *strict = '\0';
+ else
+ strict = NULL;
+
+ while ((proposal_string = strsep(&msg->add_conn.algorithms.ike, ",")))
+ {
+ proposal = proposal_create_from_string(PROTO_IKE, proposal_string);
+ if (proposal == NULL)
+ {
+ DBG1(DBG_CFG, "invalid IKE proposal string: %s", proposal_string);
+ my_id->destroy(my_id);
+ other_id->destroy(other_id);
+ my_ts->destroy(my_ts);
+ other_ts->destroy(other_ts);
+ my_ca->destroy(my_ca);
+ other_ca->destroy(other_ca);
+ ike_cfg->destroy(ike_cfg);
+ return;
+ }
+ ike_cfg->add_proposal(ike_cfg, proposal);
+ }
+ if (!strict)
+ {
+ proposal = proposal_create_default(PROTO_IKE);
+ ike_cfg->add_proposal(ike_cfg, proposal);
+ }
+ }
+ else
+ {
+ proposal = proposal_create_default(PROTO_IKE);
+ ike_cfg->add_proposal(ike_cfg, proposal);
+ }
+
+
+ peer_cfg = peer_cfg_create(msg->add_conn.name, msg->add_conn.ikev2 ? 2 : 1,
+ ike_cfg, my_id, other_id, my_ca, other_ca, msg->add_conn.me.sendcert,
+ msg->add_conn.auth_method, msg->add_conn.eap_type,
+ msg->add_conn.rekey.tries, msg->add_conn.rekey.ike_lifetime,
+ msg->add_conn.rekey.ike_lifetime - msg->add_conn.rekey.margin,
+ msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100,
+ msg->add_conn.rekey.reauth, msg->add_conn.dpd.delay,
+ msg->add_conn.dpd.action,my_vip, other_vip);
+ }
+
+ child_cfg = child_cfg_create(
+ msg->add_conn.name, msg->add_conn.rekey.ipsec_lifetime,
+ msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin,
+ msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100,
+ msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
+ msg->add_conn.mode);
+
+ peer_cfg->add_child_cfg(peer_cfg, child_cfg);
+
+ child_cfg->add_traffic_selector(child_cfg, TRUE, my_ts);
+ child_cfg->add_traffic_selector(child_cfg, FALSE, other_ts);
+
+ if (msg->add_conn.algorithms.esp)
+ {
+ char *proposal_string;
+ char *strict = msg->add_conn.algorithms.esp + strlen(msg->add_conn.algorithms.esp) - 1;
+
+ if (*strict == '!')
+ *strict = '\0';
+ else
+ strict = NULL;
+
+ while ((proposal_string = strsep(&msg->add_conn.algorithms.esp, ",")))
+ {
+ proposal = proposal_create_from_string(PROTO_ESP, proposal_string);
+ if (proposal == NULL)
+ {
+ DBG1(DBG_CFG, "invalid ESP proposal string: %s", proposal_string);
+ peer_cfg->destroy(peer_cfg);
+ return;
+ }
+ child_cfg->add_proposal(child_cfg, proposal);
+ }
+ if (!strict)
+ {
+ proposal = proposal_create_default(PROTO_ESP);
+ child_cfg->add_proposal(child_cfg, proposal);
+ }
+ }
+ else
+ {
+ proposal = proposal_create_default(PROTO_ESP);
+ child_cfg->add_proposal(child_cfg, proposal);
+ }
+
+ if (!use_existing)
+ {
+ /* add config to backend */
+ charon->backends->add_peer_cfg(charon->backends, peer_cfg);
+ DBG1(DBG_CFG, "added configuration '%s': %H[%D]...%H[%D]",
+ msg->add_conn.name, my_host, my_id, other_host, other_id);
+ }
+ return;
+
+ /* mopping up after parsing errors */
+
+destroy_ids:
+ my_id->destroy(my_id);
+ other_id->destroy(other_id);
+
+destroy_hosts:
+ my_host->destroy(my_host);
+ other_host->destroy(other_host);
+}
+
+/**
+ * Delete a connection from the list
+ */
+static void stroke_del_conn(private_stroke_interface_t *this,
+ stroke_msg_t *msg, FILE *out)
+{
+ iterator_t *peer_iter, *child_iter;
+ peer_cfg_t *peer, *child;
+
+ pop_string(msg, &(msg->del_conn.name));
+ DBG1(DBG_CFG, "received stroke: delete connection '%s'", msg->del_conn.name);
+
+ peer_iter = charon->backends->create_iterator(charon->backends);
+ while (peer_iter->iterate(peer_iter, (void**)&peer))
+ {
+ /* remove peer config with such a name */
+ if (streq(peer->get_name(peer), msg->del_conn.name))
+ {
+ peer_iter->remove(peer_iter);
+ peer->destroy(peer);
+ continue;
+ }
+ /* remove any child with such a name */
+ child_iter = peer->create_child_cfg_iterator(peer);
+ while (child_iter->iterate(child_iter, (void**)&child))
+ {
+ if (streq(child->get_name(child), msg->del_conn.name))
+ {
+ child_iter->remove(child_iter);
+ child->destroy(child);
+ }
+ }
+ child_iter->destroy(child_iter);
+ }
+ peer_iter->destroy(peer_iter);
+
+ fprintf(out, "deleted connection '%s'\n", msg->del_conn.name);
+}
+
+/**
+ * get the child_cfg with the same name as the peer cfg
+ */
+static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name)
+{
+ child_cfg_t *current, *found = NULL;
+ iterator_t *iterator;
+
+ iterator = peer_cfg->create_child_cfg_iterator(peer_cfg);
+ while (iterator->iterate(iterator, (void**)&current))
+ {
+ if (streq(current->get_name(current), name))
+ {
+ found = current;
+ found->get_ref(found);
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+ return found;
+}
+
+/**
+ * logging to the stroke interface
+ */
+static bool stroke_log(stroke_log_info_t *info, signal_t signal, level_t level,
+ ike_sa_t *ike_sa, char *format, va_list args)
+{
+ if (level <= info->level)
+ {
+ if (vfprintf(info->out, format, args) < 0 ||
+ fprintf(info->out, "\n") < 0 ||
+ fflush(info->out) != 0)
+ {
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
+
+/**
+ * get a peer configuration by its name, or a name of its children
+ */
+static peer_cfg_t *get_peer_cfg_by_name(char *name)
+{
+ iterator_t *i1, *i2;
+ peer_cfg_t *current, *found = NULL;
+ child_cfg_t *child;
+
+ i1 = charon->backends->create_iterator(charon->backends);
+ while (i1->iterate(i1, (void**)&current))
+ {
+ /* compare peer_cfgs name first */
+ if (streq(current->get_name(current), name))
+ {
+ found = current;
+ found->get_ref(found);
+ break;
+ }
+ /* compare all child_cfg names otherwise */
+ i2 = current->create_child_cfg_iterator(current);
+ while (i2->iterate(i2, (void**)&child))
+ {
+ if (streq(child->get_name(child), name))
+ {
+ found = current;
+ found->get_ref(found);
+ break;
+ }
+ }
+ i2->destroy(i2);
+ if (found)
+ {
+ break;
+ }
+ }
+ i1->destroy(i1);
+ return found;
+}
+
+/**
+ * initiate a connection by name
+ */
+static void stroke_initiate(private_stroke_interface_t *this,
+ stroke_msg_t *msg, FILE *out)
+{
+ peer_cfg_t *peer_cfg;
+ child_cfg_t *child_cfg;
+ stroke_log_info_t info;
+
+ pop_string(msg, &(msg->initiate.name));
+ DBG1(DBG_CFG, "received stroke: initiate '%s'", msg->initiate.name);
+
+ peer_cfg = get_peer_cfg_by_name(msg->initiate.name);
+ if (peer_cfg == NULL)
+ {
+ fprintf(out, "no config named '%s'\n", msg->initiate.name);
+ return;
+ }
+ if (peer_cfg->get_ike_version(peer_cfg) != 2)
+ {
+ DBG1(DBG_CFG, "ignoring initiation request for IKEv%d config",
+ peer_cfg->get_ike_version(peer_cfg));
+ peer_cfg->destroy(peer_cfg);
+ return;
+ }
+
+ child_cfg = get_child_from_peer(peer_cfg, msg->initiate.name);
+ if (child_cfg == NULL)
+ {
+ fprintf(out, "no child config named '%s'\n", msg->initiate.name);
+ peer_cfg->destroy(peer_cfg);
+ return;
+ }
+
+ info.out = out;
+ info.level = msg->output_verbosity;
+
+ charon->interfaces->initiate(charon->interfaces, peer_cfg, child_cfg,
+ (interface_manager_cb_t)stroke_log, &info);
+}
+
+/**
+ * route a policy (install SPD entries)
+ */
+static void stroke_route(private_stroke_interface_t *this,
+ stroke_msg_t *msg, FILE *out)
+{
+ peer_cfg_t *peer_cfg;
+ child_cfg_t *child_cfg;
+ stroke_log_info_t info;
+
+ pop_string(msg, &(msg->route.name));
+ DBG1(DBG_CFG, "received stroke: route '%s'", msg->route.name);
+
+ peer_cfg = get_peer_cfg_by_name(msg->route.name);
+ if (peer_cfg == NULL)
+ {
+ fprintf(out, "no config named '%s'\n", msg->route.name);
+ return;
+ }
+ if (peer_cfg->get_ike_version(peer_cfg) != 2)
+ {
+ peer_cfg->destroy(peer_cfg);
+ return;
+ }
+
+ child_cfg = get_child_from_peer(peer_cfg, msg->route.name);
+ if (child_cfg == NULL)
+ {
+ fprintf(out, "no child config named '%s'\n", msg->route.name);
+ peer_cfg->destroy(peer_cfg);
+ return;
+ }
+
+ info.out = out;
+ info.level = msg->output_verbosity;
+ charon->interfaces->route(charon->interfaces, peer_cfg, child_cfg,
+ (interface_manager_cb_t)stroke_log, &info);
+ peer_cfg->destroy(peer_cfg);
+ child_cfg->destroy(child_cfg);
+}
+
+/**
+ * unroute a policy
+ */
+static void stroke_unroute(private_stroke_interface_t *this,
+ stroke_msg_t *msg, FILE *out)
+{
+ char *name;
+ ike_sa_t *ike_sa;
+ iterator_t *iterator;
+ stroke_log_info_t info;
+
+ pop_string(msg, &(msg->terminate.name));
+ name = msg->terminate.name;
+
+ info.out = out;
+ info.level = msg->output_verbosity;
+
+ iterator = charon->interfaces->create_ike_sa_iterator(charon->interfaces);
+ while (iterator->iterate(iterator, (void**)&ike_sa))
+ {
+ child_sa_t *child_sa;
+ iterator_t *children;
+ u_int32_t id;
+
+ children = ike_sa->create_child_sa_iterator(ike_sa);
+ while (children->iterate(children, (void**)&child_sa))
+ {
+ if (child_sa->get_state(child_sa) == CHILD_ROUTED &&
+ streq(name, child_sa->get_name(child_sa)))
+ {
+ id = child_sa->get_reqid(child_sa);
+ children->destroy(children);
+ iterator->destroy(iterator);
+ charon->interfaces->unroute(charon->interfaces, id,
+ (interface_manager_cb_t)stroke_log, &info);
+ return;
+ }
+ }
+ children->destroy(children);
+ }
+ iterator->destroy(iterator);
+ DBG1(DBG_CFG, "no such SA found");
+}
+
+/**
+ * terminate a connection by name
+ */
+static void stroke_terminate(private_stroke_interface_t *this,
+ stroke_msg_t *msg, FILE *out)
+{
+ char *string, *pos = NULL, *name = NULL;
+ u_int32_t id = 0;
+ bool child;
+ int len;
+ ike_sa_t *ike_sa;
+ iterator_t *iterator;
+ stroke_log_info_t info;
+
+ pop_string(msg, &(msg->terminate.name));
+ string = msg->terminate.name;
+ DBG1(DBG_CFG, "received stroke: terminate '%s'", string);
+
+ len = strlen(string);
+ if (len < 1)
+ {
+ DBG1(DBG_CFG, "error parsing string");
+ return;
+ }
+ switch (string[len-1])
+ {
+ case '}':
+ child = TRUE;
+ pos = strchr(string, '{');
+ break;
+ case ']':
+ child = FALSE;
+ pos = strchr(string, '[');
+ break;
+ default:
+ name = string;
+ child = FALSE;
+ break;
+ }
+
+ if (name)
+ {
+ /* is a single name */
+ }
+ else if (pos == string + len - 2)
+ { /* is name[] or name{} */
+ string[len-2] = '\0';
+ name = string;
+ }
+ else
+ { /* is name[123] or name{23} */
+ string[len-1] = '\0';
+ id = atoi(pos + 1);
+ if (id == 0)
+ {
+ DBG1(DBG_CFG, "error parsing string");
+ return;
+ }
+ }
+
+ info.out = out;
+ info.level = msg->output_verbosity;
+
+ iterator = charon->interfaces->create_ike_sa_iterator(charon->interfaces);
+ while (iterator->iterate(iterator, (void**)&ike_sa))
+ {
+ child_sa_t *child_sa;
+ iterator_t *children;
+
+ if (child)
+ {
+ children = ike_sa->create_child_sa_iterator(ike_sa);
+ while (children->iterate(children, (void**)&child_sa))
+ {
+ if ((name && streq(name, child_sa->get_name(child_sa))) ||
+ (id && id == child_sa->get_reqid(child_sa)))
+ {
+ id = child_sa->get_reqid(child_sa);
+ children->destroy(children);
+ iterator->destroy(iterator);
+
+ charon->interfaces->terminate_child(charon->interfaces, id,
+ (interface_manager_cb_t)stroke_log, &info);
+ return;
+ }
+ }
+ children->destroy(children);
+ }
+ else if ((name && streq(name, ike_sa->get_name(ike_sa))) ||
+ (id && id == ike_sa->get_unique_id(ike_sa)))
+ {
+ id = ike_sa->get_unique_id(ike_sa);
+ /* unlock manager first */
+ iterator->destroy(iterator);
+
+ charon->interfaces->terminate_ike(charon->interfaces, id,
+ (interface_manager_cb_t)stroke_log, &info);
+ return;
+ }
+
+ }
+ iterator->destroy(iterator);
+ DBG1(DBG_CFG, "no such SA found");
+}
+
+/**
+ * Add a ca information record to the cainfo list
+ */
+static void stroke_add_ca(private_stroke_interface_t *this,
+ stroke_msg_t *msg, FILE *out)
+{
+ x509_t *cacert;
+ ca_info_t *ca_info;
+
+ pop_string(msg, &msg->add_ca.name);
+ pop_string(msg, &msg->add_ca.cacert);
+ pop_string(msg, &msg->add_ca.crluri);
+ pop_string(msg, &msg->add_ca.crluri2);
+ pop_string(msg, &msg->add_ca.ocspuri);
+ pop_string(msg, &msg->add_ca.ocspuri2);
+
+ DBG1(DBG_CFG, "received stroke: add ca '%s'", msg->add_ca.name);
+
+ DBG2(DBG_CFG, "ca %s", msg->add_ca.name);
+ DBG2(DBG_CFG, " cacert=%s", msg->add_ca.cacert);
+ DBG2(DBG_CFG, " crluri=%s", msg->add_ca.crluri);
+ DBG2(DBG_CFG, " crluri2=%s", msg->add_ca.crluri2);
+ DBG2(DBG_CFG, " ocspuri=%s", msg->add_ca.ocspuri);
+ DBG2(DBG_CFG, " ocspuri2=%s", msg->add_ca.ocspuri2);
+
+ if (msg->add_ca.cacert == NULL)
+ {
+ DBG1(DBG_CFG, "missing cacert parameter\n");
+ return;
+ }
+
+ cacert = load_ca_certificate(msg->add_ca.cacert);
+
+ if (cacert == NULL)
+ {
+ return;
+ }
+ ca_info = ca_info_create(msg->add_ca.name, cacert);
+
+ if (msg->add_ca.crluri)
+ {
+ chunk_t uri = { msg->add_ca.crluri, strlen(msg->add_ca.crluri) };
+
+ ca_info->add_crluri(ca_info, uri);
+ }
+ if (msg->add_ca.crluri2)
+ {
+ chunk_t uri = { msg->add_ca.crluri2, strlen(msg->add_ca.crluri2) };
+
+ ca_info->add_crluri(ca_info, uri);
+ }
+ if (msg->add_ca.ocspuri)
+ {
+ chunk_t uri = { msg->add_ca.ocspuri, strlen(msg->add_ca.ocspuri) };
+
+ ca_info->add_ocspuri(ca_info, uri);
+ }
+ if (msg->add_ca.ocspuri2)
+ {
+ chunk_t uri = { msg->add_ca.ocspuri2, strlen(msg->add_ca.ocspuri2) };
+
+ ca_info->add_ocspuri(ca_info, uri);
+ }
+ charon->credentials->add_ca_info(charon->credentials, ca_info);
+ DBG1(DBG_CFG, "added ca '%s'", msg->add_ca.name);
+
+}
+
+/**
+ * Delete a ca information record from the cainfo list
+ */
+static void stroke_del_ca(private_stroke_interface_t *this,
+ stroke_msg_t *msg, FILE *out)
+{
+ status_t status;
+
+ pop_string(msg, &(msg->del_ca.name));
+ DBG1(DBG_CFG, "received stroke: delete ca '%s'", msg->del_ca.name);
+
+ status = charon->credentials->release_ca_info(charon->credentials,
+ msg->del_ca.name);
+
+ if (status == SUCCESS)
+ {
+ fprintf(out, "deleted ca '%s'\n", msg->del_ca.name);
+ }
+ else
+ {
+ fprintf(out, "no ca named '%s'\n", msg->del_ca.name);
+ }
+}
+
+/**
+ * log an IKE_SA to out
+ */
+static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all)
+{
+ peer_cfg_t *cfg = ike_sa->get_peer_cfg(ike_sa);
+ ike_sa_id_t *id = ike_sa->get_id(ike_sa);
+ u_int32_t next, now = time(NULL);
+
+ fprintf(out, "%12s[%d]: %N, %H[%D]...%H[%D]\n",
+ ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
+ ike_sa_state_names, ike_sa->get_state(ike_sa),
+ ike_sa->get_my_host(ike_sa), ike_sa->get_my_id(ike_sa),
+ ike_sa->get_other_host(ike_sa), ike_sa->get_other_id(ike_sa));
+
+ if (all)
+ {
+ fprintf(out, "%12s[%d]: IKE SPIs: 0x%0llx_i%s 0x%0llx_r%s, ",
+ ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
+ id->get_initiator_spi(id), id->is_initiator(id) ? "*" : "",
+ id->get_responder_spi(id), id->is_initiator(id) ? "" : "");
+
+ ike_sa->get_stats(ike_sa, &next);
+ if (next)
+ {
+ fprintf(out, "%s in %V\n", cfg->use_reauth(cfg) ?
+ "reauthentication" : "rekeying", &now, &next);
+ }
+ else
+ {
+ fprintf(out, "rekeying disabled\n");
+ }
+ }
+}
+
+/**
+ * log an CHILD_SA to out
+ */
+static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
+{
+ u_int32_t rekey, now = time(NULL);
+ u_int32_t use_in, use_out, use_fwd;
+ encryption_algorithm_t encr_alg;
+ integrity_algorithm_t int_alg;
+ size_t encr_len, int_len;
+ mode_t mode;
+
+ child_sa->get_stats(child_sa, &mode, &encr_alg, &encr_len,
+ &int_alg, &int_len, &rekey, &use_in, &use_out,
+ &use_fwd);
+
+ fprintf(out, "%12s{%d}: %N, %N",
+ child_sa->get_name(child_sa), child_sa->get_reqid(child_sa),
+ child_sa_state_names, child_sa->get_state(child_sa),
+ mode_names, mode);
+
+ if (child_sa->get_state(child_sa) == CHILD_INSTALLED)
+ {
+ fprintf(out, ", %N SPIs: 0x%0x_i 0x%0x_o",
+ protocol_id_names, child_sa->get_protocol(child_sa),
+ htonl(child_sa->get_spi(child_sa, TRUE)),
+ htonl(child_sa->get_spi(child_sa, FALSE)));
+
+ if (all)
+ {
+ fprintf(out, "\n%12s{%d}: ", child_sa->get_name(child_sa),
+ child_sa->get_reqid(child_sa));
+
+
+ if (child_sa->get_protocol(child_sa) == PROTO_ESP)
+ {
+ fprintf(out, "%N", encryption_algorithm_names, encr_alg);
+
+ if (encr_len)
+ {
+ fprintf(out, "-%d", encr_len);
+ }
+ fprintf(out, "/");
+ }
+
+ fprintf(out, "%N", integrity_algorithm_names, int_alg);
+ if (int_len)
+ {
+ fprintf(out, "-%d", int_len);
+ }
+ fprintf(out, ", rekeying ");
+
+ if (rekey)
+ {
+ fprintf(out, "in %V", &now, &rekey);
+ }
+ else
+ {
+ fprintf(out, "disabled");
+ }
+
+ fprintf(out, ", last use: ");
+ use_in = max(use_in, use_fwd);
+ if (use_in)
+ {
+ fprintf(out, "%ds_i ", now - use_in);
+ }
+ else
+ {
+ fprintf(out, "no_i ");
+ }
+ if (use_out)
+ {
+ fprintf(out, "%ds_o ", now - use_out);
+ }
+ else
+ {
+ fprintf(out, "no_o ");
+ }
+ }
+ }
+
+ fprintf(out, "\n%12s{%d}: %#R=== %#R\n",
+ child_sa->get_name(child_sa), child_sa->get_reqid(child_sa),
+ child_sa->get_traffic_selectors(child_sa, TRUE),
+ child_sa->get_traffic_selectors(child_sa, FALSE));
+}
+
+/**
+ * show status of daemon
+ */
+static void stroke_status(private_stroke_interface_t *this,
+ stroke_msg_t *msg, FILE *out, bool all)
+{
+ iterator_t *iterator, *children;
+ linked_list_t *list;
+ host_t *host;
+ peer_cfg_t *peer_cfg;
+ ike_cfg_t *ike_cfg;
+ child_cfg_t *child_cfg;
+ ike_sa_t *ike_sa;
+ char *name = NULL;
+
+ if (msg->status.name)
+ {
+ pop_string(msg, &(msg->status.name));
+ name = msg->status.name;
+ }
+
+ if (all)
+ {
+ leak_detective_status(out);
+
+ fprintf(out, "Performance:\n");
+ fprintf(out, " worker threads: %d idle of %d,",
+ charon->thread_pool->get_idle_threads(charon->thread_pool),
+ charon->thread_pool->get_pool_size(charon->thread_pool));
+ fprintf(out, " job queue load: %d,",
+ charon->job_queue->get_count(charon->job_queue));
+ fprintf(out, " scheduled events: %d\n",
+ charon->event_queue->get_count(charon->event_queue));
+ list = charon->kernel_interface->create_address_list(charon->kernel_interface);
+
+ fprintf(out, "Listening on %d IP addresses:\n", list->get_count(list));
+ while (list->remove_first(list, (void**)&host) == SUCCESS)
+ {
+ fprintf(out, " %H\n", host);
+ host->destroy(host);
+ }
+ list->destroy(list);
+
+ fprintf(out, "Connections:\n");
+ iterator = charon->backends->create_iterator(charon->backends);
+ while (iterator->iterate(iterator, (void**)&peer_cfg))
+ {
+ if (peer_cfg->get_ike_version(peer_cfg) != 2 ||
+ (name && !streq(name, peer_cfg->get_name(peer_cfg))))
+ {
+ continue;
+ }
+
+ ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
+ fprintf(out, "%12s: %H[%D]...%H[%D]\n", peer_cfg->get_name(peer_cfg),
+ ike_cfg->get_my_host(ike_cfg), peer_cfg->get_my_id(peer_cfg),
+ ike_cfg->get_other_host(ike_cfg), peer_cfg->get_other_id(peer_cfg));
+ {
+ identification_t *my_ca = peer_cfg->get_my_ca(peer_cfg);
+ identification_t *other_ca = peer_cfg->get_other_ca(peer_cfg);
+
+ if (my_ca->get_type(my_ca) != ID_ANY
+ || other_ca->get_type(other_ca) != ID_ANY)
+ {
+ fprintf(out, "%12s: CAs: '%D'...'%D'\n", peer_cfg->get_name(peer_cfg),
+ my_ca, other_ca);
+ }
+ }
+ children = peer_cfg->create_child_cfg_iterator(peer_cfg);
+ while (children->iterate(children, (void**)&child_cfg))
+ {
+ linked_list_t *my_ts, *other_ts;
+ my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+ other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+ fprintf(out, "%12s: %#R=== %#R\n", child_cfg->get_name(child_cfg),
+ my_ts, other_ts);
+ my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
+ other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
+ }
+ children->destroy(children);
+ }
+ iterator->destroy(iterator);
+ }
+
+ iterator = charon->ike_sa_manager->create_iterator(charon->ike_sa_manager);
+ if (all && iterator->get_count(iterator) > 0)
+ {
+ fprintf(out, "Security Associations:\n");
+ }
+ while (iterator->iterate(iterator, (void**)&ike_sa))
+ {
+ bool ike_printed = FALSE;
+ child_sa_t *child_sa;
+ iterator_t *children = ike_sa->create_child_sa_iterator(ike_sa);
+
+ if (name == NULL || streq(name, ike_sa->get_name(ike_sa)))
+ {
+ log_ike_sa(out, ike_sa, all);
+ ike_printed = TRUE;
+ }
+
+ while (children->iterate(children, (void**)&child_sa))
+ {
+ if (name == NULL || streq(name, child_sa->get_name(child_sa)))
+ {
+ if (!ike_printed)
+ {
+ log_ike_sa(out, ike_sa, all);
+ ike_printed = TRUE;
+ }
+ log_child_sa(out, child_sa, all);
+ }
+ }
+ children->destroy(children);
+ }
+ iterator->destroy(iterator);
+}
+
+/**
+ * list all authority certificates matching a specified flag
+ */
+static void list_auth_certificates(private_stroke_interface_t *this, u_int flag,
+ const char *label, bool utc, FILE *out)
+{
+ bool first = TRUE;
+ x509_t *cert;
+
+ iterator_t *iterator = charon->credentials->create_auth_cert_iterator(charon->credentials);
+
+ while (iterator->iterate(iterator, (void**)&cert))
+ {
+ if (cert->has_authority_flag(cert, flag))
+ {
+ if (first)
+ {
+ fprintf(out, "\n");
+ fprintf(out, "List of X.509 %s Certificates:\n", label);
+ fprintf(out, "\n");
+ first = FALSE;
+ }
+ cert->list(cert, out, utc);
+ fprintf(out, "\n");
+ }
+ }
+ iterator->destroy(iterator);
+}
+
+/**
+ * list various information
+ */
+static void stroke_list(private_stroke_interface_t *this,
+ stroke_msg_t *msg, FILE *out)
+{
+ iterator_t *iterator;
+
+ if (msg->list.flags & LIST_CERTS)
+ {
+ x509_t *cert;
+
+ iterator = charon->credentials->create_cert_iterator(charon->credentials);
+ if (iterator->get_count(iterator))
+ {
+ fprintf(out, "\n");
+ fprintf(out, "List of X.509 End Entity Certificates:\n");
+ fprintf(out, "\n");
+ }
+ while (iterator->iterate(iterator, (void**)&cert))
+ {
+ cert->list(cert, out, msg->list.utc);
+ if (charon->credentials->has_rsa_private_key(
+ charon->credentials, cert->get_public_key(cert)))
+ {
+ fprintf(out, ", has private key");
+ }
+ fprintf(out, "\n");
+
+ }
+ iterator->destroy(iterator);
+ }
+ if (msg->list.flags & LIST_CACERTS)
+ {
+ list_auth_certificates(this, AUTH_CA, "CA", msg->list.utc, out);
+ }
+ if (msg->list.flags & LIST_OCSPCERTS)
+ {
+ list_auth_certificates(this, AUTH_OCSP, "OCSP", msg->list.utc, out);
+ }
+ if (msg->list.flags & LIST_AACERTS)
+ {
+ list_auth_certificates(this, AUTH_AA, "AA", msg->list.utc, out);
+ }
+ if (msg->list.flags & LIST_CAINFOS)
+ {
+ ca_info_t *ca_info;
+ bool first = TRUE;
+
+ iterator = charon->credentials->create_cainfo_iterator(charon->credentials);
+ while (iterator->iterate(iterator, (void**)&ca_info))
+ {
+ if (ca_info->is_ca(ca_info))
+ {
+ if (first)
+ {
+ fprintf(out, "\n");
+ fprintf(out, "List of X.509 CA Information Records:\n");
+ fprintf(out, "\n");
+ first = FALSE;
+ }
+ ca_info->list(ca_info, out, msg->list.utc);
+ }
+ }
+ iterator->destroy(iterator);
+ }
+ if (msg->list.flags & LIST_CRLS)
+ {
+ ca_info_t *ca_info;
+ bool first = TRUE;
+
+ iterator = charon->credentials->create_cainfo_iterator(charon->credentials);
+ while (iterator->iterate(iterator, (void **)&ca_info))
+ {
+ if (ca_info->is_ca(ca_info) && ca_info->has_crl(ca_info))
+ {
+ if (first)
+ {
+ fprintf(out, "\n");
+ fprintf(out, "List of X.509 CRLs:\n");
+ fprintf(out, "\n");
+ first = FALSE;
+ }
+ ca_info->list_crl(ca_info, out, msg->list.utc);
+ }
+ }
+ iterator->destroy(iterator);
+ }
+ if (msg->list.flags & LIST_OCSP)
+ {
+ ca_info_t *ca_info;
+ bool first = TRUE;
+
+ iterator = charon->credentials->create_cainfo_iterator(charon->credentials);
+ while (iterator->iterate(iterator, (void **)&ca_info))
+ {
+ if (ca_info->is_ca(ca_info) && ca_info->has_certinfos(ca_info))
+ {
+ if (first)
+ {
+ fprintf(out, "\n");
+ fprintf(out, "List of OCSP responses:\n");
+ first = FALSE;
+ }
+ fprintf(out, "\n");
+ ca_info->list_certinfos(ca_info, out, msg->list.utc);
+ }
+ }
+ iterator->destroy(iterator);
+ }
+}
+
+/**
+ * reread various information
+ */
+static void stroke_reread(private_stroke_interface_t *this,
+ stroke_msg_t *msg, FILE *out)
+{
+ if (msg->reread.flags & REREAD_CACERTS)
+ {
+ charon->credentials->load_ca_certificates(charon->credentials);
+ }
+ if (msg->reread.flags & REREAD_OCSPCERTS)
+ {
+ charon->credentials->load_ocsp_certificates(charon->credentials);
+ }
+ if (msg->reread.flags & REREAD_CRLS)
+ {
+ charon->credentials->load_crls(charon->credentials);
+ }
+}
+
+/**
+ * purge various information
+ */
+static void stroke_purge(private_stroke_interface_t *this,
+ stroke_msg_t *msg, FILE *out)
+{
+ if (msg->purge.flags & PURGE_OCSP)
+ {
+ iterator_t *iterator = charon->credentials->create_cainfo_iterator(charon->credentials);
+ ca_info_t *ca_info;
+
+ while (iterator->iterate(iterator, (void**)&ca_info))
+ {
+ if (ca_info->is_ca(ca_info))
+ {
+ ca_info->purge_ocsp(ca_info);
+ }
+ }
+ iterator->destroy(iterator);
+ }
+}
+
+signal_t get_signal_from_logtype(char *type)
+{
+ if (strcasecmp(type, "any") == 0) return SIG_ANY;
+ else if (strcasecmp(type, "mgr") == 0) return DBG_MGR;
+ else if (strcasecmp(type, "ike") == 0) return DBG_IKE;
+ else if (strcasecmp(type, "chd") == 0) return DBG_CHD;
+ else if (strcasecmp(type, "job") == 0) return DBG_JOB;
+ else if (strcasecmp(type, "cfg") == 0) return DBG_CFG;
+ else if (strcasecmp(type, "knl") == 0) return DBG_KNL;
+ else if (strcasecmp(type, "net") == 0) return DBG_NET;
+ else if (strcasecmp(type, "enc") == 0) return DBG_ENC;
+ else if (strcasecmp(type, "lib") == 0) return DBG_LIB;
+ else return -1;
+}
+
+/**
+ * set the verbosity debug output
+ */
+static void stroke_loglevel(private_stroke_interface_t *this,
+ stroke_msg_t *msg, FILE *out)
+{
+ signal_t signal;
+
+ pop_string(msg, &(msg->loglevel.type));
+ DBG1(DBG_CFG, "received stroke: loglevel %d for %s",
+ msg->loglevel.level, msg->loglevel.type);
+
+ signal = get_signal_from_logtype(msg->loglevel.type);
+ if (signal < 0)
+ {
+ fprintf(out, "invalid type (%s)!\n", msg->loglevel.type);
+ return;
+ }
+
+ charon->outlog->set_level(charon->outlog, signal, msg->loglevel.level);
+ charon->syslog->set_level(charon->syslog, signal, msg->loglevel.level);
+}
+
+/**
+ * process a stroke request from the socket pointed by "fd"
+ */
+static void stroke_process(private_stroke_interface_t *this, int strokefd)
+{
+ stroke_msg_t *msg;
+ u_int16_t msg_length;
+ ssize_t bytes_read;
+ FILE *out;
+
+ /* peek the length */
+ bytes_read = recv(strokefd, &msg_length, sizeof(msg_length), MSG_PEEK);
+ if (bytes_read != sizeof(msg_length))
+ {
+ DBG1(DBG_CFG, "reading length of stroke message failed");
+ close(strokefd);
+ return;
+ }
+
+ /* read message */
+ msg = malloc(msg_length);
+ bytes_read = recv(strokefd, msg, msg_length, 0);
+ if (bytes_read != msg_length)
+ {
+ DBG1(DBG_CFG, "reading stroke message failed: %s", strerror(errno));
+ close(strokefd);
+ return;
+ }
+
+ out = fdopen(dup(strokefd), "w");
+ if (out == NULL)
+ {
+ DBG1(DBG_CFG, "opening stroke output channel failed: %s", strerror(errno));
+ close(strokefd);
+ free(msg);
+ return;
+ }
+
+ DBG3(DBG_CFG, "stroke message %b", (void*)msg, msg_length);
+
+ switch (msg->type)
+ {
+ case STR_INITIATE:
+ stroke_initiate(this, msg, out);
+ break;
+ case STR_ROUTE:
+ stroke_route(this, msg, out);
+ break;
+ case STR_UNROUTE:
+ stroke_unroute(this, msg, out);
+ break;
+ case STR_TERMINATE:
+ stroke_terminate(this, msg, out);
+ break;
+ case STR_STATUS:
+ stroke_status(this, msg, out, FALSE);
+ break;
+ case STR_STATUS_ALL:
+ stroke_status(this, msg, out, TRUE);
+ break;
+ case STR_ADD_CONN:
+ stroke_add_conn(this, msg, out);
+ break;
+ case STR_DEL_CONN:
+ stroke_del_conn(this, msg, out);
+ break;
+ case STR_ADD_CA:
+ stroke_add_ca(this, msg, out);
+ break;
+ case STR_DEL_CA:
+ stroke_del_ca(this, msg, out);
+ break;
+ case STR_LOGLEVEL:
+ stroke_loglevel(this, msg, out);
+ break;
+ case STR_LIST:
+ stroke_list(this, msg, out);
+ break;
+ case STR_REREAD:
+ stroke_reread(this, msg, out);
+ break;
+ case STR_PURGE:
+ stroke_purge(this, msg, out);
+ break;
+ default:
+ DBG1(DBG_CFG, "received unknown stroke");
+ }
+ fclose(out);
+ close(strokefd);
+ free(msg);
+}
+
+/**
+ * Implementation of private_stroke_interface_t.stroke_receive.
+ */
+static void stroke_receive(private_stroke_interface_t *this)
+{
+ struct sockaddr_un strokeaddr;
+ int strokeaddrlen = sizeof(strokeaddr);
+ int oldstate;
+ int strokefd;
+
+ charon->drop_capabilities(charon, TRUE);
+
+ /* ignore sigpipe. writing over the pipe back to the console
+ * only fails if SIGPIPE is ignored. */
+ signal(SIGPIPE, SIG_IGN);
+
+ /* disable cancellation by default */
+ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
+
+ while (TRUE)
+ {
+ /* wait for connections, but allow thread to terminate */
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
+ strokefd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen);
+ pthread_setcancelstate(oldstate, NULL);
+
+ if (strokefd < 0)
+ {
+ DBG1(DBG_CFG, "accepting stroke connection failed: %s", strerror(errno));
+ continue;
+ }
+ stroke_process(this, strokefd);
+ }
+}
+
+/**
+ * Implementation of interface_t.destroy.
+ */
+static void destroy(private_stroke_interface_t *this)
+{
+ int i;
+
+ for (i = 0; i < STROKE_THREADS; i++)
+ {
+ pthread_cancel(this->threads[i]);
+ pthread_join(this->threads[i], NULL);
+ }
+
+ close(this->socket);
+ unlink(socket_addr.sun_path);
+ free(this);
+}
+
+/*
+ * Described in header-file
+ */
+interface_t *interface_create()
+{
+ private_stroke_interface_t *this = malloc_thing(private_stroke_interface_t);
+ mode_t old;
+ int i;
+
+ /* public functions */
+ this->public.interface.destroy = (void (*)(interface_t*))destroy;
+
+ /* set up unix socket */
+ this->socket = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (this->socket == -1)
+ {
+ DBG1(DBG_CFG, "could not create stroke socket");
+ free(this);
+ return NULL;
+ }
+
+ old = umask(~S_IRWXU);
+ if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0)
+ {
+ DBG1(DBG_CFG, "could not bind stroke socket: %s", strerror(errno));
+ close(this->socket);
+ free(this);
+ return NULL;
+ }
+ umask(old);
+
+ if (listen(this->socket, 0) < 0)
+ {
+ DBG1(DBG_CFG, "could not listen on stroke socket: %s", strerror(errno));
+ close(this->socket);
+ unlink(socket_addr.sun_path);
+ free(this);
+ return NULL;
+ }
+
+ /* start threads reading from the socket */
+ for (i = 0; i < STROKE_THREADS; i++)
+ {
+ if (pthread_create(&this->threads[i], NULL, (void*(*)(void*))stroke_receive, this) != 0)
+ {
+ charon->kill(charon, "unable to create stroke thread");
+ }
+ }
+
+ return &this->public.interface;
+}
diff --git a/src/charon/threads/stroke_interface.h b/src/charon/control/interfaces/stroke_interface.h
index 0def5167e..f1b68023a 100644
--- a/src/charon/threads/stroke_interface.h
+++ b/src/charon/control/interfaces/stroke_interface.h
@@ -1,5 +1,5 @@
/**
- * @file stroke.h
+ * @file stroke_interface.h
*
* @brief Interface of stroke_t.
*
@@ -23,39 +23,38 @@
#ifndef STROKE_INTERFACE_H_
#define STROKE_INTERFACE_H_
-typedef struct stroke_t stroke_t;
+typedef struct stroke_interface_t stroke_interface_t;
+
+#include <control/interfaces/interface.h>
/**
- * @brief Stroke is a configuration and control interface which
- * allows other processes to modify charons behavior.
+ * @brief Simple configuration interface using unix-sockets.
*
- * stroke_t allows config manipulation (as whack in pluto).
- * Messages of type stroke_msg_t's are sent over a unix socket
- * (/var/run/charon.ctl).
+ * Stroke is a home-brewed communication interface inspired by whack. It
+ * uses a unix socket (/var/run/charon.ctl).
*
* @b Constructors:
* - stroke_create()
*
- * @ingroup threads
+ * @ingroup interfaces
*/
-struct stroke_t {
+struct stroke_interface_t {
/**
- * @brief Destroy a stroke_t instance.
- *
- * @param this stroke_t objec to destroy
+ * implements interface_t.
*/
- void (*destroy) (stroke_t *this);
+ interface_t interface;
};
/**
* @brief Create the stroke interface and listen on the socket.
*
- * @return stroke_t object
+ * @return interface_t for the stroke interface
*
- * @ingroup threads
+ * @ingroup interfaces
*/
-stroke_t *stroke_create(void);
+interface_t *interface_create(void);
#endif /* STROKE_INTERFACE_H_ */
+
diff --git a/src/charon/control/interfaces/xml_interface.c b/src/charon/control/interfaces/xml_interface.c
new file mode 100644
index 000000000..e570f2543
--- /dev/null
+++ b/src/charon/control/interfaces/xml_interface.c
@@ -0,0 +1,63 @@
+/**
+ * @file xml_interface.c
+ *
+ * @brief Implementation of xml_interface_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdlib.h>
+
+#include "xml_interface.h"
+
+#include <library.h>
+#include <daemon.h>
+
+
+typedef struct private_xml_interface_t private_xml_interface_t;
+
+/**
+ * Private data of an xml_interface_t object.
+ */
+struct private_xml_interface_t {
+
+ /**
+ * Public part of xml_t object.
+ */
+ xml_interface_t public;
+};
+
+
+/**
+ * Implementation of itnerface_t.destroy.
+ */
+static void destroy(private_xml_interface_t *this)
+{
+ free(this);
+}
+
+/*
+ * Described in header file
+ */
+interface_t *interface_create()
+{
+ private_xml_interface_t *this = malloc_thing(private_xml_interface_t);
+
+ this->public.interface.destroy = (void (*)(xml_interface_t*))destroy;
+
+ return &this->public.interface;
+}
diff --git a/src/charon/control/interfaces/xml_interface.h b/src/charon/control/interfaces/xml_interface.h
new file mode 100644
index 000000000..6d88c3842
--- /dev/null
+++ b/src/charon/control/interfaces/xml_interface.h
@@ -0,0 +1,57 @@
+/**
+ * @file xml_interface.h
+ *
+ * @brief Interface of xml_interface_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef XML_INTERFACE_H_
+#define XML_INTERFACE_H_
+
+typedef struct xml_interface_t xml_interface_t;
+
+#include <control/interfaces/interface.h>
+
+/**
+ * @brief The XML interface uses a socket to communicate using XML.
+ *
+ * @b Constructors:
+ * - xml_interface_create()
+ *
+ * @ingroup interfaces
+ */
+struct xml_interface_t {
+
+ /**
+ * implements interface_t.
+ */
+ interface_t interface;
+};
+
+
+/**
+ * @brief Create the XML interface.
+ *
+ * @return stroke_t object
+ *
+ * @ingroup interfaces
+ */
+interface_t *interface_create(void);
+
+#endif /* XML_INTERFACE_H_ */
+
diff --git a/src/charon/daemon.c b/src/charon/daemon.c
index 7671aea86..62e29b365 100644
--- a/src/charon/daemon.c
+++ b/src/charon/daemon.c
@@ -23,6 +23,8 @@
*/
#include <stdio.h>
+#include <linux/capability.h>
+#include <sys/prctl.h>
#include <signal.h>
#include <pthread.h>
#include <sys/stat.h>
@@ -42,10 +44,13 @@
#include <crypto/ca.h>
#include <utils/fetcher.h>
#include <config/credentials/local_credential_store.h>
-#include <config/connections/local_connection_store.h>
-#include <config/policies/local_policy_store.h>
+#include <config/backends/local_backend.h>
#include <sa/authenticators/eap/eap_method.h>
+/* on some distros, a capset definition is missing */
+#ifdef NO_CAPSET_DEFINED
+extern int capset(cap_user_header_t hdrp, const cap_user_data_t datap);
+#endif /* NO_CAPSET_DEFINED */
typedef struct private_daemon_t private_daemon_t;
@@ -165,7 +170,7 @@ static void destroy(private_daemon_t *this)
/* we don't want to receive anything anymore... */
DESTROY_IF(this->public.receiver);
/* ignore all incoming user requests */
- DESTROY_IF(this->public.stroke);
+ DESTROY_IF(this->public.interfaces);
/* stop scheduing jobs */
DESTROY_IF(this->public.scheduler);
/* stop processing jobs */
@@ -177,11 +182,8 @@ static void destroy(private_daemon_t *this)
/* destroy other infrastructure */
DESTROY_IF(this->public.job_queue);
DESTROY_IF(this->public.event_queue);
- DESTROY_IF(this->public.configuration);
DESTROY_IF(this->public.credentials);
- DESTROY_IF(this->public.connections);
- DESTROY_IF(this->public.policies);
- sched_yield();
+ DESTROY_IF(this->public.backends);
/* we hope the sender could send the outstanding deletes, but
* we shut down here at any cost */
DESTROY_IF(this->public.sender);
@@ -195,6 +197,7 @@ static void destroy(private_daemon_t *this)
free(this);
}
+
/**
* Enforce daemon shutdown, with a given reason to do so.
*/
@@ -219,10 +222,49 @@ static void kill_daemon(private_daemon_t *this, char *reason)
}
/**
+ * drop daemon capabilities
+ */
+static void drop_capabilities(private_daemon_t *this, bool full)
+{
+ struct __user_cap_header_struct hdr;
+ struct __user_cap_data_struct data;
+ /* CAP_NET_ADMIN is needed to use netlink */
+ u_int32_t keep = (1<<CAP_NET_ADMIN);
+
+ if (full)
+ {
+# if IPSEC_GID
+ setgid(IPSEC_GID);
+# endif
+# if IPSEC_UID
+ setuid(IPSEC_UID);
+# endif
+ }
+ else
+ {
+ /* CAP_NET_BIND_SERVICE to bind services below port 1024,
+ * CAP_NET_RAW to create RAW sockets.
+ * CAP_DAC_READ_SEARCH is needed to read ipsec.secrets */
+ keep |= (1<<CAP_NET_BIND_SERVICE);
+ keep |= (1<<CAP_NET_RAW);
+ keep |= (1<<CAP_DAC_READ_SEARCH);
+ }
+
+ hdr.version = _LINUX_CAPABILITY_VERSION;
+ hdr.pid = 0;
+ data.effective = data.permitted = keep;
+ data.inheritable = 0;
+
+ if (capset(&hdr, &data))
+ {
+ kill_daemon(this, "unable to drop threads capabilities");
+ }
+}
+
+/**
* Initialize the daemon, optional with a strict crl policy
*/
-static void initialize(private_daemon_t *this, bool strict, bool syslog,
- level_t levels[])
+static void initialize(private_daemon_t *this, bool syslog, level_t levels[])
{
credential_store_t* credentials;
signal_t signal;
@@ -245,12 +287,9 @@ static void initialize(private_daemon_t *this, bool strict, bool syslog,
/* apply loglevels */
for (signal = 0; signal < DBG_MAX; signal++)
{
- if (syslog)
- {
- this->public.syslog->set_level(this->public.syslog,
- signal, levels[signal]);
- }
- else
+ this->public.syslog->set_level(this->public.syslog,
+ signal, levels[signal]);
+ if (!syslog)
{
this->public.outlog->set_level(this->public.outlog,
signal, levels[signal]);
@@ -259,14 +298,12 @@ static void initialize(private_daemon_t *this, bool strict, bool syslog,
DBG1(DBG_DMN, "starting charon (strongSwan Version %s)", VERSION);
- this->public.configuration = configuration_create();
this->public.socket = socket_create(IKEV2_UDP_PORT, IKEV2_NATT_PORT);
this->public.ike_sa_manager = ike_sa_manager_create();
this->public.job_queue = job_queue_create();
this->public.event_queue = event_queue_create();
- this->public.connections = (connection_store_t*)local_connection_store_create();
- this->public.policies = (policy_store_t*)local_policy_store_create();
- this->public.credentials = (credential_store_t*)local_credential_store_create(strict);
+ this->public.credentials = (credential_store_t*)local_credential_store_create();
+ this->public.backends = backend_manager_create();
/* initialize fetcher_t class */
fetcher_initialize();
@@ -274,12 +311,14 @@ static void initialize(private_daemon_t *this, bool strict, bool syslog,
/* load secrets, ca certificates and crls */
credentials = this->public.credentials;
credentials->load_ca_certificates(credentials);
+ credentials->load_aa_certificates(credentials);
+ credentials->load_attr_certificates(credentials);
credentials->load_ocsp_certificates(credentials);
credentials->load_crls(credentials);
credentials->load_secrets(credentials);
/* start building threads, we are multi-threaded NOW */
- this->public.stroke = stroke_create();
+ this->public.interfaces = interface_manager_create();
this->public.sender = sender_create();
this->public.receiver = receiver_create();
this->public.scheduler = scheduler_create();
@@ -327,22 +366,21 @@ private_daemon_t *daemon_create(void)
/* assign methods */
this->public.kill = (void (*) (daemon_t*,char*))kill_daemon;
+ this->public.drop_capabilities = (void(*)(daemon_t*,bool))drop_capabilities;
/* NULL members for clean destruction */
this->public.socket = NULL;
this->public.ike_sa_manager = NULL;
this->public.job_queue = NULL;
this->public.event_queue = NULL;
- this->public.configuration = NULL;
this->public.credentials = NULL;
- this->public.connections = NULL;
- this->public.policies = NULL;
+ this->public.backends = NULL;
this->public.sender= NULL;
this->public.receiver = NULL;
this->public.scheduler = NULL;
this->public.kernel_interface = NULL;
this->public.thread_pool = NULL;
- this->public.stroke = NULL;
+ this->public.interfaces = NULL;
this->public.bus = NULL;
this->public.outlog = NULL;
this->public.syslog = NULL;
@@ -399,7 +437,7 @@ static void usage(const char *msg)
int main(int argc, char *argv[])
{
u_int crl_check_interval = 0;
- bool strict_crl_policy = FALSE;
+ strict_t strict_crl_policy = STRICT_NO;
bool cache_crls = FALSE;
bool use_syslog = FALSE;
char *eapdir = IPSEC_EAPDIR;
@@ -412,6 +450,11 @@ int main(int argc, char *argv[])
level_t levels[DBG_MAX];
int signal;
+ prctl(PR_SET_KEEPCAPS, 1);
+
+ /* drop the capabilities we won't need at all */
+ drop_capabilities(NULL, FALSE);
+
/* use CTRL loglevel for default */
for (signal = 0; signal < DBG_MAX; signal++)
{
@@ -425,7 +468,7 @@ int main(int argc, char *argv[])
{ "help", no_argument, NULL, 'h' },
{ "version", no_argument, NULL, 'v' },
{ "use-syslog", no_argument, NULL, 'l' },
- { "strictcrlpolicy", no_argument, NULL, 'r' },
+ { "strictcrlpolicy", required_argument, NULL, 'r' },
{ "cachecrls", no_argument, NULL, 'C' },
{ "crlcheckinterval", required_argument, NULL, 'x' },
{ "eapdir", required_argument, NULL, 'e' },
@@ -458,7 +501,7 @@ int main(int argc, char *argv[])
use_syslog = TRUE;
continue;
case 'r':
- strict_crl_policy = TRUE;
+ strict_crl_policy = atoi(optarg);
continue;
case 'C':
cache_crls = TRUE;
@@ -484,13 +527,13 @@ int main(int argc, char *argv[])
charon = (daemon_t*)private_charon;
/* initialize daemon */
- initialize(private_charon, strict_crl_policy, use_syslog, levels);
+ initialize(private_charon, use_syslog, levels);
/* load pluggable EAP modules */
eap_method_load(eapdir);
- /* set cache_crls and crl_check_interval options */
- ca_info_set_options(cache_crls, crl_check_interval);
+ /* set strict_crl_policy, cache_crls and crl_check_interval options */
+ ca_info_set_options(strict_crl_policy, cache_crls, crl_check_interval);
/* check/setup PID file */
if (stat(PID_FILE, &stb) == 0)
@@ -516,6 +559,9 @@ int main(int argc, char *argv[])
}
list->destroy(list);
+ /* drop additional capabilites (bind & root) */
+ drop_capabilities(private_charon, TRUE);
+
/* run daemon */
run(private_charon);
@@ -527,3 +573,4 @@ int main(int argc, char *argv[])
return 0;
}
+
diff --git a/src/charon/daemon.h b/src/charon/daemon.h
index 420262474..640bc6a09 100644
--- a/src/charon/daemon.h
+++ b/src/charon/daemon.h
@@ -29,22 +29,20 @@ typedef struct daemon_t daemon_t;
#include <credential_store.h>
-#include <threads/sender.h>
-#include <threads/receiver.h>
-#include <threads/scheduler.h>
-#include <threads/kernel_interface.h>
-#include <threads/thread_pool.h>
-#include <threads/stroke_interface.h>
+#include <network/sender.h>
+#include <network/receiver.h>
#include <network/socket.h>
+#include <processing/scheduler.h>
+#include <processing/thread_pool.h>
+#include <processing/job_queue.h>
+#include <processing/event_queue.h>
+#include <kernel/kernel_interface.h>
+#include <control/interface_manager.h>
#include <bus/bus.h>
#include <bus/listeners/file_logger.h>
#include <bus/listeners/sys_logger.h>
#include <sa/ike_sa_manager.h>
-#include <queues/job_queue.h>
-#include <queues/event_queue.h>
-#include <config/configuration.h>
-#include <config/connections/connection_store.h>
-#include <config/policies/policy_store.h>
+#include <config/backend_manager.h>
/**
* @defgroup charon charon
@@ -98,6 +96,14 @@ typedef struct daemon_t daemon_t;
*/
/**
+ * @defgroup bus bus
+ *
+ * Signaling bus and its listeners.
+ *
+ * @ingroup charon
+ */
+
+/**
* @defgroup config config
*
* Classes implementing configuration related things.
@@ -106,6 +112,38 @@ typedef struct daemon_t daemon_t;
*/
/**
+ * @defgroup backends backends
+ *
+ * Classes implementing configuration backends.
+ *
+ * @ingroup config
+ */
+
+/**
+ * @defgroup credentials credentials
+ *
+ * Trust chain verification and certificate store.
+ *
+ * @ingroup config
+ */
+
+/**
+ * @defgroup control control
+ *
+ * Handling of loadable control interface modules.
+ *
+ * @ingroup charon
+ */
+
+/**
+ * @defgroup interfaces interfaces
+ *
+ * Classes which control the daemon using IPC mechanisms.
+ *
+ * @ingroup control
+ */
+
+/**
* @defgroup encoding encoding
*
* Classes used to encode and decode IKEv2 messages.
@@ -122,52 +160,49 @@ typedef struct daemon_t daemon_t;
*/
/**
- * @defgroup network network
+ * @defgroup kernel kernel
*
- * Classes for network relevant stuff.
+ * Classes to configure and query the kernel.
*
* @ingroup charon
*/
/**
- * @defgroup queues queues
+ * @defgroup network network
*
- * Different kind of queues
- * (thread save lists).
+ * Classes for sending and receiving UDP packets over the network.
*
* @ingroup charon
*/
/**
- * @defgroup jobs jobs
+ * @defgroup processing processing
*
- * Jobs used in job queue and event queue.
+ * Queueing, scheduling and processing of jobs
*
- * @ingroup queues
+ * @ingroup charon
*/
/**
- * @defgroup sa sa
+ * @defgroup jobs jobs
*
- * Security associations for IKE and IPSec,
- * and some helper classes.
+ * Jobs to queue, schedule and process.
*
- * @ingroup charon
+ * @ingroup processing
*/
/**
- * @defgroup tasks tasks
+ * @defgroup sa sa
*
- * Tasks process and build message payloads. They are used to create
- * and process multiple exchanges.
+ * Security associations for IKE and IPSec, and its helper classes.
*
- * @ingroup sa
+ * @ingroup charon
*/
/**
* @defgroup authenticators authenticators
*
- * Authenticator classes to prove identity of peer.
+ * Authenticator classes to prove identity of a peer.
*
* @ingroup sa
*/
@@ -175,25 +210,18 @@ typedef struct daemon_t daemon_t;
/**
* @defgroup eap eap
*
- * EAP authentication module interface and it's implementations.
+ * EAP module loader, interface and it's implementations.
*
* @ingroup authenticators
*/
-
+
/**
- * @defgroup threads threads
- *
- * Threaded classes, which will do their job alone.
- *
- * @ingroup charon
- */
-
-/**
- * @defgroup bus bus
+ * @defgroup tasks tasks
*
- * Signaling bus and its listeners.
+ * Tasks process and build message payloads. They are used to create
+ * and process multiple exchanges.
*
- * @ingroup charon
+ * @ingroup sa
*/
/**
@@ -263,13 +291,27 @@ typedef struct daemon_t daemon_t;
#define CERTIFICATE_DIR IPSEC_D_DIR "/certs"
/**
- * Default directory for trusted CA certificates
+ * Default directory for trusted Certification Authority certificates
*
* @ingroup charon
*/
#define CA_CERTIFICATE_DIR IPSEC_D_DIR "/cacerts"
/**
+ * Default directory for Authorization Authority certificates
+ *
+ * @ingroup charon
+ */
+#define AA_CERTIFICATE_DIR IPSEC_D_DIR "/aacerts"
+
+/**
+ * Default directory for Attribute certificates
+ *
+ * @ingroup charon
+ */
+#define ATTR_CERTIFICATE_DIR IPSEC_D_DIR "/acerts"
+
+/**
* Default directory for OCSP signing certificates
*
* @ingroup charon
@@ -317,19 +359,9 @@ struct daemon_t {
ike_sa_manager_t *ike_sa_manager;
/**
- * A configuration_t instance.
+ * Manager for the different configuration backends.
*/
- configuration_t *configuration;
-
- /**
- * A connection_store_t instance.
- */
- connection_store_t *connections;
-
- /**
- * A policy_store_t instance.
- */
- policy_store_t *policies;
+ backend_manager_t *backends;
/**
* A credential_store_t instance.
@@ -382,15 +414,23 @@ struct daemon_t {
kernel_interface_t *kernel_interface;
/**
- * IPC interface, as whack in pluto
+ * Interfaces for IPC
+ */
+ interface_manager_t *interfaces;
+
+ /**
+ * @brief Let the calling thread drop its capabilities.
+ *
+ * @param this calling daemon
+ * @param full TRUE to drop as many as possible
*/
- stroke_t *stroke;
+ void (*drop_capabilities) (daemon_t *this, bool full);
/**
* @brief Shut down the daemon.
*
- * @param this the daemon to kill
- * @param reason describtion why it will be killed
+ * @param this the daemon to kill
+ * @param reason describtion why it will be killed
*/
void (*kill) (daemon_t *this, char *reason);
};
diff --git a/src/charon/encoding/message.c b/src/charon/encoding/message.c
index 5f3f91f8b..b31b21afa 100644
--- a/src/charon/encoding/message.c
+++ b/src/charon/encoding/message.c
@@ -24,7 +24,6 @@
#include <stdlib.h>
#include <string.h>
-#include <printf.h>
#include "message.h"
@@ -603,72 +602,50 @@ static payload_t *get_payload(private_message_t *this, payload_type_t type)
}
/**
- * output handler in printf()
+ * get a string representation of the message
*/
-static int print(FILE *stream, const struct printf_info *info,
- const void *const *args)
+static char* get_string(private_message_t *this, char *buf, int len)
{
- private_message_t *this = *((private_message_t**)(args[0]));
iterator_t *iterator;
payload_t *payload;
- bool first = TRUE;
- size_t total_written = 0;
- size_t written;
+ int written;
+ char *pos = buf;
- if (this == NULL)
+ written = snprintf(pos, len, "%N %s [",
+ exchange_type_names, this->exchange_type,
+ this->is_request ? "request" : "response");
+ if (written >= len || written < 0)
{
- return fprintf(stream, "(null)");
+ return "";
}
+ pos += written;
+ len -= written;
- written = fprintf(stream, "%N %s [",
- exchange_type_names, this->exchange_type,
- this->is_request ? "request" : "response");
- if (written < 0)
+ if (this->payloads->get_count(this->payloads) == 0)
{
- return written;
+ snprintf(pos, len, "]");
+ return buf;
}
- total_written += written;
iterator = this->payloads->create_iterator(this->payloads, TRUE);
while (iterator->iterate(iterator, (void**)&payload))
{
- if (!first)
+ written = snprintf(pos, len, "%N ", payload_type_short_names,
+ payload->get_type(payload));
+ if (written >= len || written < 0)
{
- written = fprintf(stream, " ");
- if (written < 0)
- {
- return written;
- }
- total_written += written;
- }
- else
- {
- first = FALSE;
- }
- written = fprintf(stream, "%N", payload_type_short_names,
- payload->get_type(payload));
- if (written < 0)
- {
- return written;
+ return buf;
}
- total_written += written;
+ pos += written;
+ len -= written;
}
iterator->destroy(iterator);
- written = fprintf(stream, "]");
- if (written < 0)
- {
- return written;
- }
- total_written += written;
- return total_written;
-}
-
-/**
- * register printf() handlers
- */
-static void __attribute__ ((constructor))print_register()
-{
- register_printf_function(PRINTF_MESSAGE, print, arginfo_ptr);
+
+ /* remove last space */
+ pos--;
+ len++;
+ snprintf(pos, len, "]");
+ return buf;
}
/**
@@ -757,6 +734,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
iterator_t *iterator;
status_t status;
chunk_t packet_data;
+ char str[128];
if (is_encoded(this))
{
@@ -765,7 +743,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
return SUCCESS;
}
- DBG1(DBG_ENC, "generating %M", this);
+ DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
{
@@ -1162,6 +1140,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
{
status_t status = SUCCESS;
payload_type_t current_payload_type;
+ char str[128];
current_payload_type = this->first_payload;
@@ -1231,7 +1210,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
return status;
}
- DBG1(DBG_ENC, "parsed %M", this);
+ DBG1(DBG_ENC, "parsed %s", get_string(this, str, sizeof(str)));
return SUCCESS;
}
diff --git a/src/charon/threads/kernel_interface.c b/src/charon/kernel/kernel_interface.c
index 4a70d2ecf..d82783b03 100644
--- a/src/charon/threads/kernel_interface.c
+++ b/src/charon/kernel/kernel_interface.c
@@ -45,9 +45,9 @@
#include <daemon.h>
#include <utils/linked_list.h>
-#include <queues/jobs/delete_child_sa_job.h>
-#include <queues/jobs/rekey_child_sa_job.h>
-#include <queues/jobs/acquire_job.h>
+#include <processing/jobs/delete_child_sa_job.h>
+#include <processing/jobs/rekey_child_sa_job.h>
+#include <processing/jobs/acquire_job.h>
/** kernel level protocol identifiers */
#define KERNEL_ESP 50
@@ -129,7 +129,7 @@ kernel_algorithm_t integrity_algs[] = {
{AUTH_HMAC_SHA2_512_256, "sha512", 512},
/* {AUTH_DES_MAC, "***", 0}, */
/* {AUTH_KPDK_MD5, "***", 0}, */
-/* {AUTH_AES_XCBC_96, "***", 0}, */
+ {AUTH_AES_XCBC_96, "xcbc(aes)", 128},
{END_OF_LIST, NULL, 0},
};
@@ -171,6 +171,9 @@ struct route_entry_t {
/** Source ip of the route */
host_t *src_ip;
+
+ /** gateway for this route */
+ host_t *gateway;
/** Destination net */
chunk_t dst_net;
@@ -185,6 +188,7 @@ struct route_entry_t {
static void route_entry_destroy(route_entry_t *this)
{
this->src_ip->destroy(this->src_ip);
+ this->gateway->destroy(this->gateway);
chunk_free(&this->dst_net);
free(this);
}
@@ -442,6 +446,8 @@ static void add_attribute(struct nlmsghdr *hdr, int rta_type, chunk_t data,
*/
static void receive_events(private_kernel_interface_t *this)
{
+ charon->drop_capabilities(charon, TRUE);
+
while(TRUE)
{
unsigned char response[512];
@@ -571,7 +577,7 @@ static status_t netlink_send(int socket, struct nlmsghdr *in,
continue;
}
pthread_mutex_unlock(&mutex);
- DBG1(DBG_KNL, "error sending to netlink socket: %m");
+ DBG1(DBG_KNL, "error sending to netlink socket: %s", strerror(errno));
return FAILED;
}
break;
@@ -601,7 +607,7 @@ static status_t netlink_send(int socket, struct nlmsghdr *in,
/* interrupted, try again */
continue;
}
- DBG1(DBG_IKE, "error reading from netlink socket: %m");
+ DBG1(DBG_IKE, "error reading from netlink socket: %s", strerror(errno));
pthread_mutex_unlock(&mutex);
return FAILED;
}
@@ -996,6 +1002,7 @@ static status_t manage_srcroute(private_kernel_interface_t *this, int nlmsg_type
half.dst_net = chunk_alloca(route->dst_net.len);
memset(half.dst_net.ptr, 0, half.dst_net.len);
half.src_ip = route->src_ip;
+ half.gateway = route->gateway;
half.if_index = route->if_index;
half.prefixlen = 1;
@@ -1023,6 +1030,8 @@ static status_t manage_srcroute(private_kernel_interface_t *this, int nlmsg_type
add_attribute(hdr, RTA_DST, route->dst_net, sizeof(request));
chunk = route->src_ip->get_address(route->src_ip);
add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request));
+ chunk = route->gateway->get_address(route->gateway);
+ add_attribute(hdr, RTA_GATEWAY, chunk, sizeof(request));
chunk.ptr = (char*)&route->if_index;
chunk.len = sizeof(route->if_index);
add_attribute(hdr, RTA_OIF, chunk, sizeof(request));
@@ -1689,6 +1698,7 @@ static status_t add_policy(private_kernel_interface_t *this,
policy->route = malloc_thing(route_entry_t);
if (get_address_by_ts(this, dst_ts, &policy->route->src_ip) == SUCCESS)
{
+ policy->route->gateway = dst->clone(dst);
policy->route->if_index = get_interface_index(this, dst);
policy->route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16);
memcpy(policy->route->dst_net.ptr, &policy->sel.saddr, policy->route->dst_net.len);
diff --git a/src/charon/threads/kernel_interface.h b/src/charon/kernel/kernel_interface.h
index 34b06f594..2a3eaff7a 100644
--- a/src/charon/threads/kernel_interface.h
+++ b/src/charon/kernel/kernel_interface.h
@@ -35,6 +35,8 @@ typedef struct kernel_interface_t kernel_interface_t;
/**
* Configuration for NAT-T
+ *
+ * @ingroup kernel
*/
struct natt_conf_t {
/** source port to use for UDP-encapsulated packets */
@@ -47,6 +49,8 @@ struct natt_conf_t {
* Direction of a policy. These are equal to those
* defined in xfrm.h, but we want to stay implementation
* neutral here.
+ *
+ * @ingroup kernel
*/
enum policy_dir_t {
/** Policy for inbound traffic */
@@ -71,7 +75,7 @@ enum policy_dir_t {
* @b Constructors:
* - kernel_interface_create()
*
- * @ingroup threads
+ * @ingroup kernel
*/
struct kernel_interface_t {
@@ -324,7 +328,7 @@ struct kernel_interface_t {
/**
* @brief Creates an object of type kernel_interface_t.
*
- * @ingroup threads
+ * @ingroup kernel
*/
kernel_interface_t *kernel_interface_create(void);
diff --git a/src/charon/threads/receiver.c b/src/charon/network/receiver.c
index 7195c162d..9b4bf71ac 100644
--- a/src/charon/threads/receiver.c
+++ b/src/charon/network/receiver.c
@@ -22,6 +22,7 @@
*/
#include <stdlib.h>
+#include <unistd.h>
#include <pthread.h>
#include "receiver.h"
@@ -29,9 +30,9 @@
#include <daemon.h>
#include <network/socket.h>
#include <network/packet.h>
-#include <queues/job_queue.h>
-#include <queues/jobs/job.h>
-#include <queues/jobs/process_message_job.h>
+#include <processing/job_queue.h>
+#include <processing/jobs/job.h>
+#include <processing/jobs/process_message_job.h>
/** length of the full cookie, including time (u_int32_t + SHA1()) */
#define COOKIE_LENGTH 24
@@ -254,12 +255,16 @@ static void receive_packets(private_receiver_t *this)
DBG1(DBG_NET, "receiver thread running, thread_ID: %06u",
(int)pthread_self());
+ charon->drop_capabilities(charon, TRUE);
+
while (TRUE)
{
/* read in a packet */
if (charon->socket->receive(charon->socket, &packet) != SUCCESS)
{
- DBG1(DBG_NET, "receiving from socket failed!");
+ DBG2(DBG_NET, "receiving from socket failed!");
+ /* try again after a delay */
+ sleep(1);
continue;
}
@@ -267,7 +272,7 @@ static void receive_packets(private_receiver_t *this)
message = message_create_from_packet(packet);
if (message->parse_header(message) != SUCCESS)
{
- DBG1(DBG_NET, "received invalid IKE header from %H, ignored",
+ DBG1(DBG_NET, "received invalid IKE header from %H - ignored",
packet->get_source(packet));
message->destroy(message);
continue;
diff --git a/src/charon/threads/receiver.h b/src/charon/network/receiver.h
index 68d9136c0..1bfa7b764 100644
--- a/src/charon/threads/receiver.h
+++ b/src/charon/network/receiver.h
@@ -54,7 +54,7 @@ typedef struct receiver_t receiver_t;
* @b Constructors:
* - receiver_create()
*
- * @ingroup threads
+ * @ingroup network
*/
struct receiver_t {
@@ -74,7 +74,7 @@ struct receiver_t {
*
* @return receiver_t object
*
- * @ingroup threads
+ * @ingroup network
*/
receiver_t * receiver_create(void);
diff --git a/src/charon/threads/sender.c b/src/charon/network/sender.c
index c1cd0a68c..933b8c192 100644
--- a/src/charon/threads/sender.c
+++ b/src/charon/network/sender.c
@@ -84,10 +84,11 @@ static void send_(private_sender_t *this, packet_t *packet)
*/
static void send_packets(private_sender_t * this)
{
-
/* cancellation disabled by default */
pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
DBG1(DBG_NET, "sender thread running, thread_ID: %06u", (int)pthread_self());
+
+ charon->drop_capabilities(charon, TRUE);
while (TRUE)
{
@@ -119,9 +120,14 @@ static void send_packets(private_sender_t * this)
*/
static void destroy(private_sender_t *this)
{
+ /* send all packets in the queue */
+ while (this->list->get_count(this->list))
+ {
+ sched_yield();
+ }
pthread_cancel(this->assigned_thread);
pthread_join(this->assigned_thread, NULL);
- this->list->destroy_offset(this->list, offsetof(packet_t, destroy));
+ this->list->destroy(this->list);
free(this);
}
diff --git a/src/charon/threads/sender.h b/src/charon/network/sender.h
index 4f42f6f9e..6f2a06891 100644
--- a/src/charon/threads/sender.h
+++ b/src/charon/network/sender.h
@@ -35,7 +35,7 @@ typedef struct sender_t sender_t;
* @b Constructors:
* - sender_create()
*
- * @ingroup threads
+ * @ingroup network
*/
struct sender_t {
@@ -67,7 +67,7 @@ struct sender_t {
*
* @return created sender object
*
- * @ingroup threads
+ * @ingroup network
*/
sender_t * sender_create(void);
diff --git a/src/charon/network/socket.c b/src/charon/network/socket.c
index 00ba22d5a..dd231ebed 100644
--- a/src/charon/network/socket.c
+++ b/src/charon/network/socket.c
@@ -176,7 +176,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
bytes_read = recv(this->recv4, buffer, MAX_PACKET, 0);
if (bytes_read < 0)
{
- DBG1(DBG_NET, "error reading from IPv4 socket: %m");
+ DBG1(DBG_NET, "error reading from IPv4 socket: %s", strerror(errno));
return FAILED;
}
DBG3(DBG_NET, "received IPv4 packet %b", buffer, bytes_read);
@@ -238,7 +238,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
bytes_read = recvmsg(this->recv6, &msg, 0);
if (bytes_read < 0)
{
- DBG1(DBG_NET, "error reading from IPv6 socket: %m");
+ DBG1(DBG_NET, "error reading from IPv6 socket: %s", strerror(errno));
return FAILED;
}
DBG3(DBG_NET, "received IPv6 packet %b", buffer, bytes_read);
@@ -428,7 +428,7 @@ status_t sender(private_socket_t *this, packet_t *packet)
if (bytes_sent != data.len)
{
- DBG1(DBG_NET, "error writing to socket: %m");
+ DBG1(DBG_NET, "error writing to socket: %s", strerror(errno));
return FAILED;
}
return SUCCESS;
@@ -477,13 +477,14 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
skt = socket(family, SOCK_DGRAM, IPPROTO_UDP);
if (skt < 0)
{
- DBG1(DBG_NET, "could not open send socket: %m");
+ DBG1(DBG_NET, "could not open send socket: %s", strerror(errno));
return 0;
}
if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
{
- DBG1(DBG_NET, "unable to set SO_REUSEADDR on send socket: %m");
+ DBG1(DBG_NET, "unable to set SO_REUSEADDR on send socket: %s",
+ strerror(errno));
close(skt);
return 0;
}
@@ -497,7 +498,8 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
{
- DBG1(DBG_NET, "unable to set IPSEC_POLICY on send socket: %m");
+ DBG1(DBG_NET, "unable to set IPSEC_POLICY on send socket: %s",
+ strerror(errno));
close(skt);
return 0;
}
@@ -507,7 +509,8 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
{
- DBG1(DBG_NET, "unable to set IPSEC_POLICY on send socket: %m");
+ DBG1(DBG_NET, "unable to set IPSEC_POLICY on send socket: %s",
+ strerror(errno));
close(skt);
return 0;
}
@@ -515,7 +518,8 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
/* bind the send socket */
if (bind(skt, (struct sockaddr *)&addr, sizeof(addr)) < 0)
{
- DBG1(DBG_NET, "unable to bind send socket: %m");
+ DBG1(DBG_NET, "unable to bind send socket: %s",
+ strerror(errno));
close(skt);
return 0;
}
@@ -525,7 +529,8 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
/* enable UDP decapsulation globally, only for one socket needed */
if (setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
{
- DBG1(DBG_NET, "unable to set UDP_ENCAP: %m; NAT-T may fail");
+ DBG1(DBG_NET, "unable to set UDP_ENCAP: %s; NAT-T may fail",
+ strerror(errno));
}
}
@@ -606,14 +611,15 @@ static int open_recv_socket(private_socket_t *this, int family)
skt = socket(family, SOCK_RAW, IPPROTO_UDP);
if (skt < 0)
{
- DBG1(DBG_NET, "unable to create raw socket: %m");
+ DBG1(DBG_NET, "unable to create raw socket: %s", strerror(errno));
return 0;
}
if (setsockopt(skt, SOL_SOCKET, SO_ATTACH_FILTER,
&ikev2_filter, sizeof(ikev2_filter)) < 0)
{
- DBG1(DBG_NET, "unable to attach IKEv2 filter to raw socket: %m");
+ DBG1(DBG_NET, "unable to attach IKEv2 filter to raw socket: %s",
+ strerror(errno));
close(skt);
return 0;
}
@@ -623,7 +629,8 @@ static int open_recv_socket(private_socket_t *this, int family)
* 2 or 50 depending on kernel header version */
setsockopt(skt, sol, IPV6_2292PKTINFO, &on, sizeof(on)) < 0)
{
- DBG1(DBG_NET, "unable to set IPV6_PKTINFO on raw socket: %m");
+ DBG1(DBG_NET, "unable to set IPV6_PKTINFO on raw socket: %s",
+ strerror(errno));
close(skt);
return 0;
}
@@ -637,7 +644,8 @@ static int open_recv_socket(private_socket_t *this, int family)
if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
{
- DBG1(DBG_NET, "unable to set IPSEC_POLICY on raw socket: %m");
+ DBG1(DBG_NET, "unable to set IPSEC_POLICY on raw socket: %s",
+ strerror(errno));
close(skt);
return 0;
}
@@ -682,6 +690,7 @@ static void destroy(private_socket_t *this)
*/
socket_t *socket_create(u_int16_t port, u_int16_t natt_port)
{
+ int key;
private_socket_t *this = malloc_thing(private_socket_t);
/* public functions */
@@ -698,6 +707,15 @@ socket_t *socket_create(u_int16_t port, u_int16_t natt_port)
this->send4_natt = 0;
this->send6_natt = 0;
+ /* we open a AF_KEY socket to autoload the af_key module. Otherwise
+ * setsockopt(IPSEC_POLICY) won't work. */
+ key = socket(AF_KEY, SOCK_RAW, PF_KEY_V2);
+ if (key == 0)
+ {
+ charon->kill(charon, "could not open AF_KEY socket");
+ }
+ close(key);
+
this->recv4 = open_recv_socket(this, AF_INET);
if (this->recv4 == 0)
{
diff --git a/src/charon/queues/event_queue.c b/src/charon/processing/event_queue.c
index 40bcb1ed8..40bcb1ed8 100644
--- a/src/charon/queues/event_queue.c
+++ b/src/charon/processing/event_queue.c
diff --git a/src/charon/queues/event_queue.h b/src/charon/processing/event_queue.h
index cd275123b..c85286bf2 100644
--- a/src/charon/queues/event_queue.h
+++ b/src/charon/processing/event_queue.h
@@ -29,7 +29,7 @@ typedef struct event_queue_t event_queue_t;
#include <sys/time.h>
#include <library.h>
-#include <queues/jobs/job.h>
+#include <processing/jobs/job.h>
/**
* @brief Event-Queue used to store timed events.
@@ -45,7 +45,7 @@ typedef struct event_queue_t event_queue_t;
* @b Constructors:
* - event_queue_create()
*
- * @ingroup queues
+ * @ingroup processing
*/
struct event_queue_t {
@@ -111,7 +111,7 @@ struct event_queue_t {
*
* @returns event_queue_t object
*
- * @ingroup queues
+ * @ingroup processing
*/
event_queue_t *event_queue_create(void);
diff --git a/src/charon/queues/job_queue.c b/src/charon/processing/job_queue.c
index 2310ca6ff..2310ca6ff 100644
--- a/src/charon/queues/job_queue.c
+++ b/src/charon/processing/job_queue.c
diff --git a/src/charon/queues/job_queue.h b/src/charon/processing/job_queue.h
index c971ba514..9b58588ae 100644
--- a/src/charon/queues/job_queue.h
+++ b/src/charon/processing/job_queue.h
@@ -27,7 +27,7 @@
typedef struct job_queue_t job_queue_t;
#include <library.h>
-#include <queues/jobs/job.h>
+#include <processing/jobs/job.h>
/**
* @brief The job queue stores jobs, which will be processed by the thread_pool_t.
@@ -40,7 +40,7 @@ typedef struct job_queue_t job_queue_t;
* @b Constructors:
* - job_queue_create()
*
- * @ingroup queues
+ * @ingroup processing
*/
struct job_queue_t {
@@ -93,7 +93,7 @@ struct job_queue_t {
*
* @return job_queue_t object
*
- * @ingroup queues
+ * @ingroup processing
*/
job_queue_t *job_queue_create(void);
diff --git a/src/charon/queues/jobs/acquire_job.c b/src/charon/processing/jobs/acquire_job.c
index b4ffb258d..b4ffb258d 100644
--- a/src/charon/queues/jobs/acquire_job.c
+++ b/src/charon/processing/jobs/acquire_job.c
diff --git a/src/charon/queues/jobs/acquire_job.h b/src/charon/processing/jobs/acquire_job.h
index 54f1b9b5b..226966215 100644
--- a/src/charon/queues/jobs/acquire_job.h
+++ b/src/charon/processing/jobs/acquire_job.h
@@ -26,7 +26,7 @@
typedef struct acquire_job_t acquire_job_t;
#include <library.h>
-#include <queues/jobs/job.h>
+#include <processing/jobs/job.h>
/**
* @brief Class representing an ACQUIRE Job.
diff --git a/src/charon/queues/jobs/delete_child_sa_job.c b/src/charon/processing/jobs/delete_child_sa_job.c
index f694696b0..f694696b0 100644
--- a/src/charon/queues/jobs/delete_child_sa_job.c
+++ b/src/charon/processing/jobs/delete_child_sa_job.c
diff --git a/src/charon/queues/jobs/delete_child_sa_job.h b/src/charon/processing/jobs/delete_child_sa_job.h
index 9c2e4fa4d..0b90e008d 100644
--- a/src/charon/queues/jobs/delete_child_sa_job.h
+++ b/src/charon/processing/jobs/delete_child_sa_job.h
@@ -27,7 +27,7 @@ typedef struct delete_child_sa_job_t delete_child_sa_job_t;
#include <library.h>
#include <sa/ike_sa_id.h>
-#include <queues/jobs/job.h>
+#include <processing/jobs/job.h>
#include <config/proposal.h>
diff --git a/src/charon/queues/jobs/delete_ike_sa_job.c b/src/charon/processing/jobs/delete_ike_sa_job.c
index 706155aa6..706155aa6 100644
--- a/src/charon/queues/jobs/delete_ike_sa_job.c
+++ b/src/charon/processing/jobs/delete_ike_sa_job.c
diff --git a/src/charon/queues/jobs/delete_ike_sa_job.h b/src/charon/processing/jobs/delete_ike_sa_job.h
index 43701a354..11bb46e73 100644
--- a/src/charon/queues/jobs/delete_ike_sa_job.h
+++ b/src/charon/processing/jobs/delete_ike_sa_job.h
@@ -28,7 +28,7 @@ typedef struct delete_ike_sa_job_t delete_ike_sa_job_t;
#include <library.h>
#include <sa/ike_sa_id.h>
-#include <queues/jobs/job.h>
+#include <processing/jobs/job.h>
/**
diff --git a/src/charon/queues/jobs/job.c b/src/charon/processing/jobs/job.c
index d32d1bc61..d32d1bc61 100644
--- a/src/charon/queues/jobs/job.c
+++ b/src/charon/processing/jobs/job.c
diff --git a/src/charon/queues/jobs/job.h b/src/charon/processing/jobs/job.h
index 28632672d..28632672d 100644
--- a/src/charon/queues/jobs/job.h
+++ b/src/charon/processing/jobs/job.h
diff --git a/src/charon/queues/jobs/process_message_job.c b/src/charon/processing/jobs/process_message_job.c
index ee7484bbd..ee7484bbd 100644
--- a/src/charon/queues/jobs/process_message_job.c
+++ b/src/charon/processing/jobs/process_message_job.c
diff --git a/src/charon/queues/jobs/process_message_job.h b/src/charon/processing/jobs/process_message_job.h
index 2e60a298c..5bb18155a 100644
--- a/src/charon/queues/jobs/process_message_job.h
+++ b/src/charon/processing/jobs/process_message_job.h
@@ -28,7 +28,7 @@ typedef struct process_message_job_t process_message_job_t;
#include <library.h>
#include <encoding/message.h>
-#include <queues/jobs/job.h>
+#include <processing/jobs/job.h>
/**
* @brief Class representing an PROCESS_MESSAGE job.
diff --git a/src/charon/queues/jobs/rekey_child_sa_job.c b/src/charon/processing/jobs/rekey_child_sa_job.c
index 3422b614d..3422b614d 100644
--- a/src/charon/queues/jobs/rekey_child_sa_job.c
+++ b/src/charon/processing/jobs/rekey_child_sa_job.c
diff --git a/src/charon/queues/jobs/rekey_child_sa_job.h b/src/charon/processing/jobs/rekey_child_sa_job.h
index 19e1b5d32..df86070bc 100644
--- a/src/charon/queues/jobs/rekey_child_sa_job.h
+++ b/src/charon/processing/jobs/rekey_child_sa_job.h
@@ -27,7 +27,7 @@ typedef struct rekey_child_sa_job_t rekey_child_sa_job_t;
#include <library.h>
#include <sa/ike_sa_id.h>
-#include <queues/jobs/job.h>
+#include <processing/jobs/job.h>
#include <config/proposal.h>
/**
diff --git a/src/charon/queues/jobs/rekey_ike_sa_job.c b/src/charon/processing/jobs/rekey_ike_sa_job.c
index 2539d997e..f6c058634 100644
--- a/src/charon/queues/jobs/rekey_ike_sa_job.c
+++ b/src/charon/processing/jobs/rekey_ike_sa_job.c
@@ -67,7 +67,7 @@ static status_t execute(private_rekey_ike_sa_job_t *this)
this->ike_sa_id);
if (ike_sa == NULL)
{
- DBG2(DBG_JOB, "IKE_SA %J to rekey not found", this->ike_sa_id);
+ DBG2(DBG_JOB, "IKE_SA to rekey not found");
return DESTROY_ME;
}
diff --git a/src/charon/queues/jobs/rekey_ike_sa_job.h b/src/charon/processing/jobs/rekey_ike_sa_job.h
index f3e336fb3..4031b3813 100644
--- a/src/charon/queues/jobs/rekey_ike_sa_job.h
+++ b/src/charon/processing/jobs/rekey_ike_sa_job.h
@@ -27,7 +27,7 @@ typedef struct rekey_ike_sa_job_t rekey_ike_sa_job_t;
#include <library.h>
#include <sa/ike_sa_id.h>
-#include <queues/jobs/job.h>
+#include <processing/jobs/job.h>
/**
* @brief Class representing an REKEY_IKE_SA Job.
diff --git a/src/charon/queues/jobs/retransmit_job.c b/src/charon/processing/jobs/retransmit_job.c
index 5bfa20dfd..5bfa20dfd 100644
--- a/src/charon/queues/jobs/retransmit_job.c
+++ b/src/charon/processing/jobs/retransmit_job.c
diff --git a/src/charon/queues/jobs/retransmit_job.h b/src/charon/processing/jobs/retransmit_job.h
index 19e29b909..93bb548e7 100644
--- a/src/charon/queues/jobs/retransmit_job.h
+++ b/src/charon/processing/jobs/retransmit_job.h
@@ -27,7 +27,7 @@
typedef struct retransmit_job_t retransmit_job_t;
#include <library.h>
-#include <queues/jobs/job.h>
+#include <processing/jobs/job.h>
#include <sa/ike_sa_id.h>
/**
diff --git a/src/charon/queues/jobs/send_dpd_job.c b/src/charon/processing/jobs/send_dpd_job.c
index 7294d78d5..7294d78d5 100644
--- a/src/charon/queues/jobs/send_dpd_job.c
+++ b/src/charon/processing/jobs/send_dpd_job.c
diff --git a/src/charon/queues/jobs/send_dpd_job.h b/src/charon/processing/jobs/send_dpd_job.h
index f3900f9a2..26c9e2e81 100644
--- a/src/charon/queues/jobs/send_dpd_job.h
+++ b/src/charon/processing/jobs/send_dpd_job.h
@@ -25,8 +25,7 @@
typedef struct send_dpd_job_t send_dpd_job_t;
#include <library.h>
-#include <queues/jobs/job.h>
-#include <config/connections/connection.h>
+#include <processing/jobs/job.h>
#include <sa/ike_sa_id.h>
/**
diff --git a/src/charon/queues/jobs/send_keepalive_job.c b/src/charon/processing/jobs/send_keepalive_job.c
index 1c1cb288e..1c1cb288e 100644
--- a/src/charon/queues/jobs/send_keepalive_job.c
+++ b/src/charon/processing/jobs/send_keepalive_job.c
diff --git a/src/charon/queues/jobs/send_keepalive_job.h b/src/charon/processing/jobs/send_keepalive_job.h
index c7d05be65..f7b38337e 100644
--- a/src/charon/queues/jobs/send_keepalive_job.h
+++ b/src/charon/processing/jobs/send_keepalive_job.h
@@ -25,8 +25,7 @@
typedef struct send_keepalive_job_t send_keepalive_job_t;
#include <library.h>
-#include <queues/jobs/job.h>
-#include <config/connections/connection.h>
+#include <processing/jobs/job.h>
#include <sa/ike_sa_id.h>
/**
diff --git a/src/charon/threads/scheduler.c b/src/charon/processing/scheduler.c
index 74091e3a3..7249e43e6 100644
--- a/src/charon/threads/scheduler.c
+++ b/src/charon/processing/scheduler.c
@@ -27,7 +27,7 @@
#include "scheduler.h"
#include <daemon.h>
-#include <queues/job_queue.h>
+#include <processing/job_queue.h>
typedef struct private_scheduler_t private_scheduler_t;
@@ -60,6 +60,8 @@ static void get_events(private_scheduler_t * this)
DBG1(DBG_JOB, "scheduler thread running, thread_ID: %06u",
(int)pthread_self());
+ charon->drop_capabilities(charon, TRUE);
+
while (TRUE)
{
DBG2(DBG_JOB, "waiting for next event...");
diff --git a/src/charon/threads/scheduler.h b/src/charon/processing/scheduler.h
index daecce3c6..bea93e7c9 100644
--- a/src/charon/threads/scheduler.h
+++ b/src/charon/processing/scheduler.h
@@ -39,7 +39,7 @@ typedef struct scheduler_t scheduler_t;
* @b Constructors:
* - scheduler_create()
*
- * @ingroup threads
+ * @ingroup processing
*/
struct scheduler_t {
@@ -61,7 +61,7 @@ struct scheduler_t {
* - scheduler_t object
* - NULL if thread could not be started
*
- * @ingroup threads
+ * @ingroup processing
*/
scheduler_t * scheduler_create(void);
diff --git a/src/charon/threads/thread_pool.c b/src/charon/processing/thread_pool.c
index 052b5aab9..a9891da15 100644
--- a/src/charon/threads/thread_pool.c
+++ b/src/charon/processing/thread_pool.c
@@ -29,7 +29,7 @@
#include "thread_pool.h"
#include <daemon.h>
-#include <queues/job_queue.h>
+#include <processing/job_queue.h>
typedef struct private_thread_pool_t private_thread_pool_t;
@@ -57,7 +57,7 @@ struct private_thread_pool_t {
* Array of thread ids.
*/
pthread_t *threads;
-} ;
+};
/**
* Implementation of private_thread_pool_t.process_jobs.
@@ -73,6 +73,8 @@ static void process_jobs(private_thread_pool_t *this)
DBG1(DBG_JOB, "worker thread running, thread_ID: %06u",
(int)pthread_self());
+ charon->drop_capabilities(charon, TRUE);
+
while (TRUE)
{
/* TODO: should be atomic, but is not mission critical */
diff --git a/src/charon/threads/thread_pool.h b/src/charon/processing/thread_pool.h
index 8e1989bda..09a6312a8 100644
--- a/src/charon/threads/thread_pool.h
+++ b/src/charon/processing/thread_pool.h
@@ -41,7 +41,7 @@ typedef struct thread_pool_t thread_pool_t;
*
* @todo Add support for dynamic thread handling
*
- * @ingroup threads
+ * @ingroup processing
*/
struct thread_pool_t {
@@ -79,7 +79,7 @@ struct thread_pool_t {
* - thread_pool_t object if one ore more threads could be started, or
* - NULL if no threads could be created
*
- * @ingroup threads
+ * @ingroup processing
*/
thread_pool_t *thread_pool_create(size_t pool_size);
diff --git a/src/charon/queues/jobs/initiate_job.c b/src/charon/queues/jobs/initiate_job.c
deleted file mode 100644
index af50663d6..000000000
--- a/src/charon/queues/jobs/initiate_job.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/**
- * @file initiate_job.c
- *
- * @brief Implementation of initiate_job_t.
- *
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-
-#include <stdlib.h>
-
-#include "initiate_job.h"
-
-#include <daemon.h>
-
-typedef struct private_initiate_job_t private_initiate_job_t;
-
-/**
- * Private data of an initiate_job_t Object
- */
-struct private_initiate_job_t {
- /**
- * public initiate_job_t interface
- */
- initiate_job_t public;
-
- /**
- * associated connection to initiate
- */
- connection_t *connection;
-
- /**
- * associated policy to initiate
- */
- policy_t *policy;
-};
-
-/**
- * Implements initiate_job_t.get_type.
- */
-static job_type_t get_type(private_initiate_job_t *this)
-{
- return INITIATE;
-}
-
-/**
- * Implementation of job_t.execute.
- */
-static status_t execute(private_initiate_job_t *this)
-{
- ike_sa_t *ike_sa;
-
- ike_sa = charon->ike_sa_manager->checkout_by_peer(charon->ike_sa_manager,
- this->connection->get_my_host(this->connection),
- this->connection->get_other_host(this->connection),
- this->policy->get_my_id(this->policy),
- this->policy->get_other_id(this->policy));
-
- if (ike_sa->initiate(ike_sa, this->connection, this->policy) != SUCCESS)
- {
- DBG1(DBG_JOB, "initiation failed, going to delete IKE_SA");
- charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
- return DESTROY_ME;
- }
-
- charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
- return DESTROY_ME;
-}
-
-/**
- * Implements job_t.destroy.
- */
-static void destroy(private_initiate_job_t *this)
-{
- this->connection->destroy(this->connection);
- this->policy->destroy(this->policy);
- free(this);
-}
-
-/*
- * Described in header
- */
-initiate_job_t *initiate_job_create(connection_t *connection, policy_t *policy)
-{
- private_initiate_job_t *this = malloc_thing(private_initiate_job_t);
-
- /* interface functions */
- this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type;
- this->public.job_interface.execute = (status_t (*) (job_t *)) execute;
- this->public.job_interface.destroy = (void (*) (job_t *)) destroy;
-
- /* private variables */
- this->connection = connection;
- this->policy = policy;
-
- return &this->public;
-}
diff --git a/src/charon/queues/jobs/initiate_job.h b/src/charon/queues/jobs/initiate_job.h
deleted file mode 100644
index af1dd9ece..000000000
--- a/src/charon/queues/jobs/initiate_job.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * @file initiate_job.h
- *
- * @brief Interface of initiate_job_t.
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef INITIATE_IKE_SA_JOB_H_
-#define INITIATE_IKE_SA_JOB_H_
-
-typedef struct initiate_job_t initiate_job_t;
-
-#include <library.h>
-#include <queues/jobs/job.h>
-#include <config/connections/connection.h>
-#include <config/policies/policy.h>
-
-/**
- * @brief Class representing an INITIATE_IKE_SA Job.
- *
- * This job is created if an IKE_SA should be iniated.
- *
- * @b Constructors:
- * - initiate_job_create()
- *
- * @ingroup jobs
- */
-struct initiate_job_t {
- /**
- * implements job_t interface
- */
- job_t job_interface;
-};
-
-/**
- * @brief Creates a job of type INITIATE_IKE_SA.
- *
- * @param connection connection_t to initialize
- * @param policy policy to set up
- * @return initiate_job_t object
- *
- * @ingroup jobs
- */
-initiate_job_t *initiate_job_create(connection_t *connection, policy_t *policy);
-
-#endif /*INITIATE_IKE_SA_JOB_H_*/
diff --git a/src/charon/queues/jobs/route_job.c b/src/charon/queues/jobs/route_job.c
deleted file mode 100644
index bb6281dcc..000000000
--- a/src/charon/queues/jobs/route_job.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/**
- * @file route_job.c
- *
- * @brief Implementation of route_job_t.
- *
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-
-#include <stdlib.h>
-
-#include "route_job.h"
-
-#include <daemon.h>
-
-typedef struct private_route_job_t private_route_job_t;
-
-/**
- * Private data of an route_job_t Object
- */
-struct private_route_job_t {
- /**
- * public route_job_t interface
- */
- route_job_t public;
-
- /**
- * associated connection to route
- */
- connection_t *connection;
-
- /**
- * associated policy to route
- */
- policy_t *policy;
-
- /**
- * route or unroute?
- */
- bool route;
-};
-
-/**
- * Implements route_job_t.get_type.
- */
-static job_type_t get_type(private_route_job_t *this)
-{
- return ROUTE;
-}
-
-/**
- * Implementation of job_t.execute.
- */
-static status_t execute(private_route_job_t *this)
-{
- ike_sa_t *ike_sa;
-
- ike_sa = charon->ike_sa_manager->checkout_by_peer(charon->ike_sa_manager,
- this->connection->get_my_host(this->connection),
- this->connection->get_other_host(this->connection),
- this->policy->get_my_id(this->policy),
- this->policy->get_other_id(this->policy));
- if (this->route)
- {
- if (ike_sa->route(ike_sa, this->connection, this->policy) != SUCCESS)
- {
- DBG1(DBG_JOB, "routing failed");
- }
- }
- else
- {
- if (ike_sa->unroute(ike_sa, this->policy) == DESTROY_ME)
- {
- DBG1(DBG_JOB, "removing IKE_SA, as last routed CHILD_SA unrouted");
- charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
- return DESTROY_ME;
- }
- }
- charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
- return DESTROY_ME;
-}
-
-/**
- * Implements job_t.destroy.
- */
-static void destroy(private_route_job_t *this)
-{
- this->connection->destroy(this->connection);
- this->policy->destroy(this->policy);
- free(this);
-}
-
-/*
- * Described in header
- */
-route_job_t *route_job_create(connection_t *connection, policy_t *policy, bool route)
-{
- private_route_job_t *this = malloc_thing(private_route_job_t);
-
- /* interface functions */
- this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type;
- this->public.job_interface.execute = (status_t (*) (job_t *)) execute;
- this->public.job_interface.destroy = (void (*) (job_t *)) destroy;
-
- /* private variables */
- this->connection = connection;
- this->policy = policy;
- this->route = route;
-
- return &this->public;
-}
diff --git a/src/charon/queues/jobs/route_job.h b/src/charon/queues/jobs/route_job.h
deleted file mode 100644
index 2743a70ab..000000000
--- a/src/charon/queues/jobs/route_job.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/**
- * @file route_job.h
- *
- * @brief Interface of route_job_t.
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef ROUTE_JOB_H_
-#define ROUTE_JOB_H_
-
-typedef struct route_job_t route_job_t;
-
-#include <library.h>
-#include <queues/jobs/job.h>
-#include <config/policies/policy.h>
-#include <config/connections/connection.h>
-
-/**
- * @brief Class representing an ROUTE Job.
- *
- * @b Constructors:
- * - route_job_create()
- *
- * @ingroup jobs
- */
-struct route_job_t {
- /**
- * implements job_t interface
- */
- job_t job_interface;
-};
-
-/**
- * @brief Creates a job of type ROUTE.
- *
- * @param connection connection used for routing
- * @param policy policy to set up
- * @param route TRUE to route, FALSE to unroute
- * @return route_job_t object
- *
- * @ingroup jobs
- */
-route_job_t *route_job_create(connection_t *connection, policy_t *policy, bool route);
-
-#endif /*ROUTE_JOB_H_*/
diff --git a/src/charon/sa/authenticators/eap/eap_method.c b/src/charon/sa/authenticators/eap/eap_method.c
index a4d8abb58..e4a58f0a3 100644
--- a/src/charon/sa/authenticators/eap/eap_method.c
+++ b/src/charon/sa/authenticators/eap/eap_method.c
@@ -85,7 +85,7 @@ void eap_method_unload()
while (modules->remove_last(modules, (void**)&entry) == SUCCESS)
{
- DBG2(DBG_CFG, "unloaded module for %s", eap_type_names, entry->type);
+ DBG2(DBG_CFG, "unloaded module for %N", eap_type_names, entry->type);
dlclose(entry->handle);
free(entry);
}
@@ -100,27 +100,10 @@ void eap_method_unload()
void eap_method_load(char *directory)
{
struct dirent* entry;
- struct stat stb;
DIR* dir;
eap_method_unload();
modules = linked_list_create();
-
- if (stat(directory, &stb) == -1 || !(stb.st_mode & S_IFDIR))
- {
- DBG1(DBG_CFG, "error opening EAP modules directory %s", directory);
- return;
- }
- if (stb.st_uid != 0)
- {
- DBG1(DBG_CFG, "EAP modules directory %s not owned by root, skipped", directory);
- return;
- }
- if (stb.st_mode & S_IWOTH || stb.st_mode & S_IWGRP)
- {
- DBG1(DBG_CFG, "EAP modules directory %s writable by others, skipped", directory);
- return;
- }
dir = opendir(directory);
if (dir == NULL)
@@ -141,12 +124,6 @@ void eap_method_load(char *directory)
snprintf(file, sizeof(file), "%s/%s", directory, entry->d_name);
- if (stat(file, &stb) == -1 || !(stb.st_mode & S_IFREG))
- {
- DBG2(DBG_CFG, " skipping %s, doesn't look like a file",
- entry->d_name);
- continue;
- }
ending = entry->d_name + strlen(entry->d_name) - 3;
if (ending <= entry->d_name || !streq(ending, ".so"))
{
@@ -155,16 +132,6 @@ void eap_method_load(char *directory)
entry->d_name);
continue;
}
- if (stb.st_uid != 0)
- {
- DBG1(DBG_CFG, " skipping %s, file is not owned by root", entry->d_name);
- return;
- }
- if (stb.st_mode & S_IWOTH || stb.st_mode & S_IWGRP)
- {
- DBG1(DBG_CFG, " skipping %s, file is writeable by others", entry->d_name);
- continue;
- }
/* try to load the library */
module.handle = dlopen(file, RTLD_LAZY);
diff --git a/src/charon/sa/authenticators/eap/eap_sim.c b/src/charon/sa/authenticators/eap/eap_sim.c
index 3dc59fb6b..38d7f2534 100644
--- a/src/charon/sa/authenticators/eap/eap_sim.c
+++ b/src/charon/sa/authenticators/eap/eap_sim.c
@@ -398,6 +398,30 @@ static status_t process_start(private_eap_sim_t *this, eap_payload_t *in,
/* only include AT_IDENTITY if requested */
include_id = AT_IDENTITY;
break;
+ case AT_NOTIFICATION:
+ {
+ u_int16_t code = 0;
+ if (data.len == 2)
+ {
+ code = ntohs(*(u_int16_t*)data.ptr);
+ }
+ if (code <= 32767) /* no success bit */
+ {
+ DBG1(DBG_IKE, "received %N error %d",
+ sim_attribute_names, attribute, code);
+ *out = build_payload(this,
+ in->get_identifier(in), SIM_CLIENT_ERROR,
+ AT_CLIENT_ERROR_CODE, client_error_general,
+ AT_END);
+ return NEED_MORE;
+ }
+ else
+ {
+ DBG1(DBG_IKE, "received %N code %d",
+ sim_attribute_names, attribute, code);
+ }
+ break;
+ }
default:
DBG1(DBG_IKE, "ignoring EAP_SIM attribute %N",
sim_attribute_names, attribute);
@@ -456,6 +480,30 @@ static status_t process_challenge(private_eap_sim_t *this, eap_payload_t *in,
memset(data.ptr, 0, data.len);
break;
}
+ case AT_NOTIFICATION:
+ {
+ u_int16_t code = 0;
+ if (data.len == 2)
+ {
+ code = ntohs(*(u_int16_t*)data.ptr);
+ }
+ if (code <= 32767) /* no success bit */
+ {
+ DBG1(DBG_IKE, "received %N error %d",
+ sim_attribute_names, attribute, code);
+ *out = build_payload(this,
+ in->get_identifier(in), SIM_CLIENT_ERROR,
+ AT_CLIENT_ERROR_CODE, client_error_general,
+ AT_END);
+ return NEED_MORE;
+ }
+ else
+ {
+ DBG1(DBG_IKE, "received %N code %d",
+ sim_attribute_names, attribute, code);
+ }
+ break;
+ }
default:
DBG1(DBG_IKE, "ignoring EAP_SIM attribute %N",
sim_attribute_names, attribute);
@@ -472,7 +520,7 @@ static status_t process_challenge(private_eap_sim_t *this, eap_payload_t *in,
*out = build_payload(this, identifier, SIM_CLIENT_ERROR,
AT_CLIENT_ERROR_CODE, client_error_insufficient,
AT_END);
- return FAILED;
+ return NEED_MORE;
}
if (mac.len != MAC_LEN)
{
@@ -557,6 +605,58 @@ static status_t process_challenge(private_eap_sim_t *this, eap_payload_t *in,
}
/**
+ * process an EAP-SIM/Request/Notification message
+ */
+static status_t process_notification(private_eap_sim_t *this, eap_payload_t *in,
+ eap_payload_t **out)
+{
+ chunk_t message, data;
+ sim_attribute_t attribute;
+
+ message = in->get_data(in);
+ read_header(&message);
+
+ while ((attribute = read_attribute(&message, &data)) != AT_END)
+ {
+ switch (attribute)
+ {
+ case AT_NOTIFICATION:
+ {
+ u_int16_t code = 0;
+ if (data.len == 2)
+ {
+ code = ntohs(*(u_int16_t*)data.ptr);
+ }
+ if (code <= 32767) /* no success bit */
+ {
+ DBG1(DBG_IKE, "received %N error %d",
+ sim_attribute_names, attribute, code);
+ *out = build_payload(this,
+ in->get_identifier(in), SIM_CLIENT_ERROR,
+ AT_CLIENT_ERROR_CODE, client_error_general,
+ AT_END);
+ return NEED_MORE;
+ }
+ else
+ {
+ DBG1(DBG_IKE, "received %N code %d",
+ sim_attribute_names, attribute, code);
+ }
+ break;
+ }
+ default:
+ DBG1(DBG_IKE, "ignoring EAP_SIM attribute %N",
+ sim_attribute_names, attribute);
+ break;
+ }
+ }
+ /* reply with empty notification */
+ *out = build_payload(this, in->get_identifier(in), SIM_NOTIFICATION, AT_END);
+ return NEED_MORE;
+}
+
+
+/**
* Implementation of eap_method_t.process for the peer
*/
static status_t process(private_eap_sim_t *this,
@@ -574,6 +674,8 @@ static status_t process(private_eap_sim_t *this,
return process_start(this, in, out);
case SIM_CHALLENGE:
return process_challenge(this, in, out);
+ case SIM_NOTIFICATION:
+ return process_notification(this, in, out);
default:
DBG1(DBG_IKE, "unable to process EAP_SIM subtype %N",
sim_subtype_names, type);
diff --git a/src/charon/sa/authenticators/eap_authenticator.c b/src/charon/sa/authenticators/eap_authenticator.c
index 6c8ca8d8f..6e2f73a43 100644
--- a/src/charon/sa/authenticators/eap_authenticator.c
+++ b/src/charon/sa/authenticators/eap_authenticator.c
@@ -25,7 +25,7 @@
#include "eap_authenticator.h"
#include <daemon.h>
-#include <config/policies/policy.h>
+#include <config/peer_cfg.h>
#include <sa/authenticators/eap/eap_method.h>
typedef struct private_eap_authenticator_t private_eap_authenticator_t;
@@ -61,21 +61,31 @@ struct private_eap_authenticator_t {
chunk_t msk;
};
+/**
+ * reuse shared key signature function from PSK authenticator
+ */
extern chunk_t build_shared_key_signature(chunk_t ike_sa_init, chunk_t nonce,
- chunk_t secret, identification_t *id,
- prf_t *prf_skp, prf_t *prf);
-
+ chunk_t secret, identification_t *id,
+ chunk_t skp, prf_t *prf);
/**
* Implementation of authenticator_t.verify.
*/
static status_t verify(private_eap_authenticator_t *this, chunk_t ike_sa_init,
chunk_t my_nonce, auth_payload_t *auth_payload)
{
- chunk_t auth_data, recv_auth_data;
+ chunk_t auth_data, recv_auth_data, secret;
identification_t *other_id = this->ike_sa->get_other_id(this->ike_sa);
- auth_data = build_shared_key_signature(ike_sa_init, my_nonce, this->msk,
- other_id, this->ike_sa->get_auth_verify(this->ike_sa),
+ if (this->msk.len)
+ { /* use MSK if EAP method established one... */
+ secret = this->msk;
+ }
+ else
+ { /* ... or use SKp if not */
+ secret = this->ike_sa->get_skp_verify(this->ike_sa);
+ }
+ auth_data = build_shared_key_signature(ike_sa_init, my_nonce, secret,
+ other_id, this->ike_sa->get_skp_verify(this->ike_sa),
this->ike_sa->get_prf(this->ike_sa));
recv_auth_data = auth_payload->get_data(auth_payload);
@@ -98,14 +108,22 @@ static status_t verify(private_eap_authenticator_t *this, chunk_t ike_sa_init,
static status_t build(private_eap_authenticator_t *this, chunk_t ike_sa_init,
chunk_t other_nonce, auth_payload_t **auth_payload)
{
- chunk_t auth_data;
+ chunk_t auth_data, secret;
identification_t *my_id = this->ike_sa->get_my_id(this->ike_sa);
DBG1(DBG_IKE, "authentication of '%D' (myself) with %N",
my_id, auth_method_names, AUTH_EAP);
-
- auth_data = build_shared_key_signature(ike_sa_init, other_nonce, this->msk,
- my_id, this->ike_sa->get_auth_build(this->ike_sa),
+
+ if (this->msk.len)
+ { /* use MSK if EAP method established one... */
+ secret = this->msk;
+ }
+ else
+ { /* ... or use SKp if not */
+ secret = this->ike_sa->get_skp_build(this->ike_sa);
+ }
+ auth_data = build_shared_key_signature(ike_sa_init, other_nonce, secret,
+ my_id, this->ike_sa->get_skp_build(this->ike_sa),
this->ike_sa->get_prf(this->ike_sa));
*auth_payload = auth_payload_create();
@@ -233,13 +251,14 @@ static status_t process_server(private_eap_authenticator_t *this,
DBG1(DBG_IKE, "EAP method %N succeded, MSK established",
eap_type_names, this->method->get_type(this->method));
this->msk = chunk_clone(this->msk);
- *out = eap_payload_create_code(EAP_SUCCESS);
- return SUCCESS;
}
- DBG1(DBG_IKE, "EAP method %N succeded, but no MSK established",
- eap_type_names, this->method->get_type(this->method));
- *out = eap_payload_create_code(EAP_FAILURE);
- return FAILED;
+ else
+ {
+ DBG1(DBG_IKE, "EAP method %N succeded, no MSK established",
+ eap_type_names, this->method->get_type(this->method));
+ }
+ *out = eap_payload_create_code(EAP_SUCCESS);
+ return SUCCESS;
case FAILED:
default:
DBG1(DBG_IKE, "EAP method %N failed for peer %D",
@@ -290,11 +309,8 @@ static status_t process(private_eap_authenticator_t *this, eap_payload_t *in,
if (this->method->get_msk(this->method, &this->msk) == SUCCESS)
{
this->msk = chunk_clone(this->msk);
- return SUCCESS;
}
- DBG1(DBG_IKE, "EAP method %N has no MSK established",
- eap_type_names, this->method->get_type(this->method));
- return FAILED;
+ return SUCCESS;
}
case EAP_FAILURE:
default:
diff --git a/src/charon/sa/authenticators/psk_authenticator.c b/src/charon/sa/authenticators/psk_authenticator.c
index 43aec0971..37465d029 100644
--- a/src/charon/sa/authenticators/psk_authenticator.c
+++ b/src/charon/sa/authenticators/psk_authenticator.c
@@ -25,7 +25,6 @@
#include "psk_authenticator.h"
-#include <config/policies/policy.h>
#include <daemon.h>
/**
@@ -78,11 +77,12 @@ chunk_t build_tbs_octets(chunk_t ike_sa_init, chunk_t nonce,
*/
chunk_t build_shared_key_signature(chunk_t ike_sa_init, chunk_t nonce,
chunk_t secret, identification_t *id,
- prf_t *prf_skp, prf_t *prf)
+ chunk_t skp, prf_t *prf)
{
chunk_t key_pad, key, auth_data, octets;
- octets = build_tbs_octets(ike_sa_init, nonce, id, prf_skp);
+ prf->set_key(prf, skp);
+ octets = build_tbs_octets(ike_sa_init, nonce, id, prf);
/* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
key_pad.ptr = IKEV2_KEY_PAD;
key_pad.len = IKEV2_KEY_PAD_LENGTH;
@@ -122,7 +122,7 @@ static status_t verify(private_psk_authenticator_t *this, chunk_t ike_sa_init,
}
auth_data = build_shared_key_signature(ike_sa_init, my_nonce, shared_key,
- other_id, this->ike_sa->get_auth_verify(this->ike_sa),
+ other_id, this->ike_sa->get_skp_verify(this->ike_sa),
this->ike_sa->get_prf(this->ike_sa));
chunk_free(&shared_key);
@@ -165,7 +165,7 @@ static status_t build(private_psk_authenticator_t *this, chunk_t ike_sa_init,
}
auth_data = build_shared_key_signature(ike_sa_init, other_nonce, shared_key,
- my_id, this->ike_sa->get_auth_build(this->ike_sa),
+ my_id, this->ike_sa->get_skp_build(this->ike_sa),
this->ike_sa->get_prf(this->ike_sa));
DBG2(DBG_IKE, "successfully created shared key MAC");
chunk_free(&shared_key);
diff --git a/src/charon/sa/authenticators/rsa_authenticator.c b/src/charon/sa/authenticators/rsa_authenticator.c
index dfa01e332..e5c5cd60e 100644
--- a/src/charon/sa/authenticators/rsa_authenticator.c
+++ b/src/charon/sa/authenticators/rsa_authenticator.c
@@ -25,7 +25,6 @@
#include "rsa_authenticator.h"
-#include <config/policies/policy.h>
#include <daemon.h>
@@ -61,8 +60,9 @@ static status_t verify(private_rsa_authenticator_t *this, chunk_t ike_sa_init,
{
status_t status;
chunk_t auth_data, octets;
- rsa_public_key_t *public_key;
identification_t *other_id;
+ ca_info_t *issuer;
+ prf_t *prf;
other_id = this->ike_sa->get_other_id(this->ike_sa);
@@ -71,27 +71,20 @@ static status_t verify(private_rsa_authenticator_t *this, chunk_t ike_sa_init,
return INVALID_ARG;
}
auth_data = auth_payload->get_data(auth_payload);
- public_key = charon->credentials->get_trusted_public_key(charon->credentials,
- other_id);
- if (public_key == NULL)
- {
- DBG1(DBG_IKE, "no RSA public key found for '%D'", other_id);
- return NOT_FOUND;
- }
- octets = build_tbs_octets(ike_sa_init, my_nonce, other_id,
- this->ike_sa->get_auth_verify(this->ike_sa));
- status = public_key->verify_emsa_pkcs1_signature(public_key, octets, auth_data);
+ prf = this->ike_sa->get_prf(this->ike_sa);
+ prf->set_key(prf, this->ike_sa->get_skp_verify(this->ike_sa));
+ octets = build_tbs_octets(ike_sa_init, my_nonce, other_id, prf);
+ status = charon->credentials->verify_signature(charon->credentials,
+ octets, auth_data, other_id, &issuer);
chunk_free(&octets);
- if (status != SUCCESS)
+ if (status == SUCCESS)
{
- DBG1(DBG_IKE, "RSA signature verification failed");
- return status;
+ this->ike_sa->set_other_ca(this->ike_sa, issuer);
+ DBG1(DBG_IKE, "authentication of '%D' with %N successful",
+ other_id, auth_method_names, AUTH_RSA);
}
-
- DBG1(DBG_IKE, "authentication of '%D' with %N successful",
- other_id, auth_method_names, AUTH_RSA);
- return SUCCESS;
+ return status;
}
/**
@@ -107,6 +100,7 @@ static status_t build(private_rsa_authenticator_t *this, chunk_t ike_sa_init,
rsa_public_key_t *my_pubkey;
rsa_private_key_t *my_key;
identification_t *my_id;
+ prf_t *prf;
my_id = this->ike_sa->get_my_id(this->ike_sa);
DBG1(DBG_IKE, "authentication of '%D' (myself) with %N",
@@ -131,8 +125,9 @@ static status_t build(private_rsa_authenticator_t *this, chunk_t ike_sa_init,
}
DBG2(DBG_IKE, "matching RSA private key found");
- octets = build_tbs_octets(ike_sa_init, other_nonce, my_id,
- this->ike_sa->get_auth_build(this->ike_sa));
+ prf = this->ike_sa->get_prf(this->ike_sa);
+ prf->set_key(prf, this->ike_sa->get_skp_build(this->ike_sa));
+ octets = build_tbs_octets(ike_sa_init, other_nonce, my_id, prf);
status = my_key->build_emsa_pkcs1_signature(my_key, HASH_SHA1, octets, &auth_data);
chunk_free(&octets);
diff --git a/src/charon/sa/child_sa.c b/src/charon/sa/child_sa.c
index 19131389d..1e7b6cb2c 100644
--- a/src/charon/sa/child_sa.c
+++ b/src/charon/sa/child_sa.c
@@ -27,7 +27,6 @@
#include <stdio.h>
#include <string.h>
-#include <printf.h>
#include <daemon.h>
@@ -154,9 +153,9 @@ struct private_child_sa_t {
host_t *virtual_ip;
/**
- * policy used to create this child
+ * config used to create this child
*/
- policy_t *policy;
+ child_cfg_t *config;
};
/**
@@ -164,7 +163,7 @@ struct private_child_sa_t {
*/
static char *get_name(private_child_sa_t *this)
{
- return this->policy->get_name(this->policy);;
+ return this->config->get_name(this->config);
}
/**
@@ -204,11 +203,57 @@ static child_sa_state_t get_state(private_child_sa_t *this)
}
/**
- * Implements child_sa_t.get_policy
+ * Implements child_sa_t.get_config
*/
-static policy_t* get_policy(private_child_sa_t *this)
+static child_cfg_t* get_config(private_child_sa_t *this)
{
- return this->policy;
+ return this->config;
+}
+
+/**
+ * Implementation of child_sa_t.get_stats.
+ */
+static void get_stats(private_child_sa_t *this, mode_t *mode,
+ encryption_algorithm_t *encr_algo, size_t *encr_len,
+ integrity_algorithm_t *int_algo, size_t *int_len,
+ u_int32_t *rekey, u_int32_t *use_in, u_int32_t *use_out,
+ u_int32_t *use_fwd)
+{
+ sa_policy_t *policy;
+ iterator_t *iterator;
+ u_int32_t in = 0, out = 0, fwd = 0, time;
+
+ iterator = this->policies->create_iterator(this->policies, TRUE);
+ while (iterator->iterate(iterator, (void**)&policy))
+ {
+
+ if (charon->kernel_interface->query_policy(charon->kernel_interface,
+ policy->other_ts, policy->my_ts, POLICY_IN, &time) == SUCCESS)
+ {
+ in = max(in, time);
+ }
+ if (charon->kernel_interface->query_policy(charon->kernel_interface,
+ policy->my_ts, policy->other_ts, POLICY_OUT, &time) == SUCCESS)
+ {
+ out = max(out, time);
+ }
+ if (charon->kernel_interface->query_policy(charon->kernel_interface,
+ policy->other_ts, policy->my_ts, POLICY_FWD, &time) == SUCCESS)
+ {
+ fwd = max(fwd, time);
+ }
+ }
+ iterator->destroy(iterator);
+
+ *mode = this->mode;
+ *encr_algo = this->encryption.algorithm;
+ *encr_len = this->encryption.key_size;
+ *int_algo = this->integrity.algorithm;
+ *int_len = this->integrity.key_size;
+ *rekey = this->rekey_time;
+ *use_in = in;
+ *use_out = out;
+ *use_fwd = fwd;
}
/**
@@ -220,7 +265,7 @@ static void updown(private_child_sa_t *this, bool up)
iterator_t *iterator;
char *script;
- script = this->policy->get_updown(this->policy);
+ script = this->config->get_updown(this->config);
if (script == NULL)
{
@@ -300,7 +345,7 @@ static void updown(private_child_sa_t *this, bool up)
policy->my_ts->is_host(policy->my_ts,
this->me.addr) ? "-host" : "-client",
this->me.addr->get_family(this->me.addr) == AF_INET ? "" : "-ipv6",
- this->policy->get_name(this->policy),
+ this->config->get_name(this->config),
ifname ? ifname : "(unknown)",
this->reqid,
this->me.addr,
@@ -316,7 +361,7 @@ static void updown(private_child_sa_t *this, bool up)
policy->other_ts->get_from_port(policy->other_ts),
policy->other_ts->get_protocol(policy->other_ts),
virtual_ip,
- this->policy->get_hostaccess(this->policy) ?
+ this->config->get_hostaccess(this->config) ?
"PLUTO_HOST_ACCESS='1' " : "",
script);
free(ifname);
@@ -528,8 +573,8 @@ static status_t install(private_child_sa_t *this, proposal_t *proposal,
natt = NULL;
}
- soft = this->policy->get_soft_lifetime(this->policy);
- hard = this->policy->get_hard_lifetime(this->policy);
+ soft = this->config->get_lifetime(this->config, TRUE);
+ hard = this->config->get_lifetime(this->config, FALSE);
/* send SA down to the kernel */
DBG2(DBG_CHD, " SPI 0x%.8x, src %H dst %H", ntohl(spi), src, dst);
@@ -542,7 +587,7 @@ static status_t install(private_child_sa_t *this, proposal_t *proposal,
this->encryption = *enc_algo;
this->integrity = *int_algo;
this->install_time = time(NULL);
- this->rekey_time = soft;
+ this->rekey_time = this->install_time + soft;
return status;
}
@@ -628,7 +673,7 @@ static status_t add_policies(private_child_sa_t *this,
if (my_ts->get_type(my_ts) != other_ts->get_type(other_ts))
{
DBG2(DBG_CHD,
- "CHILD_SA policy uses two different IP families, ignored");
+ "CHILD_SA policy uses two different IP families - ignored");
continue;
}
@@ -637,7 +682,7 @@ static status_t add_policies(private_child_sa_t *this,
my_ts->get_protocol(my_ts) && other_ts->get_protocol(other_ts))
{
DBG2(DBG_CHD,
- "CHILD_SA policy uses two different protocols, ignored");
+ "CHILD_SA policy uses two different protocols - ignored");
continue;
}
@@ -665,10 +710,10 @@ static status_t add_policies(private_child_sa_t *this,
policy = malloc_thing(sa_policy_t);
policy->my_ts = my_ts->clone(my_ts);
policy->other_ts = other_ts->clone(other_ts);
- this->policies->insert_last(this->policies, (void*)policy);
+ this->policies->insert_last(this->policies, policy);
/* add to separate list to query them via get_*_traffic_selectors() */
- this->my_ts->insert_last(this->my_ts, (void*)policy->my_ts);
- this->other_ts->insert_last(this->other_ts, (void*)policy->other_ts);
+ this->my_ts->insert_last(this->my_ts, policy->my_ts);
+ this->other_ts->insert_last(this->other_ts, policy->other_ts);
}
}
my_iter->destroy(my_iter);
@@ -685,18 +730,14 @@ static status_t add_policies(private_child_sa_t *this,
}
/**
- * Implementation of child_sa_t.get_my_traffic_selectors.
+ * Implementation of child_sa_t.get_traffic_selectors.
*/
-static linked_list_t *get_my_traffic_selectors(private_child_sa_t *this)
-{
- return this->my_ts;
-}
-
-/**
- * Implementation of child_sa_t.get_my_traffic_selectors.
- */
-static linked_list_t *get_other_traffic_selectors(private_child_sa_t *this)
+static linked_list_t *get_traffic_selectors(private_child_sa_t *this, bool local)
{
+ if (local)
+ {
+ return this->my_ts;
+ }
return this->other_ts;
}
@@ -741,126 +782,6 @@ static status_t get_use_time(private_child_sa_t *this, bool inbound, time_t *use
}
/**
- * output handler in printf()
- */
-static int print(FILE *stream, const struct printf_info *info,
- const void *const *args)
-{
- private_child_sa_t *this = *((private_child_sa_t**)(args[0]));
- iterator_t *iterator;
- sa_policy_t *policy;
- u_int32_t now, rekeying;
- u_int32_t use, use_in, use_fwd;
- status_t status;
- size_t written = 0;
-
- if (this == NULL)
- {
- return fprintf(stream, "(null)");
- }
-
- now = time(NULL);
-
- written += fprintf(stream, "%12s{%d}: %N, %N",
- this->policy->get_name(this->policy), this->reqid,
- child_sa_state_names, this->state,
- mode_names, this->mode);
-
- if (this->state == CHILD_INSTALLED)
- {
- written += fprintf(stream, ", %N SPIs: 0x%0x_i 0x%0x_o",
- protocol_id_names, this->protocol,
- htonl(this->me.spi), htonl(this->other.spi));
-
- if (info->alt)
- {
- written += fprintf(stream, "\n%12s{%d}: ",
- this->policy->get_name(this->policy),
- this->reqid);
-
- if (this->protocol == PROTO_ESP)
- {
- written += fprintf(stream, "%N", encryption_algorithm_names,
- this->encryption.algorithm);
-
- if (this->encryption.key_size)
- {
- written += fprintf(stream, "-%d", this->encryption.key_size);
- }
- written += fprintf(stream, "/");
- }
-
- written += fprintf(stream, "%N", integrity_algorithm_names,
- this->integrity.algorithm);
- if (this->integrity.key_size)
- {
- written += fprintf(stream, "-%d", this->integrity.key_size);
- }
- written += fprintf(stream, ", rekeying ");
-
- /* calculate rekey times */
- if (this->rekey_time)
- {
- rekeying = this->install_time + this->rekey_time - now;
- written += fprintf(stream, "in %ds", rekeying);
- }
- else
- {
- written += fprintf(stream, "disabled");
- }
- }
- }
- iterator = this->policies->create_iterator(this->policies, TRUE);
- while (iterator->iterate(iterator, (void**)&policy))
- {
- written += fprintf(stream, "\n%12s{%d}: %R===%R, last use: ",
- this->policy->get_name(this->policy), this->reqid,
- policy->my_ts, policy->other_ts);
-
- /* query time of last policy use */
-
- /* inbound: POLICY_IN or POLICY_FWD */
- status = charon->kernel_interface->query_policy(charon->kernel_interface,
- policy->other_ts, policy->my_ts, POLICY_IN, &use_in);
- use_in = (status == SUCCESS)? use_in : 0;
- status = charon->kernel_interface->query_policy(charon->kernel_interface,
- policy->other_ts, policy->my_ts, POLICY_FWD, &use_fwd);
- use_fwd = (status == SUCCESS)? use_fwd : 0;
- use = max(use_in, use_fwd);
- if (use)
- {
- written += fprintf(stream, "%ds_i ", now - use);
- }
- else
- {
- written += fprintf(stream, "no_i ");
- }
-
- /* outbound: POLICY_OUT */
- status = charon->kernel_interface->query_policy(charon->kernel_interface,
- policy->my_ts, policy->other_ts, POLICY_OUT, &use);
- if (status == SUCCESS && use)
- {
- written += fprintf(stream, "%ds_o ", now - use);
- }
- else
- {
- written += fprintf(stream, "no_o ");
- }
- }
- iterator->destroy(iterator);
- return written;
-}
-
-/**
- * register printf() handlers
- */
-static void __attribute__ ((constructor))print_register()
-{
- register_printf_function(PRINTF_CHILD_SA, print, arginfo_ptr);
-}
-
-/**
* Update the host adress/port of a SA
*/
static status_t update_sa_hosts(private_child_sa_t *this, host_t *new_me, host_t *new_other,
@@ -1066,7 +987,7 @@ static void destroy(private_child_sa_t *this)
this->other.addr->destroy(this->other.addr);
this->me.id->destroy(this->me.id);
this->other.id->destroy(this->other.id);
- this->policy->destroy(this->policy);
+ this->config->destroy(this->config);
DESTROY_IF(this->virtual_ip);
free(this);
}
@@ -1076,7 +997,7 @@ static void destroy(private_child_sa_t *this)
*/
child_sa_t * child_sa_create(host_t *me, host_t* other,
identification_t *my_id, identification_t *other_id,
- policy_t *policy, u_int32_t rekey, bool use_natt)
+ child_cfg_t *config, u_int32_t rekey, bool use_natt)
{
static u_int32_t reqid = 0;
private_child_sa_t *this = malloc_thing(private_child_sa_t);
@@ -1086,17 +1007,17 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
this->public.get_reqid = (u_int32_t(*)(child_sa_t*))get_reqid;
this->public.get_spi = (u_int32_t(*)(child_sa_t*, bool))get_spi;
this->public.get_protocol = (protocol_id_t(*)(child_sa_t*))get_protocol;
+ this->public.get_stats = (void(*)(child_sa_t*, mode_t*,encryption_algorithm_t*,size_t*,integrity_algorithm_t*,size_t*,u_int32_t*,u_int32_t*,u_int32_t*,u_int32_t*))get_stats;
this->public.alloc = (status_t(*)(child_sa_t*,linked_list_t*))alloc;
this->public.add = (status_t(*)(child_sa_t*,proposal_t*,mode_t,prf_plus_t*))add;
this->public.update = (status_t(*)(child_sa_t*,proposal_t*,mode_t,prf_plus_t*))update;
this->public.update_hosts = (status_t (*)(child_sa_t*,host_t*,host_t*,host_diff_t,host_diff_t))update_hosts;
this->public.add_policies = (status_t (*)(child_sa_t*, linked_list_t*,linked_list_t*,mode_t))add_policies;
- this->public.get_my_traffic_selectors = (linked_list_t*(*)(child_sa_t*))get_my_traffic_selectors;
- this->public.get_other_traffic_selectors = (linked_list_t*(*)(child_sa_t*))get_other_traffic_selectors;
+ this->public.get_traffic_selectors = (linked_list_t*(*)(child_sa_t*,bool))get_traffic_selectors;
this->public.get_use_time = (status_t (*)(child_sa_t*,bool,time_t*))get_use_time;
this->public.set_state = (void(*)(child_sa_t*,child_sa_state_t))set_state;
this->public.get_state = (child_sa_state_t(*)(child_sa_t*))get_state;
- this->public.get_policy = (policy_t*(*)(child_sa_t*))get_policy;
+ this->public.get_config = (child_cfg_t*(*)(child_sa_t*))get_config;
this->public.set_virtual_ip = (void(*)(child_sa_t*,host_t*))set_virtual_ip;
this->public.destroy = (void(*)(child_sa_t*))destroy;
@@ -1123,8 +1044,8 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
this->protocol = PROTO_NONE;
this->mode = MODE_TUNNEL;
this->virtual_ip = NULL;
- this->policy = policy;
- policy->get_ref(policy);
+ this->config = config;
+ config->get_ref(config);
return &this->public;
}
diff --git a/src/charon/sa/child_sa.h b/src/charon/sa/child_sa.h
index 216e56659..cf5f3e7d7 100644
--- a/src/charon/sa/child_sa.h
+++ b/src/charon/sa/child_sa.h
@@ -32,7 +32,7 @@ typedef struct child_sa_t child_sa_t;
#include <crypto/prf_plus.h>
#include <encoding/payloads/proposal_substructure.h>
#include <config/proposal.h>
-#include <config/policies/policy.h>
+#include <config/child_cfg.h>
/**
* Where we should start with reqid enumeration
@@ -101,7 +101,7 @@ extern enum_name_t *child_sa_state_names;
struct child_sa_t {
/**
- * @brief Get the name of the policy this CHILD_SA uses.
+ * @brief Get the name of the config this CHILD_SA uses.
*
* @param this calling object
* @return name
@@ -141,6 +141,25 @@ struct child_sa_t {
protocol_id_t (*get_protocol) (child_sa_t *this);
/**
+ * @brief Get info and statistics about this CHILD_SA.
+ *
+ * @param mode mode this IKE_SA uses
+ * @param encr_algo encryption algorithm used by this CHILD_SA.
+ * @param encr_len key length of the algorithm, if any
+ * @param int_algo integrity algorithm used by this CHILD_SA
+ * @param int_len key length of the algorithm, if any
+ * @param rekey time when rekeying is scheduled
+ * @param use_in time when last traffic was seen coming in
+ * @param use_out time when last traffic was seen going out
+ * @param use_fwd time when last traffic was getting forwarded
+ */
+ void (*get_stats)(child_sa_t *this, mode_t *mode,
+ encryption_algorithm_t *encr, size_t *encr_len,
+ integrity_algorithm_t *int_algo, size_t *int_len,
+ u_int32_t *rekey, u_int32_t *use_in, u_int32_t *use_out,
+ u_int32_t *use_fwd);
+
+ /**
* @brief Allocate SPIs for given proposals.
*
* Since the kernel manages SPIs for us, we need
@@ -214,17 +233,10 @@ struct child_sa_t {
* @brief Get the traffic selectors of added policies of local host.
*
* @param this calling object
+ * @param local TRUE for own traffic selectors, FALSE for remote
* @return list of traffic selectors
*/
- linked_list_t* (*get_my_traffic_selectors) (child_sa_t *this);
-
- /**
- * @brief Get the traffic selectors of added policies of remote host.
- *
- * @param this calling object
- * @return list of traffic selectors
- */
- linked_list_t* (*get_other_traffic_selectors) (child_sa_t *this);
+ linked_list_t* (*get_traffic_selectors) (child_sa_t *this, bool local);
/**
* @brief Get the time of this child_sa_t's last use (i.e. last use of any of its policies)
@@ -251,12 +263,12 @@ struct child_sa_t {
void (*set_state) (child_sa_t *this, child_sa_state_t state);
/**
- * @brief Get the policy used to set up this child sa.
+ * @brief Get the config used to set up this child sa.
*
* @param this calling object
- * @return policy
+ * @return child_cfg
*/
- policy_t* (*get_policy) (child_sa_t *this);
+ child_cfg_t* (*get_config) (child_sa_t *this);
/**
* @brief Set the virtual IP used received from IRAS.
@@ -284,7 +296,7 @@ struct child_sa_t {
* @param other remote address
* @param my_id id of own peer
* @param other_id id of remote peer
- * @param policy policy this CHILD_SA instantiates
+ * @param config config to use for this CHILD_SA
* @param reqid reqid of old CHILD_SA when rekeying, 0 otherwise
* @param use_natt TRUE if NAT traversal is used
* @return child_sa_t object
@@ -293,6 +305,6 @@ struct child_sa_t {
*/
child_sa_t * child_sa_create(host_t *me, host_t *other,
identification_t *my_id, identification_t* other_id,
- policy_t *policy, u_int32_t reqid, bool use_natt);
+ child_cfg_t *config, u_int32_t reqid, bool use_natt);
#endif /*CHILD_SA_H_*/
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index 68aba3064..8b4b53e10 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -26,6 +26,7 @@
#include <string.h>
#include <printf.h>
#include <sys/stat.h>
+#include <errno.h>
#include "ike_sa.h"
@@ -56,13 +57,11 @@
#include <sa/tasks/child_create.h>
#include <sa/tasks/child_delete.h>
#include <sa/tasks/child_rekey.h>
-#include <queues/jobs/retransmit_job.h>
-#include <queues/jobs/delete_ike_sa_job.h>
-#include <queues/jobs/send_dpd_job.h>
-#include <queues/jobs/send_keepalive_job.h>
-#include <queues/jobs/rekey_ike_sa_job.h>
-#include <queues/jobs/route_job.h>
-#include <queues/jobs/initiate_job.h>
+#include <processing/jobs/retransmit_job.h>
+#include <processing/jobs/delete_ike_sa_job.h>
+#include <processing/jobs/send_dpd_job.h>
+#include <processing/jobs/send_keepalive_job.h>
+#include <processing/jobs/rekey_ike_sa_job.h>
#ifndef RESOLV_CONF
@@ -105,14 +104,14 @@ struct private_ike_sa_t {
ike_sa_state_t state;
/**
- * connection used to establish this IKE_SA.
+ * IKE configuration used to set up this IKE_SA
*/
- connection_t *connection;
+ ike_cfg_t *ike_cfg;
/**
* Peer and authentication information to establish IKE_SA.
*/
- policy_t *policy;
+ peer_cfg_t *peer_cfg;
/**
* Juggles tasks to process messages
@@ -140,6 +139,11 @@ struct private_ike_sa_t {
identification_t *other_id;
/**
+ * CA that issued the certificate of other
+ */
+ ca_info_t *other_ca;
+
+ /**
* Linked List containing the child sa's of the current IKE_SA.
*/
linked_list_t *child_sas;
@@ -175,14 +179,14 @@ struct private_ike_sa_t {
prf_t *child_prf;
/**
- * PRF to build outging authentication data
+ * Key to build outging authentication data (SKp)
*/
- prf_t *auth_build;
+ chunk_t skp_build;
/**
- * PRF to verify incoming authentication data
+ * Key to verify incoming authentication data (SKp)
*/
- prf_t *auth_verify;
+ chunk_t skp_verify;
/**
* NAT status of local host.
@@ -273,79 +277,126 @@ static u_int32_t get_unique_id(private_ike_sa_t *this)
*/
static char *get_name(private_ike_sa_t *this)
{
- if (this->connection)
+ if (this->peer_cfg)
{
- return this->connection->get_name(this->connection);
+ return this->peer_cfg->get_name(this->peer_cfg);
}
return "(unnamed)";
}
+
/**
- * Implementation of ike_sa_t.get_connection
+ * Implementation of ike_sa_t.get_stats.
*/
-static connection_t* get_connection(private_ike_sa_t *this)
+static void get_stats(private_ike_sa_t *this, u_int32_t *next_rekeying)
{
- return this->connection;
+ if (next_rekeying)
+ {
+ *next_rekeying = this->time.rekey;
+ }
}
/**
- * Implementation of ike_sa_t.set_connection
+ * Implementation of ike_sa_t.get_my_host.
*/
-static void set_connection(private_ike_sa_t *this, connection_t *connection)
+static host_t *get_my_host(private_ike_sa_t *this)
{
- this->connection = connection;
- connection->get_ref(connection);
+ return this->my_host;
}
/**
- * Implementation of ike_sa_t.get_policy
+ * Implementation of ike_sa_t.set_my_host.
*/
-static policy_t *get_policy(private_ike_sa_t *this)
+static void set_my_host(private_ike_sa_t *this, host_t *me)
{
- return this->policy;
+ DESTROY_IF(this->my_host);
+ this->my_host = me;
}
/**
- * Implementation of ike_sa_t.set_policy
+ * Implementation of ike_sa_t.get_other_host.
*/
-static void set_policy(private_ike_sa_t *this, policy_t *policy)
+static host_t *get_other_host(private_ike_sa_t *this)
{
- policy->get_ref(policy);
- this->policy = policy;
+ return this->other_host;
}
/**
- * Implementation of ike_sa_t.get_my_host.
+ * Implementation of ike_sa_t.set_other_host.
*/
-static host_t *get_my_host(private_ike_sa_t *this)
+static void set_other_host(private_ike_sa_t *this, host_t *other)
{
- return this->my_host;
+ DESTROY_IF(this->other_host);
+ this->other_host = other;
}
/**
- * Implementation of ike_sa_t.set_my_host.
+ * Implementation of ike_sa_t.get_peer_cfg
*/
-static void set_my_host(private_ike_sa_t *this, host_t *me)
+static peer_cfg_t* get_peer_cfg(private_ike_sa_t *this)
{
- DESTROY_IF(this->my_host);
- this->my_host = me;
+ return this->peer_cfg;
}
/**
- * Implementation of ike_sa_t.get_other_host.
+ * Implementation of ike_sa_t.set_peer_cfg
*/
-static host_t *get_other_host(private_ike_sa_t *this)
+static void set_peer_cfg(private_ike_sa_t *this, peer_cfg_t *peer_cfg)
{
- return this->other_host;
+ peer_cfg->get_ref(peer_cfg);
+ this->peer_cfg = peer_cfg;
+
+ if (this->ike_cfg == NULL)
+ {
+ this->ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
+ this->ike_cfg->get_ref(this->ike_cfg);
+ }
+
+ /* apply values, so we are ready to initate/acquire */
+ if (this->my_host->is_anyaddr(this->my_host))
+ {
+ host_t *me = this->ike_cfg->get_my_host(this->ike_cfg);
+
+ set_my_host(this, me->clone(me));
+ }
+ if (this->other_host->is_anyaddr(this->other_host))
+ {
+ host_t *other = this->ike_cfg->get_other_host(this->ike_cfg);
+
+ set_other_host(this, other->clone(other));
+ }
+ /* apply IDs if they are not already set */
+ if (this->my_id->contains_wildcards(this->my_id))
+ {
+ identification_t *my_id = this->peer_cfg->get_my_id(this->peer_cfg);
+
+ DESTROY_IF(this->my_id);
+ this->my_id = my_id->clone(my_id);
+ }
+ if (this->other_id->contains_wildcards(this->other_id))
+ {
+ identification_t *other_id = this->peer_cfg->get_other_id(this->peer_cfg);
+
+ DESTROY_IF(this->other_id);
+ this->other_id = other_id->clone(other_id);
+ }
}
/**
- * Implementation of ike_sa_t.set_other_host.
+ * Implementation of ike_sa_t.get_ike_cfg
*/
-static void set_other_host(private_ike_sa_t *this, host_t *other)
+static ike_cfg_t *get_ike_cfg(private_ike_sa_t *this)
{
- DESTROY_IF(this->other_host);
- this->other_host = other;
+ return this->ike_cfg;
+}
+
+/**
+ * Implementation of ike_sa_t.set_ike_cfg
+ */
+static void set_ike_cfg(private_ike_sa_t *this, ike_cfg_t *ike_cfg)
+{
+ ike_cfg->get_ref(ike_cfg);
+ this->ike_cfg = ike_cfg;
}
/**
@@ -356,7 +407,7 @@ static status_t send_dpd(private_ike_sa_t *this)
send_dpd_job_t *job;
time_t diff, delay;
- delay = this->connection->get_dpd_delay(this->connection);
+ delay = this->peer_cfg->get_dpd_delay(this->peer_cfg);
if (delay == 0)
{
@@ -402,15 +453,14 @@ static status_t send_dpd(private_ike_sa_t *this)
static void send_keepalive(private_ike_sa_t *this)
{
send_keepalive_job_t *job;
- time_t last_out, now, diff, interval;
+ time_t last_out, now, diff;
last_out = get_use_time(this, FALSE);
now = time(NULL);
diff = now - last_out;
- interval = charon->configuration->get_keepalive_interval(charon->configuration);
- if (diff >= interval)
+ if (diff >= KEEPALIVE_INTERVAL)
{
packet_t *packet;
chunk_t data;
@@ -428,7 +478,7 @@ static void send_keepalive(private_ike_sa_t *this)
}
job = send_keepalive_job_create(this->ike_sa_id);
charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
- (interval - diff) * 1000);
+ (KEEPALIVE_INTERVAL - diff) * 1000);
}
/**
@@ -464,9 +514,9 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
send_dpd(this);
/* schedule rekeying/reauthentication */
- soft = this->connection->get_soft_lifetime(this->connection);
- hard = this->connection->get_hard_lifetime(this->connection);
- reauth = this->connection->get_reauth(this->connection);
+ soft = this->peer_cfg->get_lifetime(this->peer_cfg, TRUE);
+ hard = this->peer_cfg->get_lifetime(this->peer_cfg, FALSE);
+ reauth = this->peer_cfg->use_reauth(this->peer_cfg);
DBG1(DBG_IKE, "scheduling %s in %ds, maximum lifetime %ds",
reauth ? "reauthentication": "rekeying", soft, hard);
@@ -492,9 +542,8 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
{
/* delete may fail if a packet gets lost, so set a timeout */
job_t *job = (job_t*)delete_ike_sa_job_create(this->ike_sa_id, TRUE);
- charon->event_queue->add_relative(charon->event_queue, job,
- charon->configuration->get_half_open_ike_sa_timeout(
- charon->configuration));
+ charon->event_queue->add_relative(charon->event_queue, job,
+ HALF_OPEN_IKE_SA_TIMEOUT);
break;
}
default:
@@ -521,7 +570,7 @@ static void reset(private_ike_sa_t *this)
}
/**
- * Update connection host, as addresses may change (NAT)
+ * Update hosts, as addresses may change (NAT)
*/
static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other)
{
@@ -696,16 +745,16 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
me = message->get_destination(message);
other = message->get_source(message);
- /* if this IKE_SA is virgin, we check for a connection */
- if (this->connection == NULL)
+ /* if this IKE_SA is virgin, we check for a config */
+ if (this->ike_cfg == NULL)
{
job_t *job;
- this->connection = charon->connections->get_connection_by_hosts(
- charon->connections, me, other);
- if (this->connection == NULL)
+ this->ike_cfg = charon->backends->get_ike_cfg(charon->backends,
+ me, other);
+ if (this->ike_cfg == NULL)
{
- /* no connection found for these hosts, destroy */
- DBG1(DBG_IKE, "no connection found for %H...%H, sending %N",
+ /* no config found for these hosts, destroy */
+ DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
send_notify_response(this, message, NO_PROPOSAL_CHOSEN);
return DESTROY_ME;
@@ -713,11 +762,10 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
/* add a timeout if peer does not establish it completely */
job = (job_t*)delete_ike_sa_job_create(this->ike_sa_id, FALSE);
charon->event_queue->add_relative(charon->event_queue, job,
- charon->configuration->get_half_open_ike_sa_timeout(
- charon->configuration));
+ HALF_OPEN_IKE_SA_TIMEOUT);
}
-
- /* check if message is trustworthy, and update connection information */
+
+ /* check if message is trustworthy, and update host information */
if (this->state == IKE_CREATED ||
message->get_exchange_type(message) != IKE_SA_INIT)
{
@@ -729,46 +777,14 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
}
/**
- * apply the connection/policy information to this IKE_SA
- */
-static void apply_config(private_ike_sa_t *this,
- connection_t *connection, policy_t *policy)
-{
- host_t *me, *other;
- identification_t *my_id, *other_id;
-
- if (this->connection == NULL && this->policy == NULL)
- {
- this->connection = connection;
- connection->get_ref(connection);
- this->policy = policy;
- policy->get_ref(policy);
-
- me = connection->get_my_host(connection);
- other = connection->get_other_host(connection);
- my_id = policy->get_my_id(policy);
- other_id = policy->get_other_id(policy);
- set_my_host(this, me->clone(me));
- set_other_host(this, other->clone(other));
- DESTROY_IF(this->my_id);
- DESTROY_IF(this->other_id);
- this->my_id = my_id->clone(my_id);
- this->other_id = other_id->clone(other_id);
- }
-}
-
-/**
* Implementation of ike_sa_t.initiate.
*/
-static status_t initiate(private_ike_sa_t *this,
- connection_t *connection, policy_t *policy)
+static status_t initiate(private_ike_sa_t *this, child_cfg_t *child_cfg)
{
task_t *task;
if (this->state == IKE_CREATED)
{
- /* if we aren't established/establishing, do so */
- apply_config(this, connection, policy);
if (this->other_host->is_anyaddr(this->other_host))
{
@@ -785,11 +801,12 @@ static status_t initiate(private_ike_sa_t *this,
this->task_manager->queue_task(this->task_manager, task);
task = (task_t*)ike_auth_create(&this->public, TRUE);
this->task_manager->queue_task(this->task_manager, task);
- task = (task_t*)ike_config_create(&this->public, policy);
+ task = (task_t*)ike_config_create(&this->public, TRUE);
this->task_manager->queue_task(this->task_manager, task);
}
- task = (task_t*)child_create_create(&this->public, policy);
+ task = (task_t*)child_create_create(&this->public, child_cfg);
+ child_cfg->destroy(child_cfg);
this->task_manager->queue_task(this->task_manager, task);
return this->task_manager->initiate(this->task_manager);
@@ -800,7 +817,7 @@ static status_t initiate(private_ike_sa_t *this,
*/
static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
{
- policy_t *policy;
+ child_cfg_t *child_cfg;
iterator_t *iterator;
child_sa_t *current, *child_sa = NULL;
task_t *task;
@@ -833,7 +850,6 @@ static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
return FAILED;
}
- policy = child_sa->get_policy(child_sa);
if (this->state == IKE_CREATED)
{
@@ -845,11 +861,12 @@ static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
this->task_manager->queue_task(this->task_manager, task);
task = (task_t*)ike_auth_create(&this->public, TRUE);
this->task_manager->queue_task(this->task_manager, task);
- task = (task_t*)ike_config_create(&this->public, policy);
+ task = (task_t*)ike_config_create(&this->public, TRUE);
this->task_manager->queue_task(this->task_manager, task);
}
- child_create = child_create_create(&this->public, policy);
+ child_cfg = child_sa->get_config(child_sa);
+ child_create = child_create_create(&this->public, child_cfg);
child_create->use_reqid(child_create, reqid);
this->task_manager->queue_task(this->task_manager, (task_t*)child_create);
@@ -857,40 +874,11 @@ static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
}
/**
- * compare two lists of traffic selectors for equality
- */
-static bool ts_list_equals(linked_list_t *l1, linked_list_t *l2)
-{
- bool equals = TRUE;
- iterator_t *i1, *i2;
- traffic_selector_t *t1, *t2;
-
- if (l1->get_count(l1) != l2->get_count(l2))
- {
- return FALSE;
- }
-
- i1 = l1->create_iterator(l1, TRUE);
- i2 = l2->create_iterator(l2, TRUE);
- while (i1->iterate(i1, (void**)&t1) && i2->iterate(i2, (void**)&t2))
- {
- if (!t1->equals(t1, t2))
- {
- equals = FALSE;
- break;
- }
- }
- i1->destroy(i1);
- i2->destroy(i2);
- return equals;
-}
-
-/**
* Implementation of ike_sa_t.route.
*/
-static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t *policy)
+static status_t route(private_ike_sa_t *this, child_cfg_t *child_cfg)
{
- child_sa_t *child_sa = NULL;
+ child_sa_t *child_sa;
iterator_t *iterator;
linked_list_t *my_ts, *other_ts;
status_t status;
@@ -901,27 +889,12 @@ static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t
iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
while (iterator->iterate(iterator, (void**)&child_sa))
{
- if (child_sa->get_state(child_sa) == CHILD_ROUTED)
+ if (child_sa->get_state(child_sa) == CHILD_ROUTED &&
+ streq(child_sa->get_name(child_sa), child_cfg->get_name(child_cfg)))
{
- linked_list_t *my_ts_conf, *other_ts_conf;
-
- my_ts = child_sa->get_my_traffic_selectors(child_sa);
- other_ts = child_sa->get_other_traffic_selectors(child_sa);
-
- my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
- other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
-
- if (ts_list_equals(my_ts, my_ts_conf) &&
- ts_list_equals(other_ts, other_ts_conf))
- {
- iterator->destroy(iterator);
- my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
- other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
- SIG(CHILD_ROUTE_FAILED, "CHILD_SA with such a policy already routed");
- return FAILED;
- }
- my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
- other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
+ iterator->destroy(iterator);
+ SIG(CHILD_ROUTE_FAILED, "CHILD_SA with such a config already routed");
+ return FAILED;
}
}
iterator->destroy(iterator);
@@ -934,9 +907,6 @@ static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t
"unable to route CHILD_SA, as its IKE_SA gets deleted");
return FAILED;
case IKE_CREATED:
- /* apply connection information, we need it to acquire */
- apply_config(this, connection, policy);
- break;
case IKE_CONNECTING:
case IKE_ESTABLISHED:
default:
@@ -944,29 +914,37 @@ static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t
}
/* install kernel policies */
- child_sa = child_sa_create(this->my_host, this->other_host,
- this->my_id, this->other_id, policy, FALSE, 0);
+ child_sa = child_sa_create(this->my_host, this->other_host, this->my_id,
+ this->other_id, child_cfg, FALSE, 0);
- my_ts = policy->get_my_traffic_selectors(policy, this->my_host);
- other_ts = policy->get_other_traffic_selectors(policy, this->other_host);
+ my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL,
+ this->my_host);
+ other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL,
+ this->other_host);
status = child_sa->add_policies(child_sa, my_ts, other_ts,
- policy->get_mode(policy));
+ child_cfg->get_mode(child_cfg));
my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
- this->child_sas->insert_last(this->child_sas, child_sa);
- SIG(CHILD_ROUTE_SUCCESS, "CHILD_SA routed");
+ if (status == SUCCESS)
+ {
+ this->child_sas->insert_last(this->child_sas, child_sa);
+ SIG(CHILD_ROUTE_SUCCESS, "CHILD_SA routed");
+ }
+ else
+ {
+ SIG(CHILD_ROUTE_FAILED, "routing CHILD_SA failed");
+ }
return status;
}
/**
* Implementation of ike_sa_t.unroute.
*/
-static status_t unroute(private_ike_sa_t *this, policy_t *policy)
+static status_t unroute(private_ike_sa_t *this, u_int32_t reqid)
{
iterator_t *iterator;
- child_sa_t *child_sa = NULL;
+ child_sa_t *child_sa;
bool found = FALSE;
- linked_list_t *my_ts, *other_ts, *my_ts_conf, *other_ts_conf;
SIG(CHILD_UNROUTE_START, "unrouting CHILD_SA");
@@ -974,27 +952,14 @@ static status_t unroute(private_ike_sa_t *this, policy_t *policy)
iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
while (iterator->iterate(iterator, (void**)&child_sa))
{
- if (child_sa->get_state(child_sa) == CHILD_ROUTED)
+ if (child_sa->get_state(child_sa) == CHILD_ROUTED &&
+ child_sa->get_reqid(child_sa) == reqid)
{
- my_ts = child_sa->get_my_traffic_selectors(child_sa);
- other_ts = child_sa->get_other_traffic_selectors(child_sa);
-
- my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
- other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
-
- if (ts_list_equals(my_ts, my_ts_conf) &&
- ts_list_equals(other_ts, other_ts_conf))
- {
- iterator->remove(iterator);
- SIG(CHILD_UNROUTE_SUCCESS, "CHILD_SA unrouted");
- child_sa->destroy(child_sa);
- my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
- other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
- found = TRUE;
- break;
- }
- my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
- other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
+ iterator->remove(iterator);
+ SIG(CHILD_UNROUTE_SUCCESS, "CHILD_SA unrouted");
+ child_sa->destroy(child_sa);
+ found = TRUE;
+ break;
}
}
iterator->destroy(iterator);
@@ -1021,7 +986,7 @@ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id)
this->time.outbound = time(NULL);
if (this->task_manager->retransmit(this->task_manager, message_id) != SUCCESS)
{
- policy_t *policy;
+ child_cfg_t *child_cfg;
child_sa_t* child_sa;
linked_list_t *to_route, *to_restart;
iterator_t *iterator;
@@ -1032,7 +997,7 @@ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id)
case IKE_CONNECTING:
{
/* retry IKE_SA_INIT if we have multiple keyingtries */
- u_int32_t tries = this->connection->get_keyingtries(this->connection);
+ u_int32_t tries = this->peer_cfg->get_keyingtries(this->peer_cfg);
this->keyingtry++;
if (tries == 0 || tries > this->keyingtry)
{
@@ -1060,23 +1025,23 @@ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id)
iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
while (iterator->iterate(iterator, (void**)&child_sa))
{
- policy = child_sa->get_policy(child_sa);
+ child_cfg = child_sa->get_config(child_sa);
if (child_sa->get_state(child_sa) == CHILD_ROUTED)
{
/* reroute routed CHILD_SAs */
- to_route->insert_last(to_route, policy);
+ to_route->insert_last(to_route, child_cfg);
}
else
{
/* use DPD action for established CHILD_SAs */
- switch (policy->get_dpd_action(policy))
+ switch (this->peer_cfg->get_dpd_action(this->peer_cfg))
{
case DPD_ROUTE:
- to_route->insert_last(to_route, policy);
+ to_route->insert_last(to_route, child_cfg);
break;
case DPD_RESTART:
- to_restart->insert_last(to_restart, policy);
+ to_restart->insert_last(to_restart, child_cfg);
break;
default:
break;
@@ -1094,15 +1059,15 @@ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id)
new = (private_ike_sa_t*)charon->ike_sa_manager->checkout_new(
charon->ike_sa_manager, TRUE);
- apply_config(new, this->connection, this->policy);
- /* use actual used host, not the wildcarded one in connection */
+ set_peer_cfg(new, this->peer_cfg);
+ /* use actual used host, not the wildcarded one in config */
new->other_host->destroy(new->other_host);
new->other_host = this->other_host->clone(this->other_host);
/* install routes */
- while (to_route->remove_last(to_route, (void**)&policy) == SUCCESS)
+ while (to_route->remove_last(to_route, (void**)&child_cfg) == SUCCESS)
{
- route(new, new->connection, policy);
+ route(new, child_cfg);
}
/* restart children */
@@ -1114,14 +1079,14 @@ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id)
new->task_manager->queue_task(new->task_manager, task);
task = (task_t*)ike_cert_create(&new->public, TRUE);
new->task_manager->queue_task(new->task_manager, task);
- task = (task_t*)ike_config_create(&new->public, new->policy);
+ task = (task_t*)ike_config_create(&new->public, TRUE);
new->task_manager->queue_task(new->task_manager, task);
task = (task_t*)ike_auth_create(&new->public, TRUE);
new->task_manager->queue_task(new->task_manager, task);
- while (to_restart->remove_last(to_restart, (void**)&policy) == SUCCESS)
+ while (to_restart->remove_last(to_restart, (void**)&child_cfg) == SUCCESS)
{
- task = (task_t*)child_create_create(&new->public, policy);
+ task = (task_t*)child_create_create(&new->public, child_cfg);
new->task_manager->queue_task(new->task_manager, task);
}
new->task_manager->initiate(new->task_manager);
@@ -1152,19 +1117,19 @@ static prf_t *get_child_prf(private_ike_sa_t *this)
}
/**
- * Implementation of ike_sa_t.get_auth_bild
+ * Implementation of ike_sa_t.get_skp_bild
*/
-static prf_t *get_auth_build(private_ike_sa_t *this)
+static chunk_t get_skp_build(private_ike_sa_t *this)
{
- return this->auth_build;
+ return this->skp_build;
}
/**
- * Implementation of ike_sa_t.get_auth_verify
+ * Implementation of ike_sa_t.get_skp_verify
*/
-static prf_t *get_auth_verify(private_ike_sa_t *this)
+static chunk_t get_skp_verify(private_ike_sa_t *this)
{
- return this->auth_verify;
+ return this->skp_verify;
}
/**
@@ -1210,6 +1175,71 @@ static void set_other_id(private_ike_sa_t *this, identification_t *other)
}
/**
+ * Implementation of ike_sa_t.get_other_ca.
+ */
+static ca_info_t* get_other_ca(private_ike_sa_t *this)
+{
+ return this->other_ca;
+}
+
+/**
+ * Implementation of ike_sa_t.set_other_ca.
+ */
+static void set_other_ca(private_ike_sa_t *this, ca_info_t *other_ca)
+{
+ this->other_ca = other_ca;
+}
+
+/**
+ * Implementation of ike_sa_t.set_virtual_ip
+ */
+static void set_virtual_ip(private_ike_sa_t *this, bool local, host_t *ip)
+{
+ if (local)
+ {
+ DBG1(DBG_IKE, "installing new virtual IP %H", ip);
+ if (this->my_virtual_ip)
+ {
+ DBG1(DBG_IKE, "removing old virtual IP %H", this->my_virtual_ip);
+ charon->kernel_interface->del_ip(charon->kernel_interface,
+ this->my_virtual_ip,
+ this->my_host);
+ this->my_virtual_ip->destroy(this->my_virtual_ip);
+ }
+ if (charon->kernel_interface->add_ip(charon->kernel_interface, ip,
+ this->my_host) == SUCCESS)
+ {
+ this->my_virtual_ip = ip->clone(ip);
+ }
+ else
+ {
+ DBG1(DBG_IKE, "installing virtual IP %H failed", ip);
+ this->my_virtual_ip = NULL;
+ }
+ }
+ else
+ {
+ DESTROY_IF(this->other_virtual_ip);
+ this->other_virtual_ip = ip->clone(ip);
+ }
+}
+
+/**
+ * Implementation of ike_sa_t.get_virtual_ip
+ */
+static host_t* get_virtual_ip(private_ike_sa_t *this, bool local)
+{
+ if (local)
+ {
+ return this->my_virtual_ip;
+ }
+ else
+ {
+ return this->other_virtual_ip;
+ }
+}
+
+/**
* Implementation of ike_sa_t.derive_keys.
*/
static status_t derive_keys(private_ike_sa_t *this,
@@ -1223,7 +1253,6 @@ static status_t derive_keys(private_ike_sa_t *this,
size_t key_size;
crypter_t *crypter_i, *crypter_r;
signer_t *signer_i, *signer_r;
- prf_t *prf_i, *prf_r;
u_int8_t spi_i_buf[sizeof(u_int64_t)], spi_r_buf[sizeof(u_int64_t)];
chunk_t spi_i = chunk_from_buf(spi_i_buf);
chunk_t spi_r = chunk_from_buf(spi_r_buf);
@@ -1364,31 +1393,27 @@ static status_t derive_keys(private_ike_sa_t *this,
this->crypter_out = crypter_r;
}
- /* SK_pi/SK_pr used for authentication => prf_auth_i, prf_auth_r */
- proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
- prf_i = prf_create(algo->algorithm);
- prf_r = prf_create(algo->algorithm);
-
- key_size = prf_i->get_key_size(prf_i);
+ /* SK_pi/SK_pr used for authentication => stored for later */
+ key_size = this->prf->get_key_size(this->prf);
prf_plus->allocate_bytes(prf_plus, key_size, &key);
DBG4(DBG_IKE, "Sk_pi secret %B", &key);
- prf_i->set_key(prf_i, key);
- chunk_free(&key);
-
+ if (initiator)
+ {
+ this->skp_build = key;
+ }
+ else
+ {
+ this->skp_verify = key;
+ }
prf_plus->allocate_bytes(prf_plus, key_size, &key);
DBG4(DBG_IKE, "Sk_pr secret %B", &key);
- prf_r->set_key(prf_r, key);
- chunk_free(&key);
-
if (initiator)
{
- this->auth_verify = prf_r;
- this->auth_build = prf_i;
+ this->skp_verify = key;
}
else
{
- this->auth_verify = prf_i;
- this->auth_build = prf_r;
+ this->skp_build = key;
}
/* all done, prf_plus not needed anymore */
@@ -1507,8 +1532,6 @@ static status_t delete_(private_ike_sa_t *this)
switch (this->state)
{
case IKE_ESTABLISHED:
- DBG1(DBG_IKE, "deleting IKE_SA");
- /* do not log when rekeyed */
case IKE_REKEYING:
ike_delete = ike_delete_create(&this->public, TRUE);
this->task_manager->queue_task(this->task_manager, &ike_delete->task);
@@ -1542,16 +1565,21 @@ static void reestablish(private_ike_sa_t *this)
private_ike_sa_t *other;
iterator_t *iterator;
child_sa_t *child_sa;
- policy_t *policy;
+ child_cfg_t *child_cfg;
task_t *task;
job_t *job;
other = (private_ike_sa_t*)charon->ike_sa_manager->checkout_new(
charon->ike_sa_manager, TRUE);
- apply_config(other, this->connection, this->policy);
+ set_peer_cfg(other, this->peer_cfg);
other->other_host->destroy(other->other_host);
other->other_host = this->other_host->clone(this->other_host);
+ if (this->my_virtual_ip)
+ {
+ /* if we already have a virtual IP, we reuse it */
+ set_virtual_ip(other, TRUE, this->my_virtual_ip);
+ }
if (this->state == IKE_ESTABLISHED)
{
@@ -1561,7 +1589,7 @@ static void reestablish(private_ike_sa_t *this)
other->task_manager->queue_task(other->task_manager, task);
task = (task_t*)ike_cert_create(&other->public, TRUE);
other->task_manager->queue_task(other->task_manager, task);
- task = (task_t*)ike_config_create(&other->public, other->policy);
+ task = (task_t*)ike_config_create(&other->public, TRUE);
other->task_manager->queue_task(other->task_manager, task);
task = (task_t*)ike_auth_create(&other->public, TRUE);
other->task_manager->queue_task(other->task_manager, task);
@@ -1583,8 +1611,8 @@ static void reestablish(private_ike_sa_t *this)
}
default:
{
- policy = child_sa->get_policy(child_sa);
- task = (task_t*)child_create_create(&other->public, policy);
+ child_cfg = child_sa->get_config(child_sa);
+ task = (task_t*)child_create_create(&other->public, child_cfg);
other->task_manager->queue_task(other->task_manager, task);
break;
}
@@ -1678,55 +1706,6 @@ static void enable_natt(private_ike_sa_t *this, bool local)
}
/**
- * Implementation of ike_sa_t.set_virtual_ip
- */
-static void set_virtual_ip(private_ike_sa_t *this, bool local, host_t *ip)
-{
- if (local)
- {
- DBG1(DBG_IKE, "installing new virtual IP %H", ip);
- if (this->my_virtual_ip)
- {
- DBG1(DBG_IKE, "removing old virtual IP %H", this->my_virtual_ip);
- charon->kernel_interface->del_ip(charon->kernel_interface,
- this->my_virtual_ip,
- this->my_host);
- this->my_virtual_ip->destroy(this->my_virtual_ip);
- }
- if (charon->kernel_interface->add_ip(charon->kernel_interface, ip,
- this->my_host) == SUCCESS)
- {
- this->my_virtual_ip = ip->clone(ip);
- }
- else
- {
- DBG1(DBG_IKE, "installing virtual IP %H failed", ip);
- this->my_virtual_ip = NULL;
- }
- }
- else
- {
- DESTROY_IF(this->other_virtual_ip);
- this->other_virtual_ip = ip->clone(ip);
- }
-}
-
-/**
- * Implementation of ike_sa_t.get_virtual_ip
- */
-static host_t* get_virtual_ip(private_ike_sa_t *this, bool local)
-{
- if (local)
- {
- return this->my_virtual_ip;
- }
- else
- {
- return this->other_virtual_ip;
- }
-}
-
-/**
* Implementation of ike_sa_t.remove_dns_server
*/
static void remove_dns_servers(private_ike_sa_t *this)
@@ -1747,7 +1726,8 @@ static void remove_dns_servers(private_ike_sa_t *this)
file = fopen(RESOLV_CONF, "r");
if (file == NULL || stat(RESOLV_CONF, &stats) != 0)
{
- DBG1(DBG_IKE, "unable to open DNS configuration file %s: %m", RESOLV_CONF);
+ DBG1(DBG_IKE, "unable to open DNS configuration file %s: %s",
+ RESOLV_CONF, strerror(errno));
return;
}
@@ -1755,7 +1735,7 @@ static void remove_dns_servers(private_ike_sa_t *this)
if (fread(contents.ptr, 1, contents.len, file) != contents.len)
{
- DBG1(DBG_IKE, "unable to read DNS configuration file: %m");
+ DBG1(DBG_IKE, "unable to read DNS configuration file: %s", strerror(errno));
fclose(file);
return;
}
@@ -1764,7 +1744,8 @@ static void remove_dns_servers(private_ike_sa_t *this)
file = fopen(RESOLV_CONF, "w");
if (file == NULL)
{
- DBG1(DBG_IKE, "unable to open DNS configuration file %s: %m", RESOLV_CONF);
+ DBG1(DBG_IKE, "unable to open DNS configuration file %s: %s",
+ RESOLV_CONF, strerror(errno));
return;
}
@@ -1820,7 +1801,8 @@ static void add_dns_server(private_ike_sa_t *this, host_t *dns)
file = fopen(RESOLV_CONF, "a+");
if (file == NULL || stat(RESOLV_CONF, &stats) != 0)
{
- DBG1(DBG_IKE, "unable to open DNS configuration file %s: %m", RESOLV_CONF);
+ DBG1(DBG_IKE, "unable to open DNS configuration file %s: %s",
+ RESOLV_CONF, strerror(errno));
return;
}
@@ -1828,7 +1810,7 @@ static void add_dns_server(private_ike_sa_t *this, host_t *dns)
if (fread(contents.ptr, 1, contents.len, file) != contents.len)
{
- DBG1(DBG_IKE, "unable to read DNS configuration file: %m");
+ DBG1(DBG_IKE, "unable to read DNS configuration file: %s", strerror(errno));
fclose(file);
return;
}
@@ -1837,14 +1819,15 @@ static void add_dns_server(private_ike_sa_t *this, host_t *dns)
file = fopen(RESOLV_CONF, "w");
if (file == NULL)
{
- DBG1(DBG_IKE, "unable to open DNS configuration file %s: %m", RESOLV_CONF);
+ DBG1(DBG_IKE, "unable to open DNS configuration file %s: %s",
+ RESOLV_CONF, strerror(errno));
return;
}
if (fprintf(file, "nameserver %H # added by strongSwan, assigned by %D\n",
dns, this->other_id) < 0)
{
- DBG1(DBG_IKE, "unable to write DNS configuration: %m");
+ DBG1(DBG_IKE, "unable to write DNS configuration: %s", strerror(errno));
}
else
{
@@ -1856,50 +1839,6 @@ static void add_dns_server(private_ike_sa_t *this, host_t *dns)
}
/**
- * output handler in printf()
- */
-static int print(FILE *stream, const struct printf_info *info,
- const void *const *args)
-{
- int written = 0;
- bool reauth = FALSE;
- private_ike_sa_t *this = *((private_ike_sa_t**)(args[0]));
-
- if (this->connection)
- {
- reauth = this->connection->get_reauth(this->connection);
- }
-
- if (this == NULL)
- {
- return fprintf(stream, "(null)");
- }
-
- written = fprintf(stream, "%12s[%d]: %N, %H[%D]...%H[%D]", get_name(this),
- this->unique_id, ike_sa_state_names, this->state,
- this->my_host, this->my_id, this->other_host,
- this->other_id);
- written += fprintf(stream, "\n%12s[%d]: IKE SPIs: %J, %s in %ds",
- get_name(this), this->unique_id, this->ike_sa_id,
- this->connection && reauth? "reauthentication":"rekeying",
- this->time.rekey - time(NULL));
-
- if (info->alt)
- {
-
- }
- return written;
-}
-
-/**
- * register printf() handlers
- */
-static void __attribute__ ((constructor))print_register()
-{
- register_printf_function(PRINTF_IKE_SA, print, arginfo_ptr);
-}
-
-/**
* Implementation of ike_sa_t.destroy.
*/
static void destroy(private_ike_sa_t *this)
@@ -1912,8 +1851,8 @@ static void destroy(private_ike_sa_t *this)
DESTROY_IF(this->signer_out);
DESTROY_IF(this->prf);
DESTROY_IF(this->child_prf);
- DESTROY_IF(this->auth_verify);
- DESTROY_IF(this->auth_build);
+ chunk_free(&this->skp_verify);
+ chunk_free(&this->skp_build);
if (this->my_virtual_ip)
{
@@ -1931,8 +1870,8 @@ static void destroy(private_ike_sa_t *this)
DESTROY_IF(this->my_id);
DESTROY_IF(this->other_id);
- DESTROY_IF(this->connection);
- DESTROY_IF(this->policy);
+ DESTROY_IF(this->ike_cfg);
+ DESTROY_IF(this->peer_cfg);
this->ike_sa_id->destroy(this->ike_sa_id);
this->task_manager->destroy(this->task_manager);
@@ -1948,54 +1887,57 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
static u_int32_t unique_id = 0;
/* Public functions */
- this->public.get_state = (ike_sa_state_t(*)(ike_sa_t*)) get_state;
- this->public.set_state = (void(*)(ike_sa_t*,ike_sa_state_t)) set_state;
- this->public.get_name = (char*(*)(ike_sa_t*))get_name;
- this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
- this->public.initiate = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) initiate;
- this->public.route = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) route;
- this->public.unroute = (status_t(*)(ike_sa_t*,policy_t*)) unroute;
- this->public.acquire = (status_t(*)(ike_sa_t*,u_int32_t)) acquire;
- this->public.get_connection = (connection_t*(*)(ike_sa_t*))get_connection;
- this->public.set_connection = (void(*)(ike_sa_t*,connection_t*))set_connection;
- this->public.get_policy = (policy_t*(*)(ike_sa_t*))get_policy;
- this->public.set_policy = (void(*)(ike_sa_t*,policy_t*))set_policy;
- this->public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
- this->public.get_my_host = (host_t*(*)(ike_sa_t*)) get_my_host;
- this->public.set_my_host = (void(*)(ike_sa_t*,host_t*)) set_my_host;
- this->public.get_other_host = (host_t*(*)(ike_sa_t*)) get_other_host;
- this->public.set_other_host = (void(*)(ike_sa_t*,host_t*)) set_other_host;
- this->public.get_my_id = (identification_t*(*)(ike_sa_t*)) get_my_id;
- this->public.set_my_id = (void(*)(ike_sa_t*,identification_t*)) set_my_id;
- this->public.get_other_id = (identification_t*(*)(ike_sa_t*)) get_other_id;
- this->public.set_other_id = (void(*)(ike_sa_t*,identification_t*)) set_other_id;
- this->public.retransmit = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit;
- this->public.delete = (status_t(*)(ike_sa_t*))delete_;
- this->public.destroy = (void(*)(ike_sa_t*))destroy;
+ this->public.get_state = (ike_sa_state_t (*)(ike_sa_t*)) get_state;
+ this->public.set_state = (void (*)(ike_sa_t*,ike_sa_state_t)) set_state;
+ this->public.get_stats = (void (*)(ike_sa_t*,u_int32_t*))get_stats;
+ this->public.get_name = (char* (*)(ike_sa_t*))get_name;
+ this->public.process_message = (status_t (*)(ike_sa_t*, message_t*)) process_message;
+ this->public.initiate = (status_t (*)(ike_sa_t*,child_cfg_t*)) initiate;
+ this->public.route = (status_t (*)(ike_sa_t*,child_cfg_t*)) route;
+ this->public.unroute = (status_t (*)(ike_sa_t*,u_int32_t)) unroute;
+ this->public.acquire = (status_t (*)(ike_sa_t*,u_int32_t)) acquire;
+ this->public.get_ike_cfg = (ike_cfg_t* (*)(ike_sa_t*))get_ike_cfg;
+ this->public.set_ike_cfg = (void (*)(ike_sa_t*,ike_cfg_t*))set_ike_cfg;
+ this->public.get_peer_cfg = (peer_cfg_t* (*)(ike_sa_t*))get_peer_cfg;
+ this->public.set_peer_cfg = (void (*)(ike_sa_t*,peer_cfg_t*))set_peer_cfg;
+ this->public.get_id = (ike_sa_id_t* (*)(ike_sa_t*)) get_id;
+ this->public.get_my_host = (host_t* (*)(ike_sa_t*)) get_my_host;
+ this->public.set_my_host = (void (*)(ike_sa_t*,host_t*)) set_my_host;
+ this->public.get_other_host = (host_t* (*)(ike_sa_t*)) get_other_host;
+ this->public.set_other_host = (void (*)(ike_sa_t*,host_t*)) set_other_host;
+ this->public.get_my_id = (identification_t* (*)(ike_sa_t*)) get_my_id;
+ this->public.set_my_id = (void (*)(ike_sa_t*,identification_t*)) set_my_id;
+ this->public.get_other_id = (identification_t* (*)(ike_sa_t*)) get_other_id;
+ this->public.set_other_id = (void (*)(ike_sa_t*,identification_t*)) set_other_id;
+ this->public.get_other_ca = (ca_info_t* (*)(ike_sa_t*)) get_other_ca;
+ this->public.set_other_ca = (void (*)(ike_sa_t*,ca_info_t*)) set_other_ca;
+ this->public.retransmit = (status_t (*)(ike_sa_t *, u_int32_t)) retransmit;
+ this->public.delete = (status_t (*)(ike_sa_t*))delete_;
+ this->public.destroy = (void (*)(ike_sa_t*))destroy;
this->public.send_dpd = (status_t (*)(ike_sa_t*)) send_dpd;
this->public.send_keepalive = (void (*)(ike_sa_t*)) send_keepalive;
- this->public.get_prf = (prf_t *(*) (ike_sa_t *)) get_prf;
- this->public.get_child_prf = (prf_t *(*) (ike_sa_t *)) get_child_prf;
- this->public.get_auth_verify = (prf_t *(*) (ike_sa_t *)) get_auth_verify;
- this->public.get_auth_build = (prf_t *(*) (ike_sa_t *)) get_auth_build;
- this->public.derive_keys = (status_t (*) (ike_sa_t *,proposal_t*,chunk_t,chunk_t,chunk_t,bool,prf_t*,prf_t*)) derive_keys;
- this->public.add_child_sa = (void (*) (ike_sa_t*,child_sa_t*)) add_child_sa;
+ this->public.get_prf = (prf_t* (*)(ike_sa_t*)) get_prf;
+ this->public.get_child_prf = (prf_t* (*)(ike_sa_t *)) get_child_prf;
+ this->public.get_skp_verify = (chunk_t (*)(ike_sa_t *)) get_skp_verify;
+ this->public.get_skp_build = (chunk_t (*)(ike_sa_t *)) get_skp_build;
+ this->public.derive_keys = (status_t (*)(ike_sa_t *,proposal_t*,chunk_t,chunk_t,chunk_t,bool,prf_t*,prf_t*)) derive_keys;
+ this->public.add_child_sa = (void (*)(ike_sa_t*,child_sa_t*)) add_child_sa;
this->public.get_child_sa = (child_sa_t* (*)(ike_sa_t*,protocol_id_t,u_int32_t,bool)) get_child_sa;
this->public.create_child_sa_iterator = (iterator_t* (*)(ike_sa_t*)) create_child_sa_iterator;
- this->public.rekey_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) rekey_child_sa;
- this->public.delete_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) delete_child_sa;
+ this->public.rekey_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t)) rekey_child_sa;
+ this->public.delete_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t)) delete_child_sa;
this->public.destroy_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t))destroy_child_sa;
- this->public.enable_natt = (void(*)(ike_sa_t*, bool)) enable_natt;
- this->public.is_natt_enabled = (bool(*)(ike_sa_t*)) is_natt_enabled;
- this->public.rekey = (status_t(*)(ike_sa_t*))rekey;
- this->public.reestablish = (void(*)(ike_sa_t*))reestablish;
- this->public.inherit = (status_t(*)(ike_sa_t*,ike_sa_t*))inherit;
- this->public.generate_message = (status_t(*)(ike_sa_t*,message_t*,packet_t**))generate_message;
- this->public.reset = (void(*)(ike_sa_t*))reset;
- this->public.get_unique_id = (u_int32_t(*)(ike_sa_t*))get_unique_id;
- this->public.set_virtual_ip = (void(*)(ike_sa_t*,bool,host_t*))set_virtual_ip;
- this->public.get_virtual_ip = (host_t*(*)(ike_sa_t*,bool))get_virtual_ip;
- this->public.add_dns_server = (void(*)(ike_sa_t*,host_t*))add_dns_server;
+ this->public.enable_natt = (void (*)(ike_sa_t*, bool)) enable_natt;
+ this->public.is_natt_enabled = (bool (*)(ike_sa_t*)) is_natt_enabled;
+ this->public.rekey = (status_t (*)(ike_sa_t*))rekey;
+ this->public.reestablish = (void (*)(ike_sa_t*))reestablish;
+ this->public.inherit = (status_t (*)(ike_sa_t*,ike_sa_t*))inherit;
+ this->public.generate_message = (status_t (*)(ike_sa_t*,message_t*,packet_t**))generate_message;
+ this->public.reset = (void (*)(ike_sa_t*))reset;
+ this->public.get_unique_id = (u_int32_t (*)(ike_sa_t*))get_unique_id;
+ this->public.set_virtual_ip = (void (*)(ike_sa_t*,bool,host_t*))set_virtual_ip;
+ this->public.get_virtual_ip = (host_t* (*)(ike_sa_t*,bool))get_virtual_ip;
+ this->public.add_dns_server = (void (*)(ike_sa_t*,host_t*))add_dns_server;
/* initialize private fields */
this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
@@ -2004,13 +1946,14 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
this->other_host = host_create_any(AF_INET);
this->my_id = identification_create_from_encoding(ID_ANY, chunk_empty);
this->other_id = identification_create_from_encoding(ID_ANY, chunk_empty);
+ this->other_ca = NULL;
this->crypter_in = NULL;
this->crypter_out = NULL;
this->signer_in = NULL;
this->signer_out = NULL;
this->prf = NULL;
- this->auth_verify = NULL;
- this->auth_build = NULL;
+ this->skp_verify = chunk_empty;
+ this->skp_build = chunk_empty;
this->child_prf = NULL;
this->nat_here = FALSE;
this->nat_there = FALSE;
@@ -2019,8 +1962,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
this->time.established = 0;
this->time.rekey = 0;
this->time.delete = 0;
- this->connection = NULL;
- this->policy = NULL;
+ this->ike_cfg = NULL;
+ this->peer_cfg = NULL;
this->task_manager = task_manager_create(&this->public);
this->unique_id = ++unique_id;
this->my_virtual_ip = NULL;
diff --git a/src/charon/sa/ike_sa.h b/src/charon/sa/ike_sa.h
index 604ec94a9..76942b208 100644
--- a/src/charon/sa/ike_sa.h
+++ b/src/charon/sa/ike_sa.h
@@ -34,14 +34,42 @@ typedef struct ike_sa_t ike_sa_t;
#include <sa/ike_sa_id.h>
#include <sa/child_sa.h>
#include <sa/tasks/task.h>
-#include <config/configuration.h>
#include <utils/randomizer.h>
#include <crypto/prfs/prf.h>
#include <crypto/crypters/crypter.h>
#include <crypto/signers/signer.h>
-#include <config/connections/connection.h>
-#include <config/policies/policy.h>
-#include <config/proposal.h>
+#include <crypto/ca.h>
+#include <config/peer_cfg.h>
+#include <config/ike_cfg.h>
+
+/**
+ * Timeout in milliseconds after that a half open IKE_SA gets deleted.
+ *
+ * @ingroup sa
+ */
+#define HALF_OPEN_IKE_SA_TIMEOUT 30000
+
+/**
+ * Interval to send keepalives when NATed, in seconds.
+ *
+ * @ingroup sa
+ */
+#define KEEPALIVE_INTERVAL 20
+
+/**
+ * After which time rekeying should be retried if it failed, in seconds.
+ *
+ * @ingroup sa
+ */
+#define RETRY_INTERVAL 30
+
+/**
+ * Jitter to subtract from RETRY_INTERVAL to randomize rekey retry.
+ *
+ * @ingroup sa
+ */
+#define RETRY_JITTER 20
+
/**
* @brief State of an IKE_SA.
@@ -157,6 +185,13 @@ struct ike_sa_t {
ike_sa_state_t (*get_state) (ike_sa_t *this);
/**
+ * @brief Get some statistics about this IKE_SA.
+ *
+ * @param next_rekeying when the next rekeying is scheduled
+ */
+ void (*get_stats)(ike_sa_t *this, u_int32_t *next_rekeying);
+
+ /**
* @brief Set the state of the IKE_SA.
*
* @param this calling object
@@ -221,7 +256,7 @@ struct ike_sa_t {
void (*set_my_id) (ike_sa_t *this, identification_t *me);
/**
- * @brief Get the other peers identification.
+ * @brief Get the other peer's identification.
*
* @param this calling object
* @return identification
@@ -229,7 +264,7 @@ struct ike_sa_t {
identification_t* (*get_other_id) (ike_sa_t *this);
/**
- * @brief Set the other peers identification.
+ * @brief Set the other peer's identification.
*
* @param this calling object
* @param other identification
@@ -237,51 +272,65 @@ struct ike_sa_t {
void (*set_other_id) (ike_sa_t *this, identification_t *other);
/**
- * @brief Get the connection used by this IKE_SA.
+ * @brief Get the other peer's certification authority
+ *
+ * @param this calling object
+ * @return ca_info_t record of other ca
+ */
+ ca_info_t* (*get_other_ca) (ike_sa_t *this);
+
+ /**
+ * @brief Set the other peer's certification authority
+ *
+ * @param this calling object
+ * @param other_ca ca_info_t record of other ca
+ */
+ void (*set_other_ca) (ike_sa_t *this, ca_info_t *other_ca);
+
+ /**
+ * @brief Get the config used to setup this IKE_SA.
*
* @param this calling object
- * @return connection
+ * @return ike_config
*/
- connection_t* (*get_connection) (ike_sa_t *this);
+ ike_cfg_t* (*get_ike_cfg) (ike_sa_t *this);
/**
- * @brief Set the connection to use with this IKE_SA.
+ * @brief Set the config to setup this IKE_SA.
*
* @param this calling object
- * @param connection connection to use
+ * @param config ike_config to use
*/
- void (*set_connection) (ike_sa_t *this, connection_t* connection);
+ void (*set_ike_cfg) (ike_sa_t *this, ike_cfg_t* config);
/**
- * @brief Get the policy used by this IKE_SA.
+ * @brief Get the peer config used by this IKE_SA.
*
* @param this calling object
- * @return policy
+ * @return peer_config
*/
- policy_t* (*get_policy) (ike_sa_t *this);
+ peer_cfg_t* (*get_peer_cfg) (ike_sa_t *this);
/**
- * @brief Set the policy to use with this IKE_SA.
+ * @brief Set the peer config to use with this IKE_SA.
*
* @param this calling object
- * @param policy policy to use
+ * @param config peer_config to use
*/
- void (*set_policy) (ike_sa_t *this, policy_t *policy);
+ void (*set_peer_cfg) (ike_sa_t *this, peer_cfg_t *config);
/**
* @brief Initiate a new connection.
*
- * The policy/connection is owned by the IKE_SA after the call, so
- * do not modify or destroy it.
+ * The configs are owned by the IKE_SA after the call.
*
* @param this calling object
- * @param connection connection to initiate
- * @param policy policy to set up
+ * @param child_cfg child config to create CHILD from
* @return
* - SUCCESS if initialization started
- * - DESTROY_ME if initialization failed and IKE_SA MUST be deleted
+ * - DESTROY_ME if initialization failed
*/
- status_t (*initiate) (ike_sa_t *this, connection_t *connection, policy_t *policy);
+ status_t (*initiate) (ike_sa_t *this, child_cfg_t *child_cfg);
/**
* @brief Route a policy in the kernel.
@@ -290,28 +339,27 @@ struct ike_sa_t {
* the kernel requests connection setup from the IKE_SA via acquire().
*
* @param this calling object
- * @param connection connection definition used for routing
- * @param policy policy to route
+ * @param child_cfg child config to route
* @return
* - SUCCESS if routed successfully
* - FAILED if routing failed
*/
- status_t (*route) (ike_sa_t *this, connection_t *connection, policy_t *policy);
+ status_t (*route) (ike_sa_t *this, child_cfg_t *child_cfg);
/**
* @brief Unroute a policy in the kernel previously routed.
*
* @param this calling object
- * @param policy policy to route
+ * @param reqid reqid of CHILD_SA to unroute
* @return
* - SUCCESS if route removed
- * - DESTROY_ME if last route was removed from
- * an IKE_SA which was not established
+ * - NOT_FOUND if CHILD_SA not found
+ * - DESTROY_ME if last CHILD_SA was unrouted
*/
- status_t (*unroute) (ike_sa_t *this, policy_t *policy);
+ status_t (*unroute) (ike_sa_t *this, u_int32_t reqid);
/**
- * @brief Acquire connection setup for a policy.
+ * @brief Acquire connection setup for an installed kernel policy.
*
* If an installed policy raises an acquire, the kernel calls
* this function to establish the CHILD_SA (and maybe the IKE_SA).
@@ -320,7 +368,7 @@ struct ike_sa_t {
* @param reqid reqid of the CHILD_SA the policy belongs to.
* @return
* - SUCCESS if initialization started
- * - DESTROY_ME if initialization failed and IKE_SA MUST be deleted
+ * - DESTROY_ME if initialization failed
*/
status_t (*acquire) (ike_sa_t *this, u_int32_t reqid);
@@ -456,7 +504,7 @@ struct ike_sa_t {
bool initiator, prf_t *child_prf, prf_t *old_prf);
/**
- * @brief Get the multi purpose prf.
+ * @brief Get a multi purpose prf for the negotiated PRF function.
*
* @param this calling object
* @return pointer to prf_t object
@@ -472,20 +520,20 @@ struct ike_sa_t {
prf_t *(*get_child_prf) (ike_sa_t *this);
/**
- * @brief Get the prf to build outgoing authentication data.
+ * @brief Get the key to build outgoing authentication data.
*
* @param this calling object
* @return pointer to prf_t object
*/
- prf_t *(*get_auth_build) (ike_sa_t *this);
+ chunk_t (*get_skp_build) (ike_sa_t *this);
/**
- * @brief Get the prf to verify incoming authentication data.
+ * @brief Get the key to verify incoming authentication data.
*
* @param this calling object
* @return pointer to prf_t object
*/
- prf_t *(*get_auth_verify) (ike_sa_t *this);
+ chunk_t (*get_skp_verify) (ike_sa_t *this);
/**
* @brief Associates a child SA to this IKE SA
diff --git a/src/charon/sa/ike_sa_id.c b/src/charon/sa/ike_sa_id.c
index c143fc0ba..a838c0b8a 100644
--- a/src/charon/sa/ike_sa_id.c
+++ b/src/charon/sa/ike_sa_id.c
@@ -24,7 +24,6 @@
#include "ike_sa_id.h"
-#include <printf.h>
#include <stdio.h>
@@ -153,33 +152,6 @@ static ike_sa_id_t* clone_(private_ike_sa_id_t *this)
}
/**
- * output handler in printf()
- */
-static int print(FILE *stream, const struct printf_info *info,
- const void *const *args)
-{
- private_ike_sa_id_t *this = *((private_ike_sa_id_t**)(args[0]));
-
- if (this == NULL)
- {
- return fprintf(stream, "(null)");
- }
- return fprintf(stream, "0x%0llx_i%s 0x%0llx_r%s",
- this->initiator_spi,
- this->is_initiator_flag ? "*" : "",
- this->responder_spi,
- this->is_initiator_flag ? "" : "*");
-}
-
-/**
- * register printf() handlers
- */
-static void __attribute__ ((constructor))print_register()
-{
- register_printf_function(PRINTF_IKE_SA_ID, print, arginfo_ptr);
-}
-
-/**
* Implementation of ike_sa_id_t.destroy.
*/
static void destroy(private_ike_sa_id_t *this)
diff --git a/src/charon/sa/ike_sa_manager.c b/src/charon/sa/ike_sa_manager.c
index 791ef805e..a62ec5e3c 100644
--- a/src/charon/sa/ike_sa_manager.c
+++ b/src/charon/sa/ike_sa_manager.c
@@ -322,8 +322,8 @@ static ike_sa_t* checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id
ike_sa_t *ike_sa = NULL;
entry_t *entry;
- DBG2(DBG_MGR, "checkout IKE_SA: %J, %d IKE_SAs in manager",
- ike_sa_id, this->ike_sa_list->get_count(this->ike_sa_list));
+ DBG2(DBG_MGR, "checkout IKE_SA, %d IKE_SAs in manager",
+ this->ike_sa_list->get_count(this->ike_sa_list));
pthread_mutex_lock(&(this->mutex));
if (get_entry_by_id(this, ike_sa_id, &entry) == SUCCESS)
@@ -356,13 +356,14 @@ static ike_sa_t *checkout_new(private_ike_sa_manager_t* this, bool initiator)
{
id = ike_sa_id_create(0, get_next_spi(this), FALSE);
}
- entry = entry_create(id);
+ entry = entry_create(id);
+ id->destroy(id);
pthread_mutex_lock(&this->mutex);
this->ike_sa_list->insert_last(this->ike_sa_list, entry);
entry->checked_out = TRUE;
pthread_mutex_unlock(&this->mutex);
- DBG2(DBG_MGR, "created IKE_SA: %J, %d IKE_SAs in manager",
- id, this->ike_sa_list->get_count(this->ike_sa_list));
+ DBG2(DBG_MGR, "created IKE_SA, %d IKE_SAs in manager",
+ this->ike_sa_list->get_count(this->ike_sa_list));
return entry->ike_sa;
}
@@ -378,8 +379,8 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this,
id = id->clone(id);
id->switch_initiator(id);
- DBG2(DBG_MGR, "checkout IKE_SA: %J by message, %d IKE_SAs in manager",
- id, this->ike_sa_list->get_count(this->ike_sa_list));
+ DBG2(DBG_MGR, "checkout IKE_SA by message, %d IKE_SAs in manager",
+ this->ike_sa_list->get_count(this->ike_sa_list));
if (message->get_request(message) &&
message->get_exchange_type(message) == IKE_SA_INIT)
@@ -439,7 +440,8 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this,
}
else
{
- DBG1(DBG_MGR, "ignoring message for %J, no such IKE_SA", id);
+ chunk_free(&hash);
+ DBG1(DBG_MGR, "ignoring message, no such IKE_SA");
}
}
else
@@ -554,7 +556,7 @@ static ike_sa_t* checkout_by_peer(private_ike_sa_manager_t *this,
/* create entry */
new_entry = entry_create(new_ike_sa_id);
- DBG2(DBG_MGR, "created IKE_SA: %J", new_ike_sa_id);
+ DBG2(DBG_MGR, "created IKE_SA");
new_ike_sa_id->destroy(new_ike_sa_id);
this->ike_sa_list->insert_last(this->ike_sa_list, new_entry);
@@ -720,7 +722,7 @@ static status_t checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
ike_sa_id = ike_sa->get_id(ike_sa);
- DBG2(DBG_MGR, "checkin IKE_SA: %J", ike_sa_id);
+ DBG2(DBG_MGR, "checkin IKE_SA");
pthread_mutex_lock(&(this->mutex));
@@ -767,7 +769,7 @@ static status_t checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ik
ike_sa_id_t *ike_sa_id;
ike_sa_id = ike_sa->get_id(ike_sa);
- DBG2(DBG_MGR, "checkin and destroy IKE_SA: %J", ike_sa_id);
+ DBG2(DBG_MGR, "checkin and destroy IKE_SA");
pthread_mutex_lock(&(this->mutex));
diff --git a/src/charon/sa/task_manager.c b/src/charon/sa/task_manager.c
index 844300735..e67508ed1 100644
--- a/src/charon/sa/task_manager.c
+++ b/src/charon/sa/task_manager.c
@@ -22,6 +22,8 @@
#include "task_manager.h"
+#include <math.h>
+
#include <daemon.h>
#include <sa/tasks/ike_init.h>
#include <sa/tasks/ike_natd.h>
@@ -35,7 +37,7 @@
#include <sa/tasks/child_rekey.h>
#include <sa/tasks/child_delete.h>
#include <encoding/payloads/delete_payload.h>
-#include <queues/jobs/retransmit_job.h>
+#include <processing/jobs/retransmit_job.h>
typedef struct exchange_t exchange_t;
@@ -210,9 +212,12 @@ static status_t retransmit(private_task_manager_t *this, u_int32_t message_id)
u_int32_t timeout;
job_t *job;
- timeout = charon->configuration->get_retransmit_timeout(
- charon->configuration, this->initiating.retransmitted);
- if (timeout == 0)
+ if (this->initiating.retransmitted <= RETRANSMIT_TRIES)
+ {
+ timeout = (u_int32_t)(RETRANSMIT_TIMEOUT *
+ pow(RETRANSMIT_BASE, this->initiating.retransmitted));
+ }
+ else
{
DBG1(DBG_IKE, "giving up after %d retransmits",
this->initiating.retransmitted - 1);
@@ -262,6 +267,7 @@ static status_t build_request(private_task_manager_t *this)
case IKE_CREATED:
if (activate_task(this, IKE_INIT))
{
+ this->initiating.mid = 0;
exchange = IKE_SA_INIT;
activate_task(this, IKE_NATD);
activate_task(this, IKE_CERT);
@@ -274,7 +280,6 @@ static status_t build_request(private_task_manager_t *this)
if (activate_task(this, CHILD_CREATE))
{
exchange = CREATE_CHILD_SA;
- activate_task(this, IKE_CONFIG);
break;
}
if (activate_task(this, CHILD_DELETE))
@@ -328,6 +333,11 @@ static status_t build_request(private_task_manager_t *this)
case IKE_AUTHENTICATE:
exchange = IKE_AUTH;
break;
+ case CHILD_CREATE:
+ case CHILD_REKEY:
+ case IKE_REKEY:
+ exchange = CREATE_CHILD_SA;
+ break;
default:
continue;
}
@@ -577,7 +587,7 @@ static status_t process_request(private_task_manager_t *this,
this->passive_tasks->insert_last(this->passive_tasks, task);
task = (task_t*)ike_auth_create(this->ike_sa, FALSE);
this->passive_tasks->insert_last(this->passive_tasks, task);
- task = (task_t*)ike_config_create(this->ike_sa, NULL);
+ task = (task_t*)ike_config_create(this->ike_sa, FALSE);
this->passive_tasks->insert_last(this->passive_tasks, task);
task = (task_t*)child_create_create(this->ike_sa, NULL);
this->passive_tasks->insert_last(this->passive_tasks, task);
diff --git a/src/charon/sa/task_manager.h b/src/charon/sa/task_manager.h
index c766d4a65..fb34aab6a 100644
--- a/src/charon/sa/task_manager.h
+++ b/src/charon/sa/task_manager.h
@@ -31,6 +31,28 @@ typedef struct task_manager_t task_manager_t;
#include <sa/tasks/task.h>
/**
+ * First retransmit timeout in milliseconds.
+ *
+ * @ingroup sa
+ */
+#define RETRANSMIT_TIMEOUT 4000
+
+/**
+ * Base which is raised to the power of the retransmission try.
+ *
+ * @ingroup sa
+ */
+#define RETRANSMIT_BASE 1.8
+
+/**
+ * Number of retransmits done before giving up.
+ *
+ * @ingroup sa
+ */
+#define RETRANSMIT_TRIES 5
+
+
+/**
* @brief The task manager, juggles task and handles message exchanges.
*
* On incoming requests, the task manager creates new tasks on demand and
@@ -43,6 +65,24 @@ typedef struct task_manager_t task_manager_t;
* For the initial IKE_SA setup, several tasks are queued: One for the
* unauthenticated IKE_SA setup, one for authentication, one for CHILD_SA setup
* and maybe one for virtual IP assignement.
+ * The task manager is also responsible for retransmission. It uses a backoff
+ * algorithm. The timeout is calculated using
+ * RETRANSMIT_TIMEOUT * (RETRANSMIT_BASE ** try).
+ * When try reaches RETRANSMIT_TRIES, retransmission is given up.
+ *
+ * Using an initial TIMEOUT of 4s, a BASE of 1.8, and 5 TRIES gives us:
+ * @verbatim
+ | relative | absolute
+ ---------------------------------------------------------
+ 4s * (1.8 ** 0) = 4s 4s
+ 4s * (1.8 ** 1) = 7s 11s
+ 4s * (1.8 ** 2) = 13s 24s
+ 4s * (1.8 ** 3) = 23s 47s
+ 4s * (1.8 ** 4) = 42s 89s
+ 4s * (1.8 ** 5) = 76s 165s
+
+ @endberbatim
+ * The peer is considered dead after 2min 45s when no reply comes in.
*
* @b Constructors:
* - task_manager_create()
diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c
index 781d679f2..f70730b05 100644
--- a/src/charon/sa/tasks/child_create.c
+++ b/src/charon/sa/tasks/child_create.c
@@ -26,6 +26,7 @@
#include <daemon.h>
#include <crypto/diffie_hellman.h>
#include <encoding/payloads/sa_payload.h>
+#include <encoding/payloads/ke_payload.h>
#include <encoding/payloads/ts_payload.h>
#include <encoding/payloads/nonce_payload.h>
#include <encoding/payloads/notify_payload.h>
@@ -64,9 +65,9 @@ struct private_child_create_t {
chunk_t other_nonce;
/**
- * policy to create the CHILD_SA from
+ * config to create the CHILD_SA from
*/
- policy_t *policy;
+ child_cfg_t *config;
/**
* list of proposal candidates
@@ -89,6 +90,16 @@ struct private_child_create_t {
linked_list_t *tsr;
/**
+ * optional diffie hellman exchange
+ */
+ diffie_hellman_t *dh;
+
+ /**
+ * group used for DH exchange
+ */
+ diffie_hellman_group_t dh_group;
+
+ /**
* mode the new CHILD_SA uses (transport/tunnel/beet)
*/
mode_t mode;
@@ -162,21 +173,29 @@ static bool ts_list_is_host(linked_list_t *list, host_t *host)
}
/**
- * Install a CHILD_SA for usage
+ * Install a CHILD_SA for usage, return value:
+ * - FAILED: no acceptable proposal
+ * - INVALID_ARG: diffie hellman group inacceptable
+ * - NOT_FOUND: TS inacceptable
*/
-static status_t select_and_install(private_child_create_t *this)
+static status_t select_and_install(private_child_create_t *this, bool no_dh)
{
prf_plus_t *prf_plus;
status_t status;
- chunk_t nonce_i, nonce_r, seed;
+ chunk_t nonce_i, nonce_r, secret, seed;
linked_list_t *my_ts, *other_ts;
host_t *me, *other, *other_vip, *my_vip;
- if (this->proposals == NULL || this->tsi == NULL || this->tsr == NULL)
+ if (this->proposals == NULL)
{
- SIG(CHILD_UP_FAILED, "SA/TS payloads missing in message");
+ SIG(CHILD_UP_FAILED, "SA payload missing in message");
return FAILED;
}
+ if (this->tsi == NULL || this->tsr == NULL)
+ {
+ SIG(CHILD_UP_FAILED, "TS payloads missing in message");
+ return NOT_FOUND;
+ }
if (this->initiator)
{
@@ -198,36 +217,61 @@ static status_t select_and_install(private_child_create_t *this)
my_vip = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE);
other_vip = this->ike_sa->get_virtual_ip(this->ike_sa, FALSE);
- this->proposal = this->policy->select_proposal(this->policy, this->proposals);
-
+ this->proposal = this->config->select_proposal(this->config, this->proposals,
+ no_dh);
if (this->proposal == NULL)
{
SIG(CHILD_UP_FAILED, "no acceptable proposal found");
return FAILED;
}
- if (this->initiator && my_vip)
- { /* if we have a virtual IP, shorten our TS to the minimum */
- my_ts = this->policy->select_my_traffic_selectors(this->policy, my_ts,
- my_vip);
+ if (!this->proposal->has_dh_group(this->proposal, this->dh_group))
+ {
+ algorithm_t *algo;
+ if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
+ &algo))
+ {
+ u_int16_t group = algo->algorithm;
+ SIG(CHILD_UP_FAILED, "DH group %N inacceptable, requesting %N",
+ diffie_hellman_group_names, this->dh_group,
+ diffie_hellman_group_names, group);
+ this->dh_group = group;
+ return INVALID_ARG;
+ }
+ else
+ {
+ SIG(CHILD_UP_FAILED, "no acceptable proposal found");
+ return FAILED;
+ }
+ }
+
+ if (my_vip == NULL)
+ {
+ my_vip = me;
+ }
+ else if (this->initiator)
+ {
/* to setup firewall rules correctly, CHILD_SA needs the virtual IP */
this->child_sa->set_virtual_ip(this->child_sa, my_vip);
}
- else
- { /* shorten in the host2host case only */
- my_ts = this->policy->select_my_traffic_selectors(this->policy,
- my_ts, me);
- }
- if (other_vip)
- { /* if other has a virtual IP, shorten it's traffic selectors to it */
- other_ts = this->policy->select_other_traffic_selectors(this->policy,
- other_ts, other_vip);
+ if (other_vip == NULL)
+ {
+ other_vip = other;
}
- else
- { /* use his host for the host2host case */
- other_ts = this->policy->select_other_traffic_selectors(this->policy,
- other_ts, other);
+
+ my_ts = this->config->get_traffic_selectors(this->config, TRUE, my_ts,
+ my_vip);
+ other_ts = this->config->get_traffic_selectors(this->config, FALSE, other_ts,
+ other_vip);
+
+ if (my_ts->get_count(my_ts) == 0 || other_ts->get_count(other_ts) == 0)
+ {
+ my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
+ other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
+ SIG(CHILD_UP_FAILED, "no acceptable traffic selectors found");
+ return NOT_FOUND;
}
+
this->tsr->destroy_offset(this->tsr, offsetof(traffic_selector_t, destroy));
this->tsi->destroy_offset(this->tsi, offsetof(traffic_selector_t, destroy));
if (this->initiator)
@@ -241,13 +285,6 @@ static status_t select_and_install(private_child_create_t *this)
this->tsi = other_ts;
}
- if (this->tsi->get_count(this->tsi) == 0 ||
- this->tsr->get_count(this->tsr) == 0)
- {
- SIG(CHILD_UP_FAILED, "no acceptable traffic selectors found");
- return FAILED;
- }
-
if (!this->initiator)
{
/* check if requested mode is acceptable, downgrade if required */
@@ -279,7 +316,20 @@ static status_t select_and_install(private_child_create_t *this)
}
}
- seed = chunk_cata("cc", nonce_i, nonce_r);
+ if (this->dh)
+ {
+ if (this->dh->get_shared_secret(this->dh, &secret) != SUCCESS)
+ {
+ SIG(CHILD_UP_FAILED, "DH exchange incomplete");
+ return FAILED;
+ }
+ DBG3(DBG_IKE, "DH secret %B", &secret);
+ seed = chunk_cata("mcc", secret, nonce_i, nonce_r);
+ }
+ else
+ {
+ seed = chunk_cata("cc", nonce_i, nonce_r);
+ }
prf_plus = prf_plus_create(this->ike_sa->get_child_prf(this->ike_sa), seed);
if (this->initiator)
@@ -297,7 +347,7 @@ static status_t select_and_install(private_child_create_t *this)
if (status != SUCCESS)
{
SIG(CHILD_UP_FAILED, "unable to install IPsec SA (SAD) in kernel");
- return status;
+ return FAILED;
}
status = this->child_sa->add_policies(this->child_sa, my_ts, other_ts,
@@ -306,7 +356,7 @@ static status_t select_and_install(private_child_create_t *this)
if (status != SUCCESS)
{
SIG(CHILD_UP_FAILED, "unable to install IPsec policies (SPD) in kernel");
- return status;
+ return NOT_FOUND;
}
/* add to IKE_SA, and remove from task */
this->child_sa->set_state(this->child_sa, CHILD_INSTALLED);
@@ -321,8 +371,9 @@ static status_t select_and_install(private_child_create_t *this)
static void build_payloads(private_child_create_t *this, message_t *message)
{
sa_payload_t *sa_payload;
- ts_payload_t *ts_payload;
nonce_payload_t *nonce_payload;
+ ke_payload_t *ke_payload;
+ ts_payload_t *ts_payload;
/* add SA payload */
if (this->initiator)
@@ -343,6 +394,13 @@ static void build_payloads(private_child_create_t *this, message_t *message)
message->add_payload(message, (payload_t*)nonce_payload);
}
+ /* diffie hellman exchange, if PFS enabled */
+ if (this->dh)
+ {
+ ke_payload = ke_payload_create_from_diffie_hellman(this->dh);
+ message->add_payload(message, (payload_t*)ke_payload);
+ }
+
/* add TSi/TSr payloads */
ts_payload = ts_payload_create_from_traffic_selectors(TRUE, this->tsi);
message->add_payload(message, (payload_t*)ts_payload);
@@ -371,6 +429,7 @@ static void process_payloads(private_child_create_t *this, message_t *message)
iterator_t *iterator;
payload_t *payload;
sa_payload_t *sa_payload;
+ ke_payload_t *ke_payload;
ts_payload_t *ts_payload;
notify_payload_t *notify_payload;
@@ -386,6 +445,19 @@ static void process_payloads(private_child_create_t *this, message_t *message)
sa_payload = (sa_payload_t*)payload;
this->proposals = sa_payload->get_proposals(sa_payload);
break;
+ case KEY_EXCHANGE:
+ ke_payload = (ke_payload_t*)payload;
+ if (!this->initiator)
+ {
+ this->dh_group = ke_payload->get_dh_group_number(ke_payload);
+ this->dh = diffie_hellman_create(this->dh_group);
+ }
+ if (this->dh)
+ {
+ this->dh->set_other_public_value(this->dh,
+ ke_payload->get_key_exchange_data(ke_payload));
+ }
+ break;
case TRAFFIC_SELECTOR_INITIATOR:
ts_payload = (ts_payload_t*)payload;
this->tsi = ts_payload->get_traffic_selectors(ts_payload);
@@ -421,6 +493,7 @@ static void process_payloads(private_child_create_t *this, message_t *message)
static status_t build_i(private_child_create_t *this, message_t *message)
{
host_t *me, *other, *vip;
+ peer_cfg_t *peer_cfg;
switch (message->get_exchange_type(message))
{
@@ -432,6 +505,10 @@ static status_t build_i(private_child_create_t *this, message_t *message)
message->add_notify(message, FALSE, NO_PROPOSAL_CHOSEN, chunk_empty);
return SUCCESS;
}
+ if (this->dh_group == MODP_NONE)
+ {
+ this->dh_group = this->config->get_dh_group(this->config);
+ }
break;
case IKE_AUTH:
if (!message->get_payload(message, ID_INITIATOR))
@@ -448,25 +525,30 @@ static status_t build_i(private_child_create_t *this, message_t *message)
me = this->ike_sa->get_my_host(this->ike_sa);
other = this->ike_sa->get_other_host(this->ike_sa);
- vip = this->policy->get_virtual_ip(this->policy, NULL);
+ peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+ vip = peer_cfg->get_my_virtual_ip(peer_cfg);
if (vip)
{ /* propose a 0.0.0.0/0 subnet when we use virtual ip */
- this->tsi = this->policy->get_my_traffic_selectors(this->policy, NULL);
+ this->tsi = this->config->get_traffic_selectors(this->config, TRUE,
+ NULL, NULL);
vip->destroy(vip);
}
else
{ /* but shorten a 0.0.0.0/0 subnet to the actual address if host2host */
- this->tsi = this->policy->get_my_traffic_selectors(this->policy, me);
+ this->tsi = this->config->get_traffic_selectors(this->config, TRUE,
+ NULL, me);
}
- this->tsr = this->policy->get_other_traffic_selectors(this->policy, other);
- this->proposals = this->policy->get_proposals(this->policy);
- this->mode = this->policy->get_mode(this->policy);
+ this->tsr = this->config->get_traffic_selectors(this->config, FALSE,
+ NULL, other);
+ this->proposals = this->config->get_proposals(this->config,
+ this->dh_group == MODP_NONE);
+ this->mode = this->config->get_mode(this->config);
this->child_sa = child_sa_create(me, other,
this->ike_sa->get_my_id(this->ike_sa),
this->ike_sa->get_other_id(this->ike_sa),
- this->policy, this->reqid,
+ this->config, this->reqid,
this->ike_sa->is_natt_enabled(this->ike_sa));
if (this->child_sa->alloc(this->child_sa, this->proposals) != SUCCESS)
@@ -475,6 +557,11 @@ static status_t build_i(private_child_create_t *this, message_t *message)
return FAILED;
}
+ if (this->dh_group != MODP_NONE)
+ {
+ this->dh = diffie_hellman_create(this->dh_group);
+ }
+
build_payloads(this, message);
this->tsi->destroy_offset(this->tsi, offsetof(traffic_selector_t, destroy));
@@ -492,6 +579,8 @@ static status_t build_i(private_child_create_t *this, message_t *message)
*/
static status_t process_r(private_child_create_t *this, message_t *message)
{
+ peer_cfg_t *peer_cfg;
+
switch (message->get_exchange_type(message))
{
case IKE_SA_INIT:
@@ -517,18 +606,13 @@ static status_t process_r(private_child_create_t *this, message_t *message)
return NEED_MORE;
}
- this->policy = charon->policies->get_policy(charon->policies,
- this->ike_sa->get_my_id(this->ike_sa),
- this->ike_sa->get_other_id(this->ike_sa),
- this->tsr, this->tsi,
- this->ike_sa->get_my_host(this->ike_sa),
- this->ike_sa->get_other_host(this->ike_sa));
-
- if (this->policy && this->ike_sa->get_policy(this->ike_sa) == NULL)
+ peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+ if (peer_cfg)
{
- this->ike_sa->set_policy(this->ike_sa, this->policy);
+ this->config = peer_cfg->select_child_cfg(peer_cfg, this->tsr, this->tsi,
+ this->ike_sa->get_my_host(this->ike_sa),
+ this->ike_sa->get_other_host(this->ike_sa));
}
-
return NEED_MORE;
}
@@ -537,6 +621,8 @@ static status_t process_r(private_child_create_t *this, message_t *message)
*/
static status_t build_r(private_child_create_t *this, message_t *message)
{
+ bool no_dh = TRUE;
+
switch (message->get_exchange_type(message))
{
case IKE_SA_INIT:
@@ -547,6 +633,7 @@ static status_t build_r(private_child_create_t *this, message_t *message)
message->add_notify(message, FALSE, NO_PROPOSAL_CHOSEN, chunk_empty);
return SUCCESS;
}
+ no_dh = FALSE;
break;
case IKE_AUTH:
if (message->get_payload(message, EXTENSIBLE_AUTHENTICATION))
@@ -565,10 +652,11 @@ static status_t build_r(private_child_create_t *this, message_t *message)
return SUCCESS;
}
- if (this->policy == NULL)
+ if (this->config == NULL)
{
- SIG(CHILD_UP_FAILED, "no acceptable policy found");
- message->add_notify(message, FALSE, NO_PROPOSAL_CHOSEN, chunk_empty);
+ SIG(CHILD_UP_FAILED, "traffic selectors %#R=== %#R inacceptable",
+ this->tsr, this->tsi);
+ message->add_notify(message, FALSE, TS_UNACCEPTABLE, chunk_empty);
return SUCCESS;
}
@@ -576,13 +664,27 @@ static status_t build_r(private_child_create_t *this, message_t *message)
this->ike_sa->get_other_host(this->ike_sa),
this->ike_sa->get_my_id(this->ike_sa),
this->ike_sa->get_other_id(this->ike_sa),
- this->policy, this->reqid,
+ this->config, this->reqid,
this->ike_sa->is_natt_enabled(this->ike_sa));
- if (select_and_install(this) != SUCCESS)
+ switch (select_and_install(this, no_dh))
{
- message->add_notify(message, FALSE, TS_UNACCEPTABLE, chunk_empty);
- return SUCCESS;
+ case SUCCESS:
+ break;
+ case NOT_FOUND:
+ message->add_notify(message, FALSE, TS_UNACCEPTABLE, chunk_empty);
+ return SUCCESS;
+ case INVALID_ARG:
+ {
+ u_int16_t group = htons(this->dh_group);
+ message->add_notify(message, FALSE, INVALID_KE_PAYLOAD,
+ chunk_from_thing(group));
+ return SUCCESS;
+ }
+ case FAILED:
+ default:
+ message->add_notify(message, FALSE, NO_PROPOSAL_CHOSEN, chunk_empty);
+ return SUCCESS;
}
build_payloads(this, message);
@@ -599,6 +701,7 @@ static status_t process_i(private_child_create_t *this, message_t *message)
{
iterator_t *iterator;
payload_t *payload;
+ bool no_dh = TRUE;
switch (message->get_exchange_type(message))
{
@@ -606,6 +709,7 @@ static status_t process_i(private_child_create_t *this, message_t *message)
return get_nonce(message, &this->other_nonce);
case CREATE_CHILD_SA:
get_nonce(message, &this->other_nonce);
+ no_dh = FALSE;
break;
case IKE_AUTH:
if (message->get_payload(message, EXTENSIBLE_AUTHENTICATION))
@@ -643,6 +747,22 @@ static status_t process_i(private_child_create_t *this, message_t *message)
/* an error in CHILD_SA creation is not critical */
return SUCCESS;
}
+ case INVALID_KE_PAYLOAD:
+ {
+ chunk_t data;
+ diffie_hellman_group_t bad_group;
+
+ bad_group = this->dh_group;
+ data = notify->get_notification_data(notify);
+ this->dh_group = ntohs(*((u_int16_t*)data.ptr));
+ DBG1(DBG_IKE, "peer didn't accept DH group %N, "
+ "it requested %N", diffie_hellman_group_names,
+ bad_group, diffie_hellman_group_names, this->dh_group);
+
+ this->public.task.migrate(&this->public.task, this->ike_sa);
+ iterator->destroy(iterator);
+ return NEED_MORE;
+ }
default:
break;
}
@@ -652,7 +772,7 @@ static status_t process_i(private_child_create_t *this, message_t *message)
process_payloads(this, message);
- if (select_and_install(this) == SUCCESS)
+ if (select_and_install(this, no_dh) == SUCCESS)
{
SIG(CHILD_UP_SUCCESS, "established CHILD_SA successfully");
}
@@ -716,6 +836,7 @@ static void migrate(private_child_create_t *this, ike_sa_t *ike_sa)
}
DESTROY_IF(this->child_sa);
DESTROY_IF(this->proposal);
+ DESTROY_IF(this->dh);
if (this->proposals)
{
this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
@@ -725,6 +846,7 @@ static void migrate(private_child_create_t *this, ike_sa_t *ike_sa)
this->proposals = NULL;
this->tsi = NULL;
this->tsr = NULL;
+ this->dh = NULL;
this->child_sa = NULL;
this->mode = MODE_TUNNEL;
this->reqid = 0;
@@ -751,19 +873,20 @@ static void destroy(private_child_create_t *this)
DESTROY_IF(this->child_sa);
}
DESTROY_IF(this->proposal);
+ DESTROY_IF(this->dh);
if (this->proposals)
{
this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
}
- DESTROY_IF(this->policy);
+ DESTROY_IF(this->config);
free(this);
}
/*
* Described in header.
*/
-child_create_t *child_create_create(ike_sa_t *ike_sa, policy_t *policy)
+child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config)
{
private_child_create_t *this = malloc_thing(private_child_create_t);
@@ -773,12 +896,12 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, policy_t *policy)
this->public.task.get_type = (task_type_t(*)(task_t*))get_type;
this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate;
this->public.task.destroy = (void(*)(task_t*))destroy;
- if (policy)
+ if (config)
{
this->public.task.build = (status_t(*)(task_t*,message_t*))build_i;
this->public.task.process = (status_t(*)(task_t*,message_t*))process_i;
this->initiator = TRUE;
- policy->get_ref(policy);
+ config->get_ref(config);
}
else
{
@@ -788,13 +911,15 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, policy_t *policy)
}
this->ike_sa = ike_sa;
- this->policy = policy;
+ this->config = config;
this->my_nonce = chunk_empty;
this->other_nonce = chunk_empty;
this->proposals = NULL;
this->proposal = NULL;
this->tsi = NULL;
this->tsr = NULL;
+ this->dh = NULL;
+ this->dh_group = MODP_NONE;
this->child_sa = NULL;
this->mode = MODE_TUNNEL;
this->reqid = 0;
diff --git a/src/charon/sa/tasks/child_create.h b/src/charon/sa/tasks/child_create.h
index 200d37457..9f4815215 100644
--- a/src/charon/sa/tasks/child_create.h
+++ b/src/charon/sa/tasks/child_create.h
@@ -28,7 +28,7 @@ typedef struct child_create_t child_create_t;
#include <library.h>
#include <sa/ike_sa.h>
#include <sa/tasks/task.h>
-#include <config/policies/policy.h>
+#include <config/child_cfg.h>
/**
* @brief Task of type CHILD_CREATE, established a new CHILD_SA.
@@ -80,9 +80,9 @@ struct child_create_t {
* @brief Create a new child_create task.
*
* @param ike_sa IKE_SA this task works for
- * @param policy policy if task initiator, NULL if responder
+ * @param config child_cfg if task initiator, NULL if responder
* @return child_create task to handle by the task_manager
*/
-child_create_t *child_create_create(ike_sa_t *ike_sa, policy_t *policy);
+child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config);
#endif /* CHILD_CREATE_H_ */
diff --git a/src/charon/sa/tasks/child_delete.c b/src/charon/sa/tasks/child_delete.c
index 23d509de5..d0b34a276 100644
--- a/src/charon/sa/tasks/child_delete.c
+++ b/src/charon/sa/tasks/child_delete.c
@@ -177,10 +177,29 @@ static void destroy_children(private_child_delete_t *this)
}
/**
+ * send closing signals for all CHILD_SAs over the bus
+ */
+static void log_children(private_child_delete_t *this)
+{
+ iterator_t *iterator;
+ child_sa_t *child_sa;
+
+ iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
+ while (iterator->iterate(iterator, (void**)&child_sa))
+ {
+ SIG(CHILD_DOWN_START, "closing CHILD_SA %#R=== %#R",
+ child_sa->get_traffic_selectors(child_sa, TRUE),
+ child_sa->get_traffic_selectors(child_sa, FALSE));
+ }
+ iterator->destroy(iterator);
+}
+
+/**
* Implementation of task_t.build for initiator
*/
static status_t build_i(private_child_delete_t *this, message_t *message)
{
+ log_children(this);
build_payloads(this, message);
return NEED_MORE;
}
@@ -196,6 +215,7 @@ static status_t process_i(private_child_delete_t *this, message_t *message)
process_payloads(this, message);
destroy_children(this);
+ SIG(CHILD_DOWN_SUCCESS, "CHILD_SA closed");
return SUCCESS;
}
@@ -205,6 +225,7 @@ static status_t process_i(private_child_delete_t *this, message_t *message)
static status_t process_r(private_child_delete_t *this, message_t *message)
{
process_payloads(this, message);
+ log_children(this);
return NEED_MORE;
}
@@ -219,6 +240,7 @@ static status_t build_r(private_child_delete_t *this, message_t *message)
build_payloads(this, message);
}
destroy_children(this);
+ SIG(CHILD_DOWN_SUCCESS, "CHILD_SA closed");
return SUCCESS;
}
diff --git a/src/charon/sa/tasks/child_rekey.c b/src/charon/sa/tasks/child_rekey.c
index 745895dbb..4f3c69034 100644
--- a/src/charon/sa/tasks/child_rekey.c
+++ b/src/charon/sa/tasks/child_rekey.c
@@ -27,7 +27,7 @@
#include <encoding/payloads/notify_payload.h>
#include <sa/tasks/child_create.h>
#include <sa/tasks/child_delete.h>
-#include <queues/jobs/rekey_child_sa_job.h>
+#include <processing/jobs/rekey_child_sa_job.h>
typedef struct private_child_rekey_t private_child_rekey_t;
@@ -183,7 +183,12 @@ static status_t process_i(private_child_rekey_t *this, message_t *message)
u_int32_t spi;
child_sa_t *to_delete;
- this->child_create->task.process(&this->child_create->task, message);
+ if (this->child_create->task.process(&this->child_create->task, message) == NEED_MORE)
+ {
+ /* bad DH group while rekeying, try again */
+ this->child_create->task.migrate(&this->child_create->task, this->ike_sa);
+ return NEED_MORE;
+ }
if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL)
{
/* establishing new child failed, reuse old. but not when we
@@ -192,8 +197,8 @@ static status_t process_i(private_child_rekey_t *this, message_t *message)
this->collision->get_type(this->collision) == CHILD_DELETE))
{
job_t *job;
- u_int32_t retry = charon->configuration->get_retry_interval(
- charon->configuration);
+ u_int32_t retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
+
job = (job_t*)rekey_child_sa_job_create(
this->child_sa->get_reqid(this->child_sa),
this->child_sa->get_protocol(this->child_sa),
@@ -315,8 +320,8 @@ static void destroy(private_child_rekey_t *this)
*/
child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, child_sa_t *child_sa)
{
+ child_cfg_t *config;
private_child_rekey_t *this = malloc_thing(private_child_rekey_t);
- policy_t *policy;
this->public.collide = (void (*)(child_rekey_t*,task_t*))collide;
this->public.task.get_type = (task_type_t(*)(task_t*))get_type;
@@ -327,8 +332,8 @@ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, child_sa_t *child_sa)
this->public.task.build = (status_t(*)(task_t*,message_t*))build_i;
this->public.task.process = (status_t(*)(task_t*,message_t*))process_i;
this->initiator = TRUE;
- policy = child_sa->get_policy(child_sa);
- this->child_create = child_create_create(ike_sa, policy);
+ config = child_sa->get_config(child_sa);
+ this->child_create = child_create_create(ike_sa, config);
}
else
{
diff --git a/src/charon/sa/tasks/ike_auth.c b/src/charon/sa/tasks/ike_auth.c
index 541e1bb37..d0dd49aee 100644
--- a/src/charon/sa/tasks/ike_auth.c
+++ b/src/charon/sa/tasks/ike_auth.c
@@ -100,18 +100,18 @@ static status_t build_auth(private_ike_auth_t *this, message_t *message)
{
authenticator_t *auth;
auth_payload_t *auth_payload;
- policy_t *policy;
+ peer_cfg_t *config;
auth_method_t method;
status_t status;
/* create own authenticator and add auth payload */
- policy = this->ike_sa->get_policy(this->ike_sa);
- if (!policy)
+ config = this->ike_sa->get_peer_cfg(this->ike_sa);
+ if (!config)
{
- SIG(IKE_UP_FAILED, "unable to authenticate, no policy found");
+ SIG(IKE_UP_FAILED, "unable to authenticate, no peer config found");
return FAILED;
}
- method = policy->get_auth_method(policy);
+ method = config->get_auth_method(config);
auth = authenticator_create(this->ike_sa, method);
if (auth == NULL)
@@ -140,15 +140,15 @@ static status_t build_id(private_ike_auth_t *this, message_t *message)
{
identification_t *me, *other;
id_payload_t *id;
- policy_t *policy;
+ peer_cfg_t *config;
me = this->ike_sa->get_my_id(this->ike_sa);
other = this->ike_sa->get_other_id(this->ike_sa);
- policy = this->ike_sa->get_policy(this->ike_sa);
+ config = this->ike_sa->get_peer_cfg(this->ike_sa);
if (me->contains_wildcards(me))
{
- me = policy->get_my_id(policy);
+ me = config->get_my_id(config);
if (me->contains_wildcards(me))
{
SIG(IKE_UP_FAILED, "negotiation of own ID failed");
@@ -202,7 +202,7 @@ static status_t process_auth(private_ike_auth_t *this, message_t *message)
auth->destroy(auth);
if (status != SUCCESS)
{
- SIG(IKE_UP_FAILED, "authentication of %D using %N failed",
+ SIG(IKE_UP_FAILED, "authentication of '%D' with %N failed",
this->ike_sa->get_other_id(this->ike_sa),
auth_method_names, auth_method);
return FAILED;
@@ -215,7 +215,7 @@ static status_t process_auth(private_ike_auth_t *this, message_t *message)
*/
static status_t process_id(private_ike_auth_t *this, message_t *message)
{
- identification_t *id;
+ identification_t *id, *req;
id_payload_t *idr, *idi;
idi = (id_payload_t*)message->get_payload(message, ID_INITIATOR);
@@ -230,6 +230,13 @@ static status_t process_id(private_ike_auth_t *this, message_t *message)
if (this->initiator)
{
id = idr->get_identification(idr);
+ req = this->ike_sa->get_other_id(this->ike_sa);
+ if (!id->matches(id, req, NULL))
+ {
+ SIG(IKE_UP_FAILED, "peer ID %D unacceptable, %D required", id, req);
+ id->destroy(id);
+ return FAILED;
+ }
this->ike_sa->set_other_id(this->ike_sa, id);
}
else
@@ -346,7 +353,7 @@ static status_t process_auth_eap(private_ike_auth_t *this, message_t *message)
if (!this->peer_authenticated)
{
- SIG(IKE_UP_FAILED, "authentication of %D using %N failed",
+ SIG(IKE_UP_FAILED, "authentication of '%D' with %N failed",
this->ike_sa->get_other_id(this->ike_sa),
auth_method_names, AUTH_EAP);
if (this->initiator)
@@ -444,7 +451,7 @@ static status_t build_eap_r(private_ike_auth_t *this, message_t *message)
this->public.task.process = (status_t(*)(task_t*,message_t*))process_auth_eap;
break;
default:
- SIG(IKE_UP_FAILED, "authentication of %D using %N failed",
+ SIG(IKE_UP_FAILED, "authentication of '%D' with %N failed",
this->ike_sa->get_other_id(this->ike_sa),
auth_method_names, AUTH_EAP);
status = FAILED;
@@ -459,7 +466,7 @@ static status_t build_eap_r(private_ike_auth_t *this, message_t *message)
*/
static status_t build_i(private_ike_auth_t *this, message_t *message)
{
- policy_t *policy;
+ peer_cfg_t *config;
if (message->get_exchange_type(message) == IKE_SA_INIT)
{
@@ -471,8 +478,8 @@ static status_t build_i(private_ike_auth_t *this, message_t *message)
return FAILED;
}
- policy = this->ike_sa->get_policy(this->ike_sa);
- if (policy->get_auth_method(policy) == AUTH_EAP)
+ config = this->ike_sa->get_peer_cfg(this->ike_sa);
+ if (config->get_auth_method(config) == AUTH_EAP)
{
this->eap_auth = eap_authenticator_create(this->ike_sa);
}
@@ -488,10 +495,12 @@ static status_t build_i(private_ike_auth_t *this, message_t *message)
}
/**
- * Implementation of task_t.process for initiator
+ * Implementation of task_t.process for responder
*/
static status_t process_r(private_ike_auth_t *this, message_t *message)
-{
+{
+ peer_cfg_t *config;
+
if (message->get_exchange_type(message) == IKE_SA_INIT)
{
return collect_other_init_data(this, message);
@@ -514,6 +523,17 @@ static status_t process_r(private_ike_auth_t *this, message_t *message)
default:
break;
}
+
+ config = charon->backends->get_peer_cfg(charon->backends,
+ this->ike_sa->get_my_id(this->ike_sa),
+ this->ike_sa->get_other_id(this->ike_sa),
+ this->ike_sa->get_other_ca(this->ike_sa));
+ if (config)
+ {
+ this->ike_sa->set_peer_cfg(this->ike_sa, config);
+ config->destroy(config);
+ }
+
return NEED_MORE;
}
@@ -522,7 +542,7 @@ static status_t process_r(private_ike_auth_t *this, message_t *message)
*/
static status_t build_r(private_ike_auth_t *this, message_t *message)
{
- policy_t *policy;
+ peer_cfg_t *config;
eap_type_t eap_type;
eap_payload_t *eap_payload;
status_t status;
@@ -532,10 +552,12 @@ static status_t build_r(private_ike_auth_t *this, message_t *message)
return collect_my_init_data(this, message);
}
- policy = this->ike_sa->get_policy(this->ike_sa);
- if (policy == NULL)
+ config = this->ike_sa->get_peer_cfg(this->ike_sa);
+ if (config == NULL)
{
- SIG(IKE_UP_FAILED, "no acceptable policy found");
+ SIG(IKE_UP_FAILED, "no matching config found for %D...%D",
+ this->ike_sa->get_my_id(this->ike_sa),
+ this->ike_sa->get_other_id(this->ike_sa));
message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty);
return FAILED;
}
@@ -567,7 +589,7 @@ static status_t build_r(private_ike_auth_t *this, message_t *message)
}
/* initiate EAP authenitcation */
- eap_type = policy->get_eap_type(policy);
+ eap_type = config->get_eap_type(config);
status = this->eap_auth->initiate(this->eap_auth, eap_type, &eap_payload);
message->add_payload(message, (payload_t*)eap_payload);
if (status != NEED_MORE)
diff --git a/src/charon/sa/tasks/ike_cert.c b/src/charon/sa/tasks/ike_cert.c
index 160600742..880ed9c42 100644
--- a/src/charon/sa/tasks/ike_cert.c
+++ b/src/charon/sa/tasks/ike_cert.c
@@ -84,7 +84,7 @@ static void process_certreqs(private_ike_cert_t *this, message_t *message)
encoding = certreq->get_cert_encoding(certreq);
if (encoding != CERT_X509_SIGNATURE)
{
- DBG1(DBG_IKE, "certreq payload %N not supported, ignored",
+ DBG1(DBG_IKE, "certreq payload %N not supported - ignored",
cert_encoding_names, encoding);
continue;
}
@@ -125,7 +125,7 @@ static void process_certs(private_ike_cert_t *this, message_t *message)
encoding = cert_payload->get_cert_encoding(cert_payload);
if (encoding != CERT_X509_SIGNATURE)
{
- DBG1(DBG_IKE, "certificate payload %N not supported, ignored",
+ DBG1(DBG_IKE, "certificate payload %N not supported - ignored",
cert_encoding_names, encoding);
continue;
}
@@ -134,31 +134,29 @@ static void process_certs(private_ike_cert_t *this, message_t *message)
cert = x509_create_from_chunk(cert_data, 0);
if (cert)
{
- if (charon->credentials->verify(charon->credentials,
- cert, &found))
+ if (charon->credentials->verify(charon->credentials, cert, &found))
{
- DBG2(DBG_IKE, "received end entity certificate is trusted, "
- "added to store");
- if (!found)
+ DBG2(DBG_IKE, "received end entity certificate is trusted - "
+ "added to store");
+ if (found)
{
- charon->credentials->add_end_certificate(
- charon->credentials, cert);
+ cert->destroy(cert);
}
else
{
- cert->destroy(cert);
+ charon->credentials->add_end_certificate(charon->credentials, cert);
}
}
else
{
- DBG1(DBG_IKE, "received end entity certificate is not "
- "trusted, discarded");
+ DBG1(DBG_IKE, "received end entity certificate is not trusted - "
+ "discarded");
cert->destroy(cert);
}
}
else
{
- DBG1(DBG_IKE, "parsing of received certificate failed, discarded");
+ DBG1(DBG_IKE, "parsing of received certificate failed - discarded");
chunk_free(&cert_data);
}
}
@@ -171,20 +169,20 @@ static void process_certs(private_ike_cert_t *this, message_t *message)
*/
static void build_certreqs(private_ike_cert_t *this, message_t *message)
{
- connection_t *connection;
- policy_t *policy;
+ ike_cfg_t *ike_cfg;
+ peer_cfg_t *peer_cfg;
identification_t *ca;
certreq_payload_t *certreq;
- connection = this->ike_sa->get_connection(this->ike_sa);
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
- if (connection->get_certreq_policy(connection) != CERT_NEVER_SEND)
+ if (ike_cfg->send_certreq(ike_cfg) != CERT_NEVER_SEND)
{
- policy = this->ike_sa->get_policy(this->ike_sa);
+ peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
- if (policy)
+ if (peer_cfg)
{
- ca = policy->get_other_ca(policy);
+ ca = peer_cfg->get_other_ca(peer_cfg);
if (ca && ca->get_type(ca) != ID_ANY)
{
@@ -212,17 +210,15 @@ static void build_certreqs(private_ike_cert_t *this, message_t *message)
*/
static void build_certs(private_ike_cert_t *this, message_t *message)
{
- policy_t *policy;
- connection_t *connection;
+ peer_cfg_t *peer_cfg;
x509_t *cert;
cert_payload_t *payload;
- policy = this->ike_sa->get_policy(this->ike_sa);
- connection = this->ike_sa->get_connection(this->ike_sa);
+ peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
- if (policy && policy->get_auth_method(policy) == AUTH_RSA)
+ if (peer_cfg && peer_cfg->get_auth_method(peer_cfg) == AUTH_RSA)
{
- switch (connection->get_cert_policy(connection))
+ switch (peer_cfg->get_cert_policy(peer_cfg))
{
case CERT_NEVER_SEND:
break;
@@ -236,7 +232,7 @@ static void build_certs(private_ike_cert_t *this, message_t *message)
{
/* TODO: respect CA cert request */
cert = charon->credentials->get_certificate(charon->credentials,
- policy->get_my_id(policy));
+ peer_cfg->get_my_id(peer_cfg));
if (cert)
{
payload = cert_payload_create_from_x509(cert);
diff --git a/src/charon/sa/tasks/ike_config.c b/src/charon/sa/tasks/ike_config.c
index ce29b9220..3c73395a5 100644
--- a/src/charon/sa/tasks/ike_config.c
+++ b/src/charon/sa/tasks/ike_config.c
@@ -49,11 +49,6 @@ struct private_ike_config_t {
bool initiator;
/**
- * associated policy with virtual IP configuration
- */
- policy_t *policy;
-
- /**
* virtual ip
*/
host_t *virtual_ip;
@@ -266,7 +261,20 @@ static status_t build_i(private_ike_config_t *this, message_t *message)
if (message->get_exchange_type(message) == IKE_AUTH &&
message->get_payload(message, ID_INITIATOR))
{
- this->virtual_ip = this->policy->get_virtual_ip(this->policy, NULL);
+ peer_cfg_t *config;
+ host_t *vip;
+
+ /* reuse virtual IP if we already have one */
+ vip = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE);
+ if (vip)
+ {
+ this->virtual_ip = vip->clone(vip);
+ }
+ else
+ {
+ config = this->ike_sa->get_peer_cfg(this->ike_sa);
+ this->virtual_ip = config->get_my_virtual_ip(config);
+ }
build_payloads(this, message, CFG_REQUEST);
}
@@ -295,17 +303,18 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
if (message->get_exchange_type(message) == IKE_AUTH &&
message->get_payload(message, EXTENSIBLE_AUTHENTICATION) == NULL)
{
- this->policy = this->ike_sa->get_policy(this->ike_sa);
+ peer_cfg_t *config = this->ike_sa->get_peer_cfg(this->ike_sa);
- if (this->policy && this->virtual_ip)
+ if (config && this->virtual_ip)
{
host_t *ip;
DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip);
- ip = this->policy->get_virtual_ip(this->policy, this->virtual_ip);
+ ip = config->get_other_virtual_ip(config, this->virtual_ip);
if (ip == NULL || ip->is_anyaddr(ip))
{
DBG1(DBG_IKE, "not assigning a virtual IP to peer");
+ DESTROY_IF(ip);
return SUCCESS;
}
DBG1(DBG_IKE, "assigning virtual IP %H to peer", ip);
@@ -340,13 +349,20 @@ static status_t process_i(private_ike_config_t *this, message_t *message)
!message->get_payload(message, EXTENSIBLE_AUTHENTICATION))
{
host_t *ip;
+ peer_cfg_t *config;
DESTROY_IF(this->virtual_ip);
this->virtual_ip = NULL;
process_payloads(this, message);
+
+ if (this->virtual_ip == NULL)
+ { /* force a configured virtual IP, even server didn't return one */
+ config = this->ike_sa->get_peer_cfg(this->ike_sa);
+ this->virtual_ip = config->get_my_virtual_ip(config);
+ }
- if (this->virtual_ip)
+ if (this->virtual_ip && !this->virtual_ip->is_anyaddr(this->virtual_ip))
{
this->ike_sa->set_virtual_ip(this->ike_sa, TRUE, this->virtual_ip);
@@ -398,7 +414,7 @@ static void destroy(private_ike_config_t *this)
/*
* Described in header.
*/
-ike_config_t *ike_config_create(ike_sa_t *ike_sa, policy_t *policy)
+ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator)
{
private_ike_config_t *this = malloc_thing(private_ike_config_t);
@@ -406,21 +422,18 @@ ike_config_t *ike_config_create(ike_sa_t *ike_sa, policy_t *policy)
this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate;
this->public.task.destroy = (void(*)(task_t*))destroy;
- if (policy)
+ if (initiator)
{
this->public.task.build = (status_t(*)(task_t*,message_t*))build_i;
this->public.task.process = (status_t(*)(task_t*,message_t*))process_i;
- this->initiator = TRUE;
}
else
{
this->public.task.build = (status_t(*)(task_t*,message_t*))build_r;
this->public.task.process = (status_t(*)(task_t*,message_t*))process_r;
- this->initiator = FALSE;
}
-
+ this->initiator = initiator;
this->ike_sa = ike_sa;
- this->policy = policy;
this->virtual_ip = NULL;
this->dns = linked_list_create();
diff --git a/src/charon/sa/tasks/ike_config.h b/src/charon/sa/tasks/ike_config.h
index 0c9b961b4..a7cfddff0 100644
--- a/src/charon/sa/tasks/ike_config.h
+++ b/src/charon/sa/tasks/ike_config.h
@@ -28,7 +28,6 @@ typedef struct ike_config_t ike_config_t;
#include <library.h>
#include <sa/ike_sa.h>
#include <sa/tasks/task.h>
-#include <config/policies/policy.h>
/**
* @brief Task of type IKE_CONFIG, sets up a virtual IP and other
@@ -51,9 +50,9 @@ struct ike_config_t {
* @brief Create a new ike_config task.
*
* @param ike_sa IKE_SA this task works for
- * @param policy policy for the initiator, NULL for the responder
+ * @param initiator TRUE for initiator
* @return ike_config task to handle by the task_manager
*/
-ike_config_t *ike_config_create(ike_sa_t *ike_sa, policy_t *policy);
+ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator);
#endif /* IKE_CONFIG_H_ */
diff --git a/src/charon/sa/tasks/ike_delete.c b/src/charon/sa/tasks/ike_delete.c
index 9c4fdac0e..1a3656ca6 100644
--- a/src/charon/sa/tasks/ike_delete.c
+++ b/src/charon/sa/tasks/ike_delete.c
@@ -28,7 +28,7 @@
typedef struct private_ike_delete_t private_ike_delete_t;
-/**
+/**file
* Private members of a ike_delete_t task.
*/
struct private_ike_delete_t {
@@ -94,7 +94,6 @@ static status_t process_r(private_ike_delete_t *this, message_t *message)
DBG1(DBG_IKE, "deleting IKE_SA on request");
break;
case IKE_REKEYING:
- DBG1(DBG_IKE, "initiated rekeying, but received delete for IKE_SA");
break;
default:
break;
diff --git a/src/charon/sa/tasks/ike_init.c b/src/charon/sa/tasks/ike_init.c
index 0b493666a..f78b5dd66 100644
--- a/src/charon/sa/tasks/ike_init.c
+++ b/src/charon/sa/tasks/ike_init.c
@@ -57,9 +57,9 @@ struct private_ike_init_t {
bool initiator;
/**
- * Connection established by this IKE_SA
+ * IKE config to establish
*/
- connection_t *connection;
+ ike_cfg_t *config;
/**
* diffie hellman group to use
@@ -69,7 +69,7 @@ struct private_ike_init_t {
/**
* Diffie hellman object used to generate public DH value.
*/
- diffie_hellman_t *diffie_hellman;
+ diffie_hellman_t *dh;
/**
* nonce chosen by us
@@ -117,11 +117,11 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
id = this->ike_sa->get_id(this->ike_sa);
- this->connection = this->ike_sa->get_connection(this->ike_sa);
+ this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
if (this->initiator)
{
- proposal_list = this->connection->get_proposals(this->connection);
+ proposal_list = this->config->get_proposals(this->config);
if (this->old_sa)
{
/* include SPI of new IKE_SA when we are rekeying */
@@ -151,7 +151,7 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
nonce_payload->set_nonce(nonce_payload, this->my_nonce);
message->add_payload(message, (payload_t*)nonce_payload);
- ke_payload = ke_payload_create_from_diffie_hellman(this->diffie_hellman);
+ ke_payload = ke_payload_create_from_diffie_hellman(this->dh);
message->add_payload(message, (payload_t*)ke_payload);
}
@@ -174,8 +174,8 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
linked_list_t *proposal_list;
proposal_list = sa_payload->get_proposals(sa_payload);
- this->proposal = this->connection->select_proposal(
- this->connection, proposal_list);
+ this->proposal = this->config->select_proposal(this->config,
+ proposal_list);
proposal_list->destroy_offset(proposal_list,
offsetof(proposal_t, destroy));
break;
@@ -183,34 +183,16 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
case KEY_EXCHANGE:
{
ke_payload_t *ke_payload = (ke_payload_t*)payload;
- diffie_hellman_group_t dh_group;
- chunk_t key_data;
- dh_group = ke_payload->get_dh_group_number(ke_payload);
-
- if (this->initiator)
+ this->dh_group = ke_payload->get_dh_group_number(ke_payload);
+ if (!this->initiator)
{
- if (dh_group != this->dh_group)
- {
- DBG1(DBG_IKE, "received a DH group not requested (%N)",
- diffie_hellman_group_names, dh_group);
- break;
- }
+ this->dh = diffie_hellman_create(this->dh_group);
}
- else
+ if (this->dh)
{
- this->dh_group = dh_group;
- if (!this->connection->check_dh_group(this->connection,
- dh_group))
- {
- break;
- }
- this->diffie_hellman = diffie_hellman_create(dh_group);
- }
- if (this->diffie_hellman)
- {
- key_data = ke_payload->get_key_exchange_data(ke_payload);
- this->diffie_hellman->set_other_public_value(this->diffie_hellman, key_data);
+ this->dh->set_other_public_value(this->dh,
+ ke_payload->get_key_exchange_data(ke_payload));
}
break;
}
@@ -235,9 +217,9 @@ static status_t build_i(private_ike_init_t *this, message_t *message)
randomizer_t *randomizer;
status_t status;
- this->connection = this->ike_sa->get_connection(this->ike_sa);
+ this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
SIG(IKE_UP_START, "initiating IKE_SA to %H",
- this->connection->get_other_host(this->connection));
+ this->config->get_other_host(this->config));
this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
if (this->retry++ >= MAX_RETRIES)
@@ -247,11 +229,11 @@ static status_t build_i(private_ike_init_t *this, message_t *message)
}
/* if the DH group is set via use_dh_group(), we already have a DH object */
- if (!this->diffie_hellman)
+ if (!this->dh)
{
- this->dh_group = this->connection->get_dh_group(this->connection);
- this->diffie_hellman = diffie_hellman_create(this->dh_group);
- if (this->diffie_hellman == NULL)
+ this->dh_group = this->config->get_dh_group(this->config);
+ this->dh = diffie_hellman_create(this->dh_group);
+ if (this->dh == NULL)
{
SIG(IKE_UP_FAILED, "configured DH group %N not supported",
diffie_hellman_group_names, this->dh_group);
@@ -291,7 +273,7 @@ static status_t process_r(private_ike_init_t *this, message_t *message)
{
randomizer_t *randomizer;
- this->connection = this->ike_sa->get_connection(this->ike_sa);
+ this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
SIG(IKE_UP_FAILED, "%H is initiating an IKE_SA",
message->get_source(message));
this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
@@ -326,25 +308,29 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
return FAILED;
}
- if (this->diffie_hellman == NULL ||
- this->diffie_hellman->get_shared_secret(this->diffie_hellman,
- &secret) != SUCCESS)
+ if (this->dh == NULL ||
+ !this->proposal->has_dh_group(this->proposal, this->dh_group) ||
+ this->dh->get_shared_secret(this->dh, &secret) != SUCCESS)
{
- chunk_t chunk;
- u_int16_t dh_enc;
-
- SIG(IKE_UP_FAILED, "received inacceptable DH group (%N)",
- diffie_hellman_group_names, this->dh_group);
- this->dh_group = this->connection->get_dh_group(this->connection);
- dh_enc = htons(this->dh_group);
- chunk.ptr = (u_int8_t*)&dh_enc;
- chunk.len = sizeof(dh_enc);
- message->add_notify(message, TRUE, INVALID_KE_PAYLOAD, chunk);
- DBG1(DBG_IKE, "requesting DH group %N",
- diffie_hellman_group_names, this->dh_group);
+ algorithm_t *algo;
+ if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
+ &algo))
+ {
+ u_int16_t group = algo->algorithm;
+ SIG(CHILD_UP_FAILED, "DH group %N inacceptable, requesting %N",
+ diffie_hellman_group_names, this->dh_group,
+ diffie_hellman_group_names, group);
+ this->dh_group = group;
+ group = htons(group);
+ message->add_notify(message, FALSE, INVALID_KE_PAYLOAD,
+ chunk_from_thing(group));
+ }
+ else
+ {
+ SIG(IKE_UP_FAILED, "no acceptable proposal found");
+ }
return FAILED;
}
-
if (this->old_sa)
{
@@ -405,27 +391,20 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
case INVALID_KE_PAYLOAD:
{
chunk_t data;
- diffie_hellman_group_t old_dh_group;
+ diffie_hellman_group_t bad_group;
- old_dh_group = this->dh_group;
+ bad_group = this->dh_group;
data = notify->get_notification_data(notify);
this->dh_group = ntohs(*((u_int16_t*)data.ptr));
-
- DBG1(DBG_IKE, "peer didn't accept DH group %N, it requested"
- " %N", diffie_hellman_group_names, old_dh_group,
- diffie_hellman_group_names, this->dh_group);
- if (!this->connection->check_dh_group(this->connection,
- this->dh_group))
- {
- DBG1(DBG_IKE, "requested DH group %N not acceptable, "
- "giving up", diffie_hellman_group_names,
- this->dh_group);
- iterator->destroy(iterator);
- return FAILED;
+ DBG1(DBG_IKE, "peer didn't accept DH group %N, "
+ "it requested %N", diffie_hellman_group_names,
+ bad_group, diffie_hellman_group_names, this->dh_group);
+
+ if (this->old_sa == NULL)
+ { /* reset the IKE_SA if we are not rekeying */
+ this->ike_sa->reset(this->ike_sa);
}
- this->ike_sa->reset(this->ike_sa);
-
iterator->destroy(iterator);
return NEED_MORE;
}
@@ -470,9 +449,9 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
return FAILED;
}
- if (this->diffie_hellman == NULL ||
- this->diffie_hellman->get_shared_secret(this->diffie_hellman,
- &secret) != SUCCESS)
+ if (this->dh == NULL ||
+ !this->proposal->has_dh_group(this->proposal, this->dh_group) ||
+ this->dh->get_shared_secret(this->dh, &secret) != SUCCESS)
{
SIG(IKE_UP_FAILED, "peers DH group selection invalid");
return FAILED;
@@ -539,12 +518,12 @@ static chunk_t get_lower_nonce(private_ike_init_t *this)
static void migrate(private_ike_init_t *this, ike_sa_t *ike_sa)
{
DESTROY_IF(this->proposal);
- DESTROY_IF(this->diffie_hellman);
+ DESTROY_IF(this->dh);
chunk_free(&this->other_nonce);
this->ike_sa = ike_sa;
this->proposal = NULL;
- this->diffie_hellman = diffie_hellman_create(this->dh_group);
+ this->dh = diffie_hellman_create(this->dh_group);
}
/**
@@ -553,7 +532,7 @@ static void migrate(private_ike_init_t *this, ike_sa_t *ike_sa)
static void destroy(private_ike_init_t *this)
{
DESTROY_IF(this->proposal);
- DESTROY_IF(this->diffie_hellman);
+ DESTROY_IF(this->dh);
chunk_free(&this->my_nonce);
chunk_free(&this->other_nonce);
chunk_free(&this->cookie);
@@ -585,12 +564,12 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa)
this->ike_sa = ike_sa;
this->initiator = initiator;
this->dh_group = MODP_NONE;
- this->diffie_hellman = NULL;
+ this->dh = NULL;
this->my_nonce = chunk_empty;
this->other_nonce = chunk_empty;
this->cookie = chunk_empty;
this->proposal = NULL;
- this->connection = NULL;
+ this->config = NULL;
this->old_sa = old_sa;
this->retry = 0;
diff --git a/src/charon/sa/tasks/ike_rekey.c b/src/charon/sa/tasks/ike_rekey.c
index a33e7ee34..d54fc3524 100644
--- a/src/charon/sa/tasks/ike_rekey.c
+++ b/src/charon/sa/tasks/ike_rekey.c
@@ -26,8 +26,8 @@
#include <daemon.h>
#include <encoding/payloads/notify_payload.h>
#include <sa/tasks/ike_init.h>
-#include <queues/jobs/delete_ike_sa_job.h>
-#include <queues/jobs/rekey_ike_sa_job.h>
+#include <processing/jobs/delete_ike_sa_job.h>
+#include <processing/jobs/rekey_ike_sa_job.h>
typedef struct private_ike_rekey_t private_ike_rekey_t;
@@ -73,21 +73,20 @@ struct private_ike_rekey_t {
*/
static status_t build_i(private_ike_rekey_t *this, message_t *message)
{
- connection_t *connection;
- policy_t *policy;
+ peer_cfg_t *peer_cfg;
- this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
- TRUE);
-
- connection = this->ike_sa->get_connection(this->ike_sa);
- policy = this->ike_sa->get_policy(this->ike_sa);
- this->new_sa->set_connection(this->new_sa, connection);
- this->new_sa->set_policy(this->new_sa, policy);
-
- this->ike_init = ike_init_create(this->new_sa, TRUE, this->ike_sa);
+ /* create new SA only on first try */
+ if (this->new_sa == NULL)
+ {
+ this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
+ TRUE);
+
+ peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+ this->new_sa->set_peer_cfg(this->new_sa, peer_cfg);
+ this->ike_init = ike_init_create(this->new_sa, TRUE, this->ike_sa);
+ this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
+ }
this->ike_init->task.build(&this->ike_init->task, message);
-
- this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
return NEED_MORE;
}
@@ -97,8 +96,7 @@ static status_t build_i(private_ike_rekey_t *this, message_t *message)
*/
static status_t process_r(private_ike_rekey_t *this, message_t *message)
{
- connection_t *connection;
- policy_t *policy;
+ peer_cfg_t *peer_cfg;
iterator_t *iterator;
child_sa_t *child_sa;
@@ -129,11 +127,8 @@ static status_t process_r(private_ike_rekey_t *this, message_t *message)
this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
FALSE);
- connection = this->ike_sa->get_connection(this->ike_sa);
- policy = this->ike_sa->get_policy(this->ike_sa);
- this->new_sa->set_connection(this->new_sa, connection);
- this->new_sa->set_policy(this->new_sa, policy);
-
+ peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+ this->new_sa->set_peer_cfg(this->new_sa, peer_cfg);
this->ike_init = ike_init_create(this->new_sa, FALSE, this->ike_sa);
this->ike_init->task.process(&this->ike_init->task, message);
@@ -171,23 +166,29 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message)
job_t *job;
ike_sa_id_t *to_delete;
- if (this->ike_init->task.process(&this->ike_init->task, message) == FAILED)
+ switch (this->ike_init->task.process(&this->ike_init->task, message))
{
- /* rekeying failed, fallback to old SA */
- if (!(this->collision &&
- this->collision->get_type(this->collision) == IKE_DELETE))
- {
- job_t *job;
- u_int32_t retry = charon->configuration->get_retry_interval(
- charon->configuration);
- job = (job_t*)rekey_ike_sa_job_create(
- this->ike_sa->get_id(this->ike_sa), FALSE);
- DBG1(DBG_IKE, "IKE_SA rekeying failed, "
- "trying again in %d seconds", retry);
- this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
- charon->event_queue->add_relative(charon->event_queue, job, retry * 1000);
- }
- return SUCCESS;
+ case FAILED:
+ /* rekeying failed, fallback to old SA */
+ if (!(this->collision &&
+ this->collision->get_type(this->collision) == IKE_DELETE))
+ {
+ job_t *job;
+ u_int32_t retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
+ job = (job_t*)rekey_ike_sa_job_create(
+ this->ike_sa->get_id(this->ike_sa), FALSE);
+ DBG1(DBG_IKE, "IKE_SA rekeying failed, "
+ "trying again in %d seconds", retry);
+ this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
+ charon->event_queue->add_relative(charon->event_queue, job, retry * 1000);
+ }
+ return SUCCESS;
+ case NEED_MORE:
+ /* bad dh group, try again */
+ this->ike_init->task.migrate(&this->ike_init->task, this->new_sa);
+ return NEED_MORE;
+ default:
+ break;
}
this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED);
diff --git a/src/charon/threads/stroke_interface.c b/src/charon/threads/stroke_interface.c
deleted file mode 100755
index a9074debb..000000000
--- a/src/charon/threads/stroke_interface.c
+++ /dev/null
@@ -1,1456 +0,0 @@
-/**
- * @file stroke.c
- *
- * @brief Implementation of stroke_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/fcntl.h>
-#include <unistd.h>
-#include <dirent.h>
-#include <errno.h>
-#include <pthread.h>
-#include <signal.h>
-
-#include "stroke_interface.h"
-
-#include <library.h>
-#include <stroke.h>
-#include <daemon.h>
-#include <crypto/x509.h>
-#include <crypto/ca.h>
-#include <crypto/crl.h>
-#include <queues/jobs/initiate_job.h>
-#include <queues/jobs/route_job.h>
-#include <utils/leak_detective.h>
-
-#define IKE_PORT 500
-#define PATH_BUF 256
-
-
-struct sockaddr_un socket_addr = { AF_UNIX, STROKE_SOCKET};
-
-
-typedef struct private_stroke_t private_stroke_t;
-
-/**
- * Private data of an stroke_t object.
- */
-struct private_stroke_t {
-
- /**
- * Public part of stroke_t object.
- */
- stroke_t public;
-
- /**
- * Output stream (stroke console)
- */
- FILE *out;
-
- /**
- * Unix socket to listen for strokes
- */
- int socket;
-
- /**
- * Thread which reads from the Socket
- */
- pthread_t assigned_thread;
-};
-
-/**
- * Helper function which corrects the string pointers
- * in a stroke_msg_t. Strings in a stroke_msg sent over "wire"
- * contains RELATIVE addresses (relative to the beginning of the
- * stroke_msg). They must be corrected if they reach our address
- * space...
- */
-static void pop_string(stroke_msg_t *msg, char **string)
-{
- if (*string == NULL)
- return;
-
- /* check for sanity of string pointer and string */
- if (string < (char**)msg
- || string > (char**)msg + sizeof(stroke_msg_t)
- || (unsigned long)*string < (unsigned long)((char*)msg->buffer - (char*)msg)
- || (unsigned long)*string > msg->length)
- {
- *string = "(invalid pointer in stroke msg)";
- }
- else
- {
- *string = (char*)msg + (unsigned long)*string;
- }
-}
-
-/**
- * Load end entitity certificate
- */
-static x509_t* load_end_certificate(const char *filename, identification_t **idp)
-{
- char path[PATH_BUF];
- x509_t *cert;
-
- if (*filename == '/')
- {
- /* absolute path name */
- snprintf(path, sizeof(path), "%s", filename);
- }
- else
- {
- /* relative path name */
- snprintf(path, sizeof(path), "%s/%s", CERTIFICATE_DIR, filename);
- }
-
- cert = x509_create_from_file(path, "end entity");
-
- if (cert)
- {
- identification_t *id = *idp;
- identification_t *subject = cert->get_subject(cert);
-
- err_t ugh = cert->is_valid(cert, NULL);
-
- if (ugh != NULL)
- {
- DBG1(DBG_CFG, "warning: certificate %s", ugh);
- }
- if (!id->equals(id, subject) && !cert->equals_subjectAltName(cert, id))
- {
- id->destroy(id);
- id = subject;
- *idp = id->clone(id);
- }
- return charon->credentials->add_end_certificate(charon->credentials, cert);
- }
- return NULL;
-}
-
-/**
- * Load ca certificate
- */
-static x509_t* load_ca_certificate(const char *filename)
-{
- char path[PATH_BUF];
- x509_t *cert;
-
- if (*filename == '/')
- {
- /* absolute path name */
- snprintf(path, sizeof(path), "%s", filename);
- }
- else
- {
- /* relative path name */
- snprintf(path, sizeof(path), "%s/%s", CA_CERTIFICATE_DIR, filename);
- }
-
- cert = x509_create_from_file(path, "ca");
-
- if (cert)
- {
- if (cert->is_ca(cert))
- {
- return charon->credentials->add_auth_certificate(charon->credentials, cert, AUTH_CA);
- }
- else
- {
- DBG1(DBG_CFG, " CA basic constraints flag not set, cert discarded");
- cert->destroy(cert);
- }
- }
- return NULL;
-}
-
-/**
- * Add a connection to the configuration list
- */
-static void stroke_add_conn(stroke_msg_t *msg, FILE *out)
-{
- connection_t *connection;
- policy_t *policy;
- identification_t *my_id, *other_id;
- identification_t *my_ca = NULL;
- identification_t *other_ca = NULL;
- bool my_ca_same = FALSE;
- bool other_ca_same =FALSE;
- host_t *my_host, *other_host, *my_subnet, *other_subnet;
- host_t *my_vip = NULL, *other_vip = NULL;
- proposal_t *proposal;
- traffic_selector_t *my_ts, *other_ts;
- char *interface;
-
- pop_string(msg, &msg->add_conn.name);
- pop_string(msg, &msg->add_conn.me.address);
- pop_string(msg, &msg->add_conn.other.address);
- pop_string(msg, &msg->add_conn.me.subnet);
- pop_string(msg, &msg->add_conn.other.subnet);
- pop_string(msg, &msg->add_conn.me.sourceip);
- pop_string(msg, &msg->add_conn.other.sourceip);
- pop_string(msg, &msg->add_conn.me.id);
- pop_string(msg, &msg->add_conn.other.id);
- pop_string(msg, &msg->add_conn.me.cert);
- pop_string(msg, &msg->add_conn.other.cert);
- pop_string(msg, &msg->add_conn.me.ca);
- pop_string(msg, &msg->add_conn.other.ca);
- pop_string(msg, &msg->add_conn.me.updown);
- pop_string(msg, &msg->add_conn.other.updown);
- pop_string(msg, &msg->add_conn.algorithms.ike);
- pop_string(msg, &msg->add_conn.algorithms.esp);
-
- DBG1(DBG_CFG, "received stroke: add connection '%s'", msg->add_conn.name);
-
- DBG2(DBG_CFG, "conn %s", msg->add_conn.name);
- DBG2(DBG_CFG, " left=%s", msg->add_conn.me.address);
- DBG2(DBG_CFG, " right=%s", msg->add_conn.other.address);
- DBG2(DBG_CFG, " leftsubnet=%s", msg->add_conn.me.subnet);
- DBG2(DBG_CFG, " rightsubnet=%s", msg->add_conn.other.subnet);
- DBG2(DBG_CFG, " leftsourceip=%s", msg->add_conn.me.sourceip);
- DBG2(DBG_CFG, " rightsourceip=%s", msg->add_conn.other.sourceip);
- DBG2(DBG_CFG, " leftid=%s", msg->add_conn.me.id);
- DBG2(DBG_CFG, " rightid=%s", msg->add_conn.other.id);
- DBG2(DBG_CFG, " leftcert=%s", msg->add_conn.me.cert);
- DBG2(DBG_CFG, " rightcert=%s", msg->add_conn.other.cert);
- DBG2(DBG_CFG, " leftca=%s", msg->add_conn.me.ca);
- DBG2(DBG_CFG, " rightca=%s", msg->add_conn.other.ca);
- DBG2(DBG_CFG, " ike=%s", msg->add_conn.algorithms.ike);
- DBG2(DBG_CFG, " esp=%s", msg->add_conn.algorithms.esp);
-
- my_host = msg->add_conn.me.address?
- host_create_from_string(msg->add_conn.me.address, IKE_PORT) : NULL;
- if (my_host == NULL)
- {
- DBG1(DBG_CFG, "invalid host: %s\n", msg->add_conn.me.address);
- return;
- }
-
- other_host = msg->add_conn.other.address ?
- host_create_from_string(msg->add_conn.other.address, IKE_PORT) : NULL;
- if (other_host == NULL)
- {
- DBG1(DBG_CFG, "invalid host: %s\n", msg->add_conn.other.address);
- my_host->destroy(my_host);
- return;
- }
-
- interface = charon->kernel_interface->get_interface(charon->kernel_interface,
- other_host);
- if (interface)
- {
- stroke_end_t tmp_end;
- host_t *tmp_host;
-
- DBG2(DBG_CFG, "left is other host, swapping ends\n");
-
- tmp_host = my_host;
- my_host = other_host;
- other_host = tmp_host;
-
- tmp_end = msg->add_conn.me;
- msg->add_conn.me = msg->add_conn.other;
- msg->add_conn.other = tmp_end;
- free(interface);
- }
- if (!interface)
- {
- interface = charon->kernel_interface->get_interface(
- charon->kernel_interface, my_host);
- if (!interface)
- {
- DBG1(DBG_CFG, "left nor right host is our side, aborting\n");
- goto destroy_hosts;
- }
- free(interface);
- }
-
- my_id = identification_create_from_string(msg->add_conn.me.id ?
- msg->add_conn.me.id : msg->add_conn.me.address);
- if (my_id == NULL)
- {
- DBG1(DBG_CFG, "invalid ID: %s\n", msg->add_conn.me.id);
- goto destroy_hosts;
- }
-
- other_id = identification_create_from_string(msg->add_conn.other.id ?
- msg->add_conn.other.id : msg->add_conn.other.address);
- if (other_id == NULL)
- {
- DBG1(DBG_CFG, "invalid ID: %s\n", msg->add_conn.other.id);
- my_id->destroy(my_id);
- goto destroy_hosts;
- }
-
- my_subnet = host_create_from_string(msg->add_conn.me.subnet ?
- msg->add_conn.me.subnet : msg->add_conn.me.address, IKE_PORT);
- if (my_subnet == NULL)
- {
- DBG1(DBG_CFG, "invalid subnet: %s\n", msg->add_conn.me.subnet);
- goto destroy_ids;
- }
-
- other_subnet = host_create_from_string(msg->add_conn.other.subnet ?
- msg->add_conn.other.subnet : msg->add_conn.other.address, IKE_PORT);
- if (other_subnet == NULL)
- {
- DBG1(DBG_CFG, "invalid subnet: %s\n", msg->add_conn.me.subnet);
- my_subnet->destroy(my_subnet);
- goto destroy_ids;
- }
-
- if (msg->add_conn.me.virtual_ip)
- {
- my_vip = host_create_from_string(msg->add_conn.me.sourceip, 0);
- }
- other_vip = host_create_from_string(msg->add_conn.other.sourceip, 0);
-
- if (msg->add_conn.me.tohost)
- {
- my_ts = traffic_selector_create_dynamic(msg->add_conn.me.protocol,
- my_host->get_family(my_host) == AF_INET ?
- TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE,
- msg->add_conn.me.port ? msg->add_conn.me.port : 0,
- msg->add_conn.me.port ? msg->add_conn.me.port : 65535);
- }
- else
- {
- my_ts = traffic_selector_create_from_subnet(my_subnet,
- msg->add_conn.me.subnet ? msg->add_conn.me.subnet_mask : 0,
- msg->add_conn.me.protocol, msg->add_conn.me.port);
- }
- my_subnet->destroy(my_subnet);
-
- if (msg->add_conn.other.tohost)
- {
- other_ts = traffic_selector_create_dynamic(msg->add_conn.other.protocol,
- other_host->get_family(other_host) == AF_INET ?
- TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE,
- msg->add_conn.other.port ? msg->add_conn.other.port : 0,
- msg->add_conn.other.port ? msg->add_conn.other.port : 65535);
- }
- else
- {
- other_ts = traffic_selector_create_from_subnet(other_subnet,
- msg->add_conn.other.subnet ? msg->add_conn.other.subnet_mask : 0,
- msg->add_conn.other.protocol, msg->add_conn.other.port);
- }
- other_subnet->destroy(other_subnet);
-
- if (msg->add_conn.me.ca)
- {
- if (streq(msg->add_conn.me.ca, "%same"))
- {
- my_ca_same = TRUE;
- }
- else
- {
- my_ca = identification_create_from_string(msg->add_conn.me.ca);
- }
- }
- if (msg->add_conn.other.ca)
- {
- if (streq(msg->add_conn.other.ca, "%same"))
- {
- other_ca_same = TRUE;
- }
- else
- {
- other_ca = identification_create_from_string(msg->add_conn.other.ca);
- }
- }
- if (msg->add_conn.me.cert)
- {
- x509_t *cert = load_end_certificate(msg->add_conn.me.cert, &my_id);
-
- if (my_ca == NULL && !my_ca_same && cert)
- {
- identification_t *issuer = cert->get_issuer(cert);
-
- my_ca = issuer->clone(issuer);
- }
- }
- if (msg->add_conn.other.cert)
- {
- x509_t *cert = load_end_certificate(msg->add_conn.other.cert, &other_id);
-
- if (other_ca == NULL && !other_ca_same && cert)
- {
- identification_t *issuer = cert->get_issuer(cert);
-
- other_ca = issuer->clone(issuer);
- }
- }
- if (other_ca_same && my_ca)
- {
- other_ca = my_ca->clone(my_ca);
- }
- else if (my_ca_same && other_ca)
- {
- my_ca = other_ca->clone(other_ca);
- }
- if (my_ca == NULL)
- {
- my_ca = identification_create_from_string("%any");
- }
- if (other_ca == NULL)
- {
- other_ca = identification_create_from_string("%any");
- }
- DBG2(DBG_CFG, " my ca: '%D'", my_ca);
- DBG2(DBG_CFG, " other ca:'%D'", other_ca);
- DBG2(DBG_CFG, " updown: '%s'", msg->add_conn.me.updown);
-
- connection = connection_create(msg->add_conn.name,
- msg->add_conn.ikev2,
- msg->add_conn.me.sendcert,
- msg->add_conn.other.sendcert,
- my_host, other_host,
- msg->add_conn.dpd.delay,
- msg->add_conn.rekey.reauth,
- msg->add_conn.rekey.tries,
- msg->add_conn.rekey.ike_lifetime,
- msg->add_conn.rekey.ike_lifetime - msg->add_conn.rekey.margin,
- msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100);
-
- if (msg->add_conn.algorithms.ike)
- {
- char *proposal_string;
- char *strict = msg->add_conn.algorithms.ike + strlen(msg->add_conn.algorithms.ike) - 1;
-
- if (*strict == '!')
- *strict = '\0';
- else
- strict = NULL;
-
- while ((proposal_string = strsep(&msg->add_conn.algorithms.ike, ",")))
- {
- proposal = proposal_create_from_string(PROTO_IKE, proposal_string);
- if (proposal == NULL)
- {
- DBG1(DBG_CFG, "invalid IKE proposal string: %s", proposal_string);
- my_id->destroy(my_id);
- other_id->destroy(other_id);
- my_ts->destroy(my_ts);
- other_ts->destroy(other_ts);
- my_ca->destroy(my_ca);
- other_ca->destroy(other_ca);
- connection->destroy(connection);
- return;
- }
- connection->add_proposal(connection, proposal);
- }
- if (!strict)
- {
- proposal = proposal_create_default(PROTO_IKE);
- connection->add_proposal(connection, proposal);
- }
- }
- else
- {
- proposal = proposal_create_default(PROTO_IKE);
- connection->add_proposal(connection, proposal);
- }
-
- policy = policy_create(msg->add_conn.name, my_id, other_id, my_vip, other_vip,
- msg->add_conn.auth_method, msg->add_conn.eap_type,
- msg->add_conn.rekey.ipsec_lifetime,
- msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin,
- msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100,
- msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
- msg->add_conn.mode, msg->add_conn.dpd.action);
- policy->add_my_traffic_selector(policy, my_ts);
- policy->add_other_traffic_selector(policy, other_ts);
- policy->add_authorities(policy, my_ca, other_ca);
-
- if (msg->add_conn.algorithms.esp)
- {
- char *proposal_string;
- char *strict = msg->add_conn.algorithms.esp + strlen(msg->add_conn.algorithms.esp) - 1;
-
- if (*strict == '!')
- *strict = '\0';
- else
- strict = NULL;
-
- while ((proposal_string = strsep(&msg->add_conn.algorithms.esp, ",")))
- {
- proposal = proposal_create_from_string(PROTO_ESP, proposal_string);
- if (proposal == NULL)
- {
- DBG1(DBG_CFG, "invalid ESP proposal string: %s", proposal_string);
- policy->destroy(policy);
- connection->destroy(connection);
- return;
- }
- policy->add_proposal(policy, proposal);
- }
- if (!strict)
- {
- proposal = proposal_create_default(PROTO_ESP);
- policy->add_proposal(policy, proposal);
- }
- }
- else
- {
- proposal = proposal_create_default(PROTO_ESP);
- policy->add_proposal(policy, proposal);
- }
-
- /* add to global connection list */
- charon->connections->add_connection(charon->connections, connection);
- DBG1(DBG_CFG, "added connection '%s': %H[%D]...%H[%D]",
- msg->add_conn.name, my_host, my_id, other_host, other_id);
- /* add to global policy list */
- charon->policies->add_policy(charon->policies, policy);
-
- return;
-
- /* mopping up after parsing errors */
-
-destroy_ids:
- my_id->destroy(my_id);
- other_id->destroy(other_id);
-
-destroy_hosts:
- my_host->destroy(my_host);
- other_host->destroy(other_host);
-}
-
-/**
- * Delete a connection from the list
- */
-static void stroke_del_conn(stroke_msg_t *msg, FILE *out)
-{
- status_t status;
-
- pop_string(msg, &(msg->del_conn.name));
- DBG1(DBG_CFG, "received stroke: delete connection '%s'", msg->del_conn.name);
-
- status = charon->connections->delete_connection(charon->connections,
- msg->del_conn.name);
- charon->policies->delete_policy(charon->policies, msg->del_conn.name);
- if (status == SUCCESS)
- {
- fprintf(out, "deleted connection '%s'\n", msg->del_conn.name);
- }
- else
- {
- fprintf(out, "no connection named '%s'\n", msg->del_conn.name);
- }
-}
-
-/**
- * initiate a connection by name
- */
-static void stroke_initiate(stroke_msg_t *msg, FILE *out)
-{
- initiate_job_t *job;
- connection_t *connection;
- policy_t *policy;
- ike_sa_t *init_ike_sa = NULL;
- signal_t signal;
-
- pop_string(msg, &(msg->initiate.name));
- DBG1(DBG_CFG, "received stroke: initiate '%s'", msg->initiate.name);
-
- connection = charon->connections->get_connection_by_name(charon->connections,
- msg->initiate.name);
- if (connection == NULL)
- {
- if (msg->output_verbosity >= 0)
- {
- fprintf(out, "no connection named '%s'\n", msg->initiate.name);
- }
- return;
- }
- if (!connection->is_ikev2(connection))
- {
- connection->destroy(connection);
- return;
- }
-
- policy = charon->policies->get_policy_by_name(charon->policies,
- msg->initiate.name);
- if (policy == NULL)
- {
- if (msg->output_verbosity >= 0)
- {
- fprintf(out, "no policy named '%s'\n", msg->initiate.name);
- }
- connection->destroy(connection);
- return;
- }
-
- job = initiate_job_create(connection, policy);
- charon->bus->set_listen_state(charon->bus, TRUE);
- charon->job_queue->add(charon->job_queue, (job_t*)job);
- while (TRUE)
- {
- level_t level;
- int thread;
- ike_sa_t *ike_sa;
- char* format;
- va_list args;
-
- signal = charon->bus->listen(charon->bus, &level, &thread, &ike_sa, &format, &args);
-
- if ((init_ike_sa == NULL || ike_sa == init_ike_sa) &&
- level <= msg->output_verbosity)
- {
- if (vfprintf(out, format, args) < 0 ||
- fprintf(out, "\n") < 0 ||
- fflush(out))
- {
- charon->bus->set_listen_state(charon->bus, FALSE);
- break;
- }
- }
-
- switch (signal)
- {
- case CHILD_UP_SUCCESS:
- case CHILD_UP_FAILED:
- case IKE_UP_FAILED:
- if (ike_sa == init_ike_sa)
- {
- charon->bus->set_listen_state(charon->bus, FALSE);
- return;
- }
- continue;
- case CHILD_UP_START:
- case IKE_UP_START:
- if (init_ike_sa == NULL)
- {
- init_ike_sa = ike_sa;
- }
- continue;
- default:
- continue;
- }
- }
-}
-
-/**
- * route/unroute a policy (install SPD entries)
- */
-static void stroke_route(stroke_msg_t *msg, FILE *out, bool route)
-{
- route_job_t *job;
- connection_t *connection;
- policy_t *policy;
-
- pop_string(msg, &(msg->route.name));
- DBG1(DBG_CFG, "received stroke: %s '%s'",
- route ? "route" : "unroute", msg->route.name);
-
- /* we wouldn't need a connection, but we only want to route policies
- * whose connections are keyexchange=ikev2. */
- connection = charon->connections->get_connection_by_name(charon->connections,
- msg->route.name);
- if (connection == NULL)
- {
- fprintf(out, "no connection named '%s'\n", msg->route.name);
- return;
- }
- if (!connection->is_ikev2(connection))
- {
- connection->destroy(connection);
- return;
- }
-
- policy = charon->policies->get_policy_by_name(charon->policies,
- msg->route.name);
- if (policy == NULL)
- {
- fprintf(out, "no policy named '%s'\n", msg->route.name);
- connection->destroy(connection);
- return;
- }
- fprintf(out, "%s policy '%s'\n",
- route ? "routing" : "unrouting", msg->route.name);
- job = route_job_create(connection, policy, route);
- charon->job_queue->add(charon->job_queue, (job_t*)job);
-}
-
-/**
- * terminate a connection by name
- */
-static void stroke_terminate(stroke_msg_t *msg, FILE *out)
-{
- char *string, *pos = NULL, *name = NULL;
- u_int32_t id = 0;
- bool child;
- int len;
- status_t status = SUCCESS;;
- ike_sa_t *ike_sa;
-
- pop_string(msg, &(msg->terminate.name));
- string = msg->terminate.name;
- DBG1(DBG_CFG, "received stroke: terminate '%s'", string);
-
- len = strlen(string);
- if (len < 1)
- {
- DBG1(DBG_CFG, "error parsing string");
- return;
- }
- switch (string[len-1])
- {
- case '}':
- child = TRUE;
- pos = strchr(string, '{');
- break;
- case ']':
- child = FALSE;
- pos = strchr(string, '[');
- break;
- default:
- name = string;
- child = FALSE;
- break;
- }
-
- if (name)
- { /* must be a single name */
- DBG1(DBG_CFG, "check out by single name '%s'", name);
- ike_sa = charon->ike_sa_manager->checkout_by_name(charon->ike_sa_manager,
- name, child);
- }
- else if (pos == string + len - 2)
- { /* must be name[] or name{} */
- string[len-2] = '\0';
- DBG1(DBG_CFG, "check out by name '%s'", string);
- ike_sa = charon->ike_sa_manager->checkout_by_name(charon->ike_sa_manager,
- string, child);
- }
- else
- { /* must be name[123] or name{23} */
- string[len-1] = '\0';
- id = atoi(pos + 1);
- if (id == 0)
- {
- DBG1(DBG_CFG, "error parsing string");
- return;
- }
- DBG1(DBG_CFG, "check out by id '%d'", id);
- ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
- id, child);
- }
- if (ike_sa == NULL)
- {
- DBG1(DBG_CFG, "no such IKE_SA found");
- return;
- }
-
- if (!child)
- {
- status = ike_sa->delete(ike_sa);
- }
- else
- {
- child_sa_t *child_sa;
- iterator_t *iterator = ike_sa->create_child_sa_iterator(ike_sa);
- while (iterator->iterate(iterator, (void**)&child_sa))
- {
- if ((id && id == child_sa->get_reqid(child_sa)) ||
- (string && streq(string, child_sa->get_name(child_sa))))
- {
- u_int32_t spi = child_sa->get_spi(child_sa, TRUE);
- protocol_id_t proto = child_sa->get_protocol(child_sa);
-
- status = ike_sa->delete_child_sa(ike_sa, proto, spi);
- break;
- }
- }
- iterator->destroy(iterator);
- }
- if (status == DESTROY_ME)
- {
- charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
- ike_sa);
- return;
- }
- charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
-}
-
-/**
- * Add a ca information record to the cainfo list
- */
-static void stroke_add_ca(stroke_msg_t *msg, FILE *out)
-{
- x509_t *cacert;
- ca_info_t *ca_info;
-
- pop_string(msg, &msg->add_ca.name);
- pop_string(msg, &msg->add_ca.cacert);
- pop_string(msg, &msg->add_ca.crluri);
- pop_string(msg, &msg->add_ca.crluri2);
- pop_string(msg, &msg->add_ca.ocspuri);
- pop_string(msg, &msg->add_ca.ocspuri2);
-
- DBG1(DBG_CFG, "received stroke: add ca '%s'", msg->add_ca.name);
-
- DBG2(DBG_CFG, "ca %s", msg->add_ca.name);
- DBG2(DBG_CFG, " cacert=%s", msg->add_ca.cacert);
- DBG2(DBG_CFG, " crluri=%s", msg->add_ca.crluri);
- DBG2(DBG_CFG, " crluri2=%s", msg->add_ca.crluri2);
- DBG2(DBG_CFG, " ocspuri=%s", msg->add_ca.ocspuri);
- DBG2(DBG_CFG, " ocspuri2=%s", msg->add_ca.ocspuri2);
-
- if (msg->add_ca.cacert == NULL)
- {
- DBG1(DBG_CFG, "missing cacert parameter\n");
- return;
- }
-
- cacert = load_ca_certificate(msg->add_ca.cacert);
-
- if (cacert == NULL)
- {
- return;
- }
- ca_info = ca_info_create(msg->add_ca.name, cacert);
-
- if (msg->add_ca.crluri)
- {
- chunk_t uri = { msg->add_ca.crluri, strlen(msg->add_ca.crluri) };
-
- ca_info->add_crluri(ca_info, uri);
- }
- if (msg->add_ca.crluri2)
- {
- chunk_t uri = { msg->add_ca.crluri2, strlen(msg->add_ca.crluri2) };
-
- ca_info->add_crluri(ca_info, uri);
- }
- if (msg->add_ca.ocspuri)
- {
- chunk_t uri = { msg->add_ca.ocspuri, strlen(msg->add_ca.ocspuri) };
-
- ca_info->add_ocspuri(ca_info, uri);
- }
- if (msg->add_ca.ocspuri2)
- {
- chunk_t uri = { msg->add_ca.ocspuri2, strlen(msg->add_ca.ocspuri2) };
-
- ca_info->add_ocspuri(ca_info, uri);
- }
- charon->credentials->add_ca_info(charon->credentials, ca_info);
- DBG1(DBG_CFG, "added ca '%s'", msg->add_ca.name);
-
-}
-
-/**
- * Delete a ca information record from the cainfo list
- */
-static void stroke_del_ca(stroke_msg_t *msg, FILE *out)
-{
- status_t status;
-
- pop_string(msg, &(msg->del_ca.name));
- DBG1(DBG_CFG, "received stroke: delete ca '%s'", msg->del_ca.name);
-
- status = charon->credentials->release_ca_info(charon->credentials,
- msg->del_ca.name);
-
- if (status == SUCCESS)
- {
- fprintf(out, "deleted ca '%s'\n", msg->del_ca.name);
- }
- else
- {
- fprintf(out, "no ca named '%s'\n", msg->del_ca.name);
- }
-}
-
-/**
- * show status of daemon
- */
-static void stroke_statusall(stroke_msg_t *msg, FILE *out)
-{
- iterator_t *iterator;
- linked_list_t *list;
- host_t *host;
- connection_t *connection;
- policy_t *policy;
- ike_sa_t *ike_sa;
- char *name = NULL;
-
- leak_detective_status(out);
-
- fprintf(out, "Performance:\n");
- fprintf(out, " worker threads: %d idle of %d,",
- charon->thread_pool->get_idle_threads(charon->thread_pool),
- charon->thread_pool->get_pool_size(charon->thread_pool));
- fprintf(out, " job queue load: %d,",
- charon->job_queue->get_count(charon->job_queue));
- fprintf(out, " scheduled events: %d\n",
- charon->event_queue->get_count(charon->event_queue));
- list = charon->kernel_interface->create_address_list(charon->kernel_interface);
-
- fprintf(out, "Listening on %d IP addresses:\n", list->get_count(list));
- while (list->remove_first(list, (void**)&host) == SUCCESS)
- {
- fprintf(out, " %H\n", host);
- host->destroy(host);
- }
- list->destroy(list);
-
- if (msg->status.name)
- {
- pop_string(msg, &(msg->status.name));
- name = msg->status.name;
- }
-
- iterator = charon->connections->create_iterator(charon->connections);
- if (iterator->get_count(iterator) > 0)
- {
- fprintf(out, "Connections:\n");
- }
- while (iterator->iterate(iterator, (void**)&connection))
- {
- if (connection->is_ikev2(connection)
- && (name == NULL || streq(name, connection->get_name(connection))))
- {
- fprintf(out, "%12s: %H...%H\n",
- connection->get_name(connection),
- connection->get_my_host(connection),
- connection->get_other_host(connection));
- }
- }
- iterator->destroy(iterator);
-
- iterator = charon->policies->create_iterator(charon->policies);
- if (iterator->get_count(iterator) > 0)
- {
- fprintf(out, "Policies:\n");
- }
- while (iterator->iterate(iterator, (void**)&policy))
- {
- if (name == NULL || streq(name, policy->get_name(policy)))
- {
- fprintf(out, "%12s: '%D'...'%D'\n",
- policy->get_name(policy),
- policy->get_my_id(policy),
- policy->get_other_id(policy));
- }
- }
- iterator->destroy(iterator);
-
- iterator = charon->ike_sa_manager->create_iterator(charon->ike_sa_manager);
- if (iterator->get_count(iterator) > 0)
- {
- fprintf(out, "Security Associations:\n");
- }
- while (iterator->iterate(iterator, (void**)&ike_sa))
- {
- bool ike_sa_printed = FALSE;
- child_sa_t *child_sa;
- iterator_t *children = ike_sa->create_child_sa_iterator(ike_sa);
-
- /* print IKE_SA */
- if (name == NULL || strncmp(name, ike_sa->get_name(ike_sa), strlen(name)) == 0)
- {
- fprintf(out, "%#K\n", ike_sa);
- ike_sa_printed = TRUE;
- }
-
- while (children->iterate(children, (void**)&child_sa))
- {
- bool child_sa_match = name == NULL ||
- strncmp(name, child_sa->get_name(child_sa), strlen(name)) == 0;
-
- /* print IKE_SA if its name differs from the CHILD_SA's name */
- if (!ike_sa_printed && child_sa_match)
- {
- fprintf(out, "%#K\n", ike_sa);
- ike_sa_printed = TRUE;
- }
-
- /* print CHILD_SA */
- if (child_sa_match)
- {
- fprintf(out, "%#P\n", child_sa);
- }
- }
- children->destroy(children);
- }
- iterator->destroy(iterator);
-}
-
-/**
- * show status of daemon
- */
-static void stroke_status(stroke_msg_t *msg, FILE *out)
-{
- iterator_t *iterator;
- ike_sa_t *ike_sa;
- char *name = NULL;
-
- if (msg->status.name)
- {
- pop_string(msg, &(msg->status.name));
- name = msg->status.name;
- }
-
- iterator = charon->ike_sa_manager->create_iterator(charon->ike_sa_manager);
- while (iterator->iterate(iterator, (void**)&ike_sa))
- {
- bool ike_sa_printed = FALSE;
- child_sa_t *child_sa;
- iterator_t *children = ike_sa->create_child_sa_iterator(ike_sa);
-
- /* print IKE_SA */
- if (name == NULL || strncmp(name, ike_sa->get_name(ike_sa), strlen(name)) == 0)
- {
- fprintf(out, "%K\n", ike_sa);
- ike_sa_printed = TRUE;
- }
-
- while (children->iterate(children, (void**)&child_sa))
- {
- bool child_sa_match = name == NULL ||
- strncmp(name, child_sa->get_name(child_sa), strlen(name)) == 0;
-
- /* print IKE_SA if its name differs from the CHILD_SA's name */
- if (!ike_sa_printed && child_sa_match)
- {
- fprintf(out, "%K\n", ike_sa);
- ike_sa_printed = TRUE;
- }
-
- /* print CHILD_SA */
- if (child_sa_match)
- {
- fprintf(out, "%P\n", child_sa);
- }
- }
- children->destroy(children);
- }
- iterator->destroy(iterator);
-}
-
-/**
- * list all authority certificates matching a specified flag
- */
-static void list_auth_certificates(u_int flag, const char *label, bool utc, FILE *out)
-{
- bool first = TRUE;
- x509_t *cert;
-
- iterator_t *iterator = charon->credentials->create_auth_cert_iterator(charon->credentials);
-
- while (iterator->iterate(iterator, (void**)&cert))
- {
- if (cert->has_authority_flag(cert, flag))
- {
- if (first)
- {
- fprintf(out, "\n");
- fprintf(out, "List of X.509 %s Certificates:\n", label);
- fprintf(out, "\n");
- first = FALSE;
- }
- fprintf(out, "%#Q\n", cert, utc);
- }
- }
- iterator->destroy(iterator);
-}
-
-/**
- * list various information
- */
-static void stroke_list(stroke_msg_t *msg, FILE *out)
-{
- iterator_t *iterator;
-
- if (msg->list.flags & LIST_CERTS)
- {
- x509_t *cert;
-
- iterator = charon->credentials->create_cert_iterator(charon->credentials);
- if (iterator->get_count(iterator))
- {
- fprintf(out, "\n");
- fprintf(out, "List of X.509 End Entity Certificates:\n");
- fprintf(out, "\n");
- }
- while (iterator->iterate(iterator, (void**)&cert))
- {
- fprintf(out, "%#Q", cert, msg->list.utc);
- if (charon->credentials->has_rsa_private_key(
- charon->credentials, cert->get_public_key(cert)))
- {
- fprintf(out, ", has private key");
- }
- fprintf(out, "\n");
-
- }
- iterator->destroy(iterator);
- }
- if (msg->list.flags & LIST_CACERTS)
- {
- list_auth_certificates(AUTH_CA, "CA", msg->list.utc, out);
- }
- if (msg->list.flags & LIST_CAINFOS)
- {
- ca_info_t *ca_info;
-
- iterator = charon->credentials->create_cainfo_iterator(charon->credentials);
- if (iterator->get_count(iterator))
- {
- fprintf(out, "\n");
- fprintf(out, "List of X.509 CA Information Records:\n");
- fprintf(out, "\n");
- }
- while (iterator->iterate(iterator, (void**)&ca_info))
- {
- fprintf(out, "%#W", ca_info, msg->list.utc);
- }
- iterator->destroy(iterator);
- }
- if (msg->list.flags & LIST_CRLS)
- {
- ca_info_t *ca_info;
- bool first = TRUE;
-
- iterator = charon->credentials->create_cainfo_iterator(charon->credentials);
-
- while (iterator->iterate(iterator, (void **)&ca_info))
- {
- if (ca_info->has_crl(ca_info))
- {
- if (first)
- {
- fprintf(out, "\n");
- fprintf(out, "List of X.509 CRLs:\n");
- fprintf(out, "\n");
- first = FALSE;
- }
- ca_info->list_crl(ca_info, out, msg->list.utc);
- }
- }
- iterator->destroy(iterator);
- }
- if (msg->list.flags & LIST_OCSPCERTS)
- {
- list_auth_certificates(AUTH_OCSP, "OCSP", msg->list.utc, out);
- }
- if (msg->list.flags & LIST_OCSP)
- {
- ca_info_t *ca_info;
- bool first = TRUE;
-
- iterator = charon->credentials->create_cainfo_iterator(charon->credentials);
-
- while (iterator->iterate(iterator, (void **)&ca_info))
- {
- if (ca_info->has_certinfos(ca_info))
- {
- if (first)
- {
- fprintf(out, "\n");
- fprintf(out, "List of OCSP responses:\n");
- first = FALSE;
- }
- fprintf(out, "\n");
- ca_info->list_certinfos(ca_info, out, msg->list.utc);
- }
- }
- iterator->destroy(iterator);
- }
-}
-
-/**
- * reread various information
- */
-static void stroke_reread(stroke_msg_t *msg, FILE *out)
-{
- if (msg->reread.flags & REREAD_CACERTS)
- {
- charon->credentials->load_ca_certificates(charon->credentials);
- }
- if (msg->reread.flags & REREAD_OCSPCERTS)
- {
- charon->credentials->load_ocsp_certificates(charon->credentials);
- }
- if (msg->reread.flags & REREAD_CRLS)
- {
- charon->credentials->load_crls(charon->credentials);
- }
-}
-
-/**
- * purge various information
- */
-static void stroke_purge(stroke_msg_t *msg, FILE *out)
-{
- if (msg->purge.flags & PURGE_OCSP)
- {
- iterator_t *iterator = charon->credentials->create_cainfo_iterator(charon->credentials);
- ca_info_t *ca_info;
-
- while (iterator->iterate(iterator, (void**)&ca_info))
- {
- ca_info->purge_ocsp(ca_info);
- }
- iterator->destroy(iterator);
- }
-}
-
-signal_t get_signal_from_logtype(char *type)
-{
- if (strcasecmp(type, "any") == 0) return SIG_ANY;
- else if (strcasecmp(type, "mgr") == 0) return DBG_MGR;
- else if (strcasecmp(type, "ike") == 0) return DBG_IKE;
- else if (strcasecmp(type, "chd") == 0) return DBG_CHD;
- else if (strcasecmp(type, "job") == 0) return DBG_JOB;
- else if (strcasecmp(type, "cfg") == 0) return DBG_CFG;
- else if (strcasecmp(type, "knl") == 0) return DBG_KNL;
- else if (strcasecmp(type, "net") == 0) return DBG_NET;
- else if (strcasecmp(type, "enc") == 0) return DBG_ENC;
- else if (strcasecmp(type, "lib") == 0) return DBG_LIB;
- else return -1;
-}
-
-/**
- * set the verbosity debug output
- */
-static void stroke_loglevel(stroke_msg_t *msg, FILE *out)
-{
- signal_t signal;
-
- pop_string(msg, &(msg->loglevel.type));
- DBG1(DBG_CFG, "received stroke: loglevel %d for %s",
- msg->loglevel.level, msg->loglevel.type);
-
- signal = get_signal_from_logtype(msg->loglevel.type);
- if (signal < 0)
- {
- fprintf(out, "invalid type (%s)!\n", msg->loglevel.type);
- return;
- }
-
- charon->outlog->set_level(charon->outlog, signal, msg->loglevel.level);
- charon->syslog->set_level(charon->syslog, signal, msg->loglevel.level);
-}
-
-/**
- * process a stroke request from the socket pointed by "fd"
- */
-static void stroke_process(int *fd)
-{
- stroke_msg_t *msg;
- u_int16_t msg_length;
- ssize_t bytes_read;
- FILE *out;
- int strokefd = *fd;
-
- /* peek the length */
- bytes_read = recv(strokefd, &msg_length, sizeof(msg_length), MSG_PEEK);
- if (bytes_read != sizeof(msg_length))
- {
- DBG1(DBG_CFG, "reading length of stroke message failed");
- close(strokefd);
- return;
- }
-
- /* read message */
- msg = malloc(msg_length);
- bytes_read = recv(strokefd, msg, msg_length, 0);
- if (bytes_read != msg_length)
- {
- DBG1(DBG_CFG, "reading stroke message failed: %m");
- close(strokefd);
- return;
- }
-
- out = fdopen(dup(strokefd), "w");
- if (out == NULL)
- {
- DBG1(DBG_CFG, "opening stroke output channel failed: %m");
- close(strokefd);
- free(msg);
- return;
- }
-
- DBG3(DBG_CFG, "stroke message %b", (void*)msg, msg_length);
-
- switch (msg->type)
- {
- case STR_INITIATE:
- stroke_initiate(msg, out);
- break;
- case STR_ROUTE:
- stroke_route(msg, out, TRUE);
- break;
- case STR_UNROUTE:
- stroke_route(msg, out, FALSE);
- break;
- case STR_TERMINATE:
- stroke_terminate(msg, out);
- break;
- case STR_STATUS:
- stroke_status(msg, out);
- break;
- case STR_STATUS_ALL:
- stroke_statusall(msg, out);
- break;
- case STR_ADD_CONN:
- stroke_add_conn(msg, out);
- break;
- case STR_DEL_CONN:
- stroke_del_conn(msg, out);
- break;
- case STR_ADD_CA:
- stroke_add_ca(msg, out);
- break;
- case STR_DEL_CA:
- stroke_del_ca(msg, out);
- break;
- case STR_LOGLEVEL:
- stroke_loglevel(msg, out);
- break;
- case STR_LIST:
- stroke_list(msg, out);
- break;
- case STR_REREAD:
- stroke_reread(msg, out);
- break;
- case STR_PURGE:
- stroke_purge(msg, out);
- break;
- default:
- DBG1(DBG_CFG, "received unknown stroke");
- }
- fclose(out);
- close(strokefd);
- free(msg);
-}
-
-/**
- * Implementation of private_stroke_t.stroke_receive.
- */
-static void stroke_receive(private_stroke_t *this)
-{
- struct sockaddr_un strokeaddr;
- int strokeaddrlen = sizeof(strokeaddr);
- int strokefd;
- int oldstate;
- pthread_t thread;
-
- /* ignore sigpipe. writing over the pipe back to the console
- * only fails if SIGPIPE is ignored. */
- signal(SIGPIPE, SIG_IGN);
-
- /* disable cancellation by default */
- pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
-
- while (TRUE)
- {
- /* wait for connections, but allow thread to terminate */
- pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
- strokefd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen);
- pthread_setcancelstate(oldstate, NULL);
-
- if (strokefd < 0)
- {
- DBG1(DBG_CFG, "accepting stroke connection failed: %m");
- continue;
- }
-
- /* handle request asynchronously */
- if (pthread_create(&thread, NULL, (void*(*)(void*))stroke_process, (void*)&strokefd) != 0)
- {
- DBG1(DBG_CFG, "failed to spawn stroke thread: %m");
- }
- /* detach so the thread terminates cleanly */
- pthread_detach(thread);
- }
-}
-
-/**
- * Implementation of stroke_t.destroy.
- */
-static void destroy(private_stroke_t *this)
-{
- pthread_cancel(this->assigned_thread);
- pthread_join(this->assigned_thread, NULL);
-
- close(this->socket);
- unlink(socket_addr.sun_path);
- free(this);
-}
-
-/*
- * Described in header-file
- */
-stroke_t *stroke_create()
-{
- private_stroke_t *this = malloc_thing(private_stroke_t);
- mode_t old;
-
- /* public functions */
- this->public.destroy = (void (*)(stroke_t*))destroy;
-
- /* set up unix socket */
- this->socket = socket(AF_UNIX, SOCK_STREAM, 0);
- if (this->socket == -1)
- {
- DBG1(DBG_CFG, "could not create whack socket");
- free(this);
- return NULL;
- }
-
- old = umask(~S_IRWXU);
- if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0)
- {
- DBG1(DBG_CFG, "could not bind stroke socket: %m");
- close(this->socket);
- free(this);
- return NULL;
- }
- umask(old);
-
- if (listen(this->socket, 0) < 0)
- {
- DBG1(DBG_CFG, "could not listen on stroke socket: %m");
- close(this->socket);
- unlink(socket_addr.sun_path);
- free(this);
- return NULL;
- }
-
- /* start a thread reading from the socket */
- if (pthread_create(&(this->assigned_thread), NULL, (void*(*)(void*))stroke_receive, this) != 0)
- {
- DBG1(DBG_CFG, "could not spawn stroke thread");
- close(this->socket);
- unlink(socket_addr.sun_path);
- free(this);
- return NULL;
- }
-
- return (&this->public);
-}
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
new file mode 100644
index 000000000..c7e9ca9ff
--- /dev/null
+++ b/src/include/Makefile.am
@@ -0,0 +1,2 @@
+EXTRA_DIST = linux/ipsec.h linux/netlink.h linux/rtnetlink.h \
+ linux/pfkeyv2.h linux/udp.h linux/xfrm.h
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
new file mode 100644
index 000000000..68477343f
--- /dev/null
+++ b/src/include/Makefile.in
@@ -0,0 +1,358 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ../..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/include
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+SOURCES =
+DIST_SOURCES =
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BUILD_EAP_SIM_FALSE = @BUILD_EAP_SIM_FALSE@
+BUILD_EAP_SIM_TRUE = @BUILD_EAP_SIM_TRUE@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_CISCO_QUIRKS_FALSE = @USE_CISCO_QUIRKS_FALSE@
+USE_CISCO_QUIRKS_TRUE = @USE_CISCO_QUIRKS_TRUE@
+USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
+USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
+USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
+USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
+USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
+USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
+USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
+USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
+USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
+USE_SMARTCARD_TRUE = @USE_SMARTCARD_TRUE@
+USE_VENDORID_FALSE = @USE_VENDORID_FALSE@
+USE_VENDORID_TRUE = @USE_VENDORID_TRUE@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+backenddir = @backenddir@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+confdir = @confdir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
+docdir = @docdir@
+dvidir = @dvidir@
+eapdir = @eapdir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+interfacedir = @interfacedir@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linuxdir = @linuxdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+EXTRA_DIST = linux/ipsec.h linux/netlink.h linux/rtnetlink.h \
+ linux/pfkeyv2.h linux/udp.h linux/xfrm.h
+
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/include/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/include/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ $(mkdir_p) $(distdir)/linux
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+ list='$(DISTFILES)'; for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+ esac; \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkdir_p) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-libtool
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-exec-am:
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-info-am
+
+.PHONY: all all-am check check-am clean clean-generic clean-libtool \
+ distclean distclean-generic distclean-libtool distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-exec install-exec-am \
+ install-info install-info-am install-man install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am \
+ uninstall-info-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/include/linux/ipsec.h b/src/include/linux/ipsec.h
new file mode 100644
index 000000000..81ac63a18
--- /dev/null
+++ b/src/include/linux/ipsec.h
@@ -0,0 +1,46 @@
+#ifndef _LINUX_IPSEC_H
+#define _LINUX_IPSEC_H
+
+/* The definitions, required to talk to KAME racoon IKE. */
+
+#include "pfkeyv2.h"
+
+#define IPSEC_PORT_ANY 0
+#define IPSEC_ULPROTO_ANY 255
+#define IPSEC_PROTO_ANY 255
+
+enum {
+ IPSEC_MODE_ANY = 0, /* We do not support this for SA */
+ IPSEC_MODE_TRANSPORT = 1,
+ IPSEC_MODE_TUNNEL = 2
+};
+
+enum {
+ IPSEC_DIR_ANY = 0,
+ IPSEC_DIR_INBOUND = 1,
+ IPSEC_DIR_OUTBOUND = 2,
+ IPSEC_DIR_FWD = 3, /* It is our own */
+ IPSEC_DIR_MAX = 4,
+ IPSEC_DIR_INVALID = 5
+};
+
+enum {
+ IPSEC_POLICY_DISCARD = 0,
+ IPSEC_POLICY_NONE = 1,
+ IPSEC_POLICY_IPSEC = 2,
+ IPSEC_POLICY_ENTRUST = 3,
+ IPSEC_POLICY_BYPASS = 4
+};
+
+enum {
+ IPSEC_LEVEL_DEFAULT = 0,
+ IPSEC_LEVEL_USE = 1,
+ IPSEC_LEVEL_REQUIRE = 2,
+ IPSEC_LEVEL_UNIQUE = 3
+};
+
+#define IPSEC_MANUAL_REQID_MAX 0x3fff
+
+#define IPSEC_REPLAYWSIZE 32
+
+#endif /* _LINUX_IPSEC_H */
diff --git a/src/include/linux/netlink.h b/src/include/linux/netlink.h
new file mode 100644
index 000000000..af65dc499
--- /dev/null
+++ b/src/include/linux/netlink.h
@@ -0,0 +1,241 @@
+#ifndef __LINUX_NETLINK_H
+#define __LINUX_NETLINK_H
+
+#include <linux/socket.h> /* for sa_family_t */
+#include <linux/types.h>
+
+#define NETLINK_ROUTE 0 /* Routing/device hook */
+#define NETLINK_W1 1 /* 1-wire subsystem */
+#define NETLINK_USERSOCK 2 /* Reserved for user mode socket protocols */
+#define NETLINK_FIREWALL 3 /* Firewalling hook */
+#define NETLINK_INET_DIAG 4 /* INET socket monitoring */
+#define NETLINK_NFLOG 5 /* netfilter/iptables ULOG */
+#define NETLINK_XFRM 6 /* ipsec */
+#define NETLINK_SELINUX 7 /* SELinux event notifications */
+#define NETLINK_ISCSI 8 /* Open-iSCSI */
+#define NETLINK_AUDIT 9 /* auditing */
+#define NETLINK_FIB_LOOKUP 10
+#define NETLINK_CONNECTOR 11
+#define NETLINK_NETFILTER 12 /* netfilter subsystem */
+#define NETLINK_IP6_FW 13
+#define NETLINK_DNRTMSG 14 /* DECnet routing messages */
+#define NETLINK_KOBJECT_UEVENT 15 /* Kernel messages to userspace */
+#define NETLINK_GENERIC 16
+
+#define MAX_LINKS 32
+
+struct sockaddr_nl
+{
+ sa_family_t nl_family; /* AF_NETLINK */
+ unsigned short nl_pad; /* zero */
+ __u32 nl_pid; /* process pid */
+ __u32 nl_groups; /* multicast groups mask */
+};
+
+struct nlmsghdr
+{
+ __u32 nlmsg_len; /* Length of message including header */
+ __u16 nlmsg_type; /* Message content */
+ __u16 nlmsg_flags; /* Additional flags */
+ __u32 nlmsg_seq; /* Sequence number */
+ __u32 nlmsg_pid; /* Sending process PID */
+};
+
+/* Flags values */
+
+#define NLM_F_REQUEST 1 /* It is request message. */
+#define NLM_F_MULTI 2 /* Multipart message, terminated by NLMSG_DONE */
+#define NLM_F_ACK 4 /* Reply with ack, with zero or error code */
+#define NLM_F_ECHO 8 /* Echo this request */
+
+/* Modifiers to GET request */
+#define NLM_F_ROOT 0x100 /* specify tree root */
+#define NLM_F_MATCH 0x200 /* return all matching */
+#define NLM_F_ATOMIC 0x400 /* atomic GET */
+#define NLM_F_DUMP (NLM_F_ROOT|NLM_F_MATCH)
+
+/* Modifiers to NEW request */
+#define NLM_F_REPLACE 0x100 /* Override existing */
+#define NLM_F_EXCL 0x200 /* Do not touch, if it exists */
+#define NLM_F_CREATE 0x400 /* Create, if it does not exist */
+#define NLM_F_APPEND 0x800 /* Add to end of list */
+
+/*
+ 4.4BSD ADD NLM_F_CREATE|NLM_F_EXCL
+ 4.4BSD CHANGE NLM_F_REPLACE
+
+ True CHANGE NLM_F_CREATE|NLM_F_REPLACE
+ Append NLM_F_CREATE
+ Check NLM_F_EXCL
+ */
+
+#define NLMSG_ALIGNTO 4
+#define NLMSG_ALIGN(len) ( ((len)+NLMSG_ALIGNTO-1) & ~(NLMSG_ALIGNTO-1) )
+#define NLMSG_HDRLEN ((int) NLMSG_ALIGN(sizeof(struct nlmsghdr)))
+#define NLMSG_LENGTH(len) ((len)+NLMSG_ALIGN(NLMSG_HDRLEN))
+#define NLMSG_SPACE(len) NLMSG_ALIGN(NLMSG_LENGTH(len))
+#define NLMSG_DATA(nlh) ((void*)(((char*)nlh) + NLMSG_LENGTH(0)))
+#define NLMSG_NEXT(nlh,len) ((len) -= NLMSG_ALIGN((nlh)->nlmsg_len), \
+ (struct nlmsghdr*)(((char*)(nlh)) + NLMSG_ALIGN((nlh)->nlmsg_len)))
+#define NLMSG_OK(nlh,len) ((len) >= (int)sizeof(struct nlmsghdr) && \
+ (nlh)->nlmsg_len >= sizeof(struct nlmsghdr) && \
+ (nlh)->nlmsg_len <= (len))
+#define NLMSG_PAYLOAD(nlh,len) ((nlh)->nlmsg_len - NLMSG_SPACE((len)))
+
+#define NLMSG_NOOP 0x1 /* Nothing. */
+#define NLMSG_ERROR 0x2 /* Error */
+#define NLMSG_DONE 0x3 /* End of a dump */
+#define NLMSG_OVERRUN 0x4 /* Data lost */
+
+#define NLMSG_MIN_TYPE 0x10 /* < 0x10: reserved control messages */
+
+struct nlmsgerr
+{
+ int error;
+ struct nlmsghdr msg;
+};
+
+#define NETLINK_ADD_MEMBERSHIP 1
+#define NETLINK_DROP_MEMBERSHIP 2
+#define NETLINK_PKTINFO 3
+
+struct nl_pktinfo
+{
+ __u32 group;
+};
+
+#define NET_MAJOR 36 /* Major 36 is reserved for networking */
+
+enum {
+ NETLINK_UNCONNECTED = 0,
+ NETLINK_CONNECTED,
+};
+
+/*
+ * <------- NLA_HDRLEN ------> <-- NLA_ALIGN(payload)-->
+ * +---------------------+- - -+- - - - - - - - - -+- - -+
+ * | Header | Pad | Payload | Pad |
+ * | (struct nlattr) | ing | | ing |
+ * +---------------------+- - -+- - - - - - - - - -+- - -+
+ * <-------------- nlattr->nla_len -------------->
+ */
+
+struct nlattr
+{
+ __u16 nla_len;
+ __u16 nla_type;
+};
+
+#define NLA_ALIGNTO 4
+#define NLA_ALIGN(len) (((len) + NLA_ALIGNTO - 1) & ~(NLA_ALIGNTO - 1))
+#define NLA_HDRLEN ((int) NLA_ALIGN(sizeof(struct nlattr)))
+
+#ifdef __KERNEL__
+
+#include <linux/capability.h>
+#include <linux/skbuff.h>
+
+struct netlink_skb_parms
+{
+ struct ucred creds; /* Skb credentials */
+ __u32 pid;
+ __u32 dst_pid;
+ __u32 dst_group;
+ kernel_cap_t eff_cap;
+ __u32 loginuid; /* Login (audit) uid */
+ __u32 sid; /* SELinux security id */
+};
+
+#define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb))
+#define NETLINK_CREDS(skb) (&NETLINK_CB((skb)).creds)
+
+
+extern struct sock *netlink_kernel_create(int unit, unsigned int groups, void (*input)(struct sock *sk, int len), struct module *module);
+extern void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err);
+extern int netlink_has_listeners(struct sock *sk, unsigned int group);
+extern int netlink_unicast(struct sock *ssk, struct sk_buff *skb, __u32 pid, int nonblock);
+extern int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, __u32 pid,
+ __u32 group, gfp_t allocation);
+extern void netlink_set_err(struct sock *ssk, __u32 pid, __u32 group, int code);
+extern int netlink_register_notifier(struct notifier_block *nb);
+extern int netlink_unregister_notifier(struct notifier_block *nb);
+
+/* finegrained unicast helpers: */
+struct sock *netlink_getsockbyfilp(struct file *filp);
+int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
+ long timeo, struct sock *ssk);
+void netlink_detachskb(struct sock *sk, struct sk_buff *skb);
+int netlink_sendskb(struct sock *sk, struct sk_buff *skb, int protocol);
+
+/*
+ * skb should fit one page. This choice is good for headerless malloc.
+ */
+#define NLMSG_GOODORDER 0
+#define NLMSG_GOODSIZE (SKB_MAX_ORDER(0, NLMSG_GOODORDER))
+
+
+struct netlink_callback
+{
+ struct sk_buff *skb;
+ struct nlmsghdr *nlh;
+ int (*dump)(struct sk_buff * skb, struct netlink_callback *cb);
+ int (*done)(struct netlink_callback *cb);
+ int family;
+ long args[5];
+};
+
+struct netlink_notify
+{
+ int pid;
+ int protocol;
+};
+
+static __inline__ struct nlmsghdr *
+__nlmsg_put(struct sk_buff *skb, __u32 pid, __u32 seq, int type, int len, int flags)
+{
+ struct nlmsghdr *nlh;
+ int size = NLMSG_LENGTH(len);
+
+ nlh = (struct nlmsghdr*)skb_put(skb, NLMSG_ALIGN(size));
+ nlh->nlmsg_type = type;
+ nlh->nlmsg_len = size;
+ nlh->nlmsg_flags = flags;
+ nlh->nlmsg_pid = pid;
+ nlh->nlmsg_seq = seq;
+ memset(NLMSG_DATA(nlh) + len, 0, NLMSG_ALIGN(size) - size);
+ return nlh;
+}
+
+#define NLMSG_NEW(skb, pid, seq, type, len, flags) \
+({ if (skb_tailroom(skb) < (int)NLMSG_SPACE(len)) \
+ goto nlmsg_failure; \
+ __nlmsg_put(skb, pid, seq, type, len, flags); })
+
+#define NLMSG_PUT(skb, pid, seq, type, len) \
+ NLMSG_NEW(skb, pid, seq, type, len, 0)
+
+#define NLMSG_NEW_ANSWER(skb, cb, type, len, flags) \
+ NLMSG_NEW(skb, NETLINK_CB((cb)->skb).pid, \
+ (cb)->nlh->nlmsg_seq, type, len, flags)
+
+#define NLMSG_END(skb, nlh) \
+({ (nlh)->nlmsg_len = (skb)->tail - (unsigned char *) (nlh); \
+ (skb)->len; })
+
+#define NLMSG_CANCEL(skb, nlh) \
+({ skb_trim(skb, (unsigned char *) (nlh) - (skb)->data); \
+ -1; })
+
+extern int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
+ struct nlmsghdr *nlh,
+ int (*dump)(struct sk_buff *skb, struct netlink_callback*),
+ int (*done)(struct netlink_callback*));
+
+
+#define NL_NONROOT_RECV 0x1
+#define NL_NONROOT_SEND 0x2
+extern void netlink_set_nonroot(int protocol, unsigned flag);
+
+#endif /* __KERNEL__ */
+
+#endif /* __LINUX_NETLINK_H */
diff --git a/src/include/linux/pfkeyv2.h b/src/include/linux/pfkeyv2.h
new file mode 100644
index 000000000..bac0fb389
--- /dev/null
+++ b/src/include/linux/pfkeyv2.h
@@ -0,0 +1,348 @@
+/* PF_KEY user interface, this is defined by rfc2367 so
+ * do not make arbitrary modifications or else this header
+ * file will not be compliant.
+ */
+
+#ifndef _LINUX_PFKEY2_H
+#define _LINUX_PFKEY2_H
+
+#include <linux/types.h>
+
+#define PF_KEY_V2 2
+#define PFKEYV2_REVISION 199806L
+
+struct sadb_msg {
+ uint8_t sadb_msg_version;
+ uint8_t sadb_msg_type;
+ uint8_t sadb_msg_errno;
+ uint8_t sadb_msg_satype;
+ uint16_t sadb_msg_len;
+ uint16_t sadb_msg_reserved;
+ uint32_t sadb_msg_seq;
+ uint32_t sadb_msg_pid;
+} __attribute__((packed));
+/* sizeof(struct sadb_msg) == 16 */
+
+struct sadb_ext {
+ uint16_t sadb_ext_len;
+ uint16_t sadb_ext_type;
+} __attribute__((packed));
+/* sizeof(struct sadb_ext) == 4 */
+
+struct sadb_sa {
+ uint16_t sadb_sa_len;
+ uint16_t sadb_sa_exttype;
+ uint32_t sadb_sa_spi;
+ uint8_t sadb_sa_replay;
+ uint8_t sadb_sa_state;
+ uint8_t sadb_sa_auth;
+ uint8_t sadb_sa_encrypt;
+ uint32_t sadb_sa_flags;
+} __attribute__((packed));
+/* sizeof(struct sadb_sa) == 16 */
+
+struct sadb_lifetime {
+ uint16_t sadb_lifetime_len;
+ uint16_t sadb_lifetime_exttype;
+ uint32_t sadb_lifetime_allocations;
+ uint64_t sadb_lifetime_bytes;
+ uint64_t sadb_lifetime_addtime;
+ uint64_t sadb_lifetime_usetime;
+} __attribute__((packed));
+/* sizeof(struct sadb_lifetime) == 32 */
+
+struct sadb_address {
+ uint16_t sadb_address_len;
+ uint16_t sadb_address_exttype;
+ uint8_t sadb_address_proto;
+ uint8_t sadb_address_prefixlen;
+ uint16_t sadb_address_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_address) == 8 */
+
+struct sadb_key {
+ uint16_t sadb_key_len;
+ uint16_t sadb_key_exttype;
+ uint16_t sadb_key_bits;
+ uint16_t sadb_key_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_key) == 8 */
+
+struct sadb_ident {
+ uint16_t sadb_ident_len;
+ uint16_t sadb_ident_exttype;
+ uint16_t sadb_ident_type;
+ uint16_t sadb_ident_reserved;
+ uint64_t sadb_ident_id;
+} __attribute__((packed));
+/* sizeof(struct sadb_ident) == 16 */
+
+struct sadb_sens {
+ uint16_t sadb_sens_len;
+ uint16_t sadb_sens_exttype;
+ uint32_t sadb_sens_dpd;
+ uint8_t sadb_sens_sens_level;
+ uint8_t sadb_sens_sens_len;
+ uint8_t sadb_sens_integ_level;
+ uint8_t sadb_sens_integ_len;
+ uint32_t sadb_sens_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_sens) == 16 */
+
+/* followed by:
+ uint64_t sadb_sens_bitmap[sens_len];
+ uint64_t sadb_integ_bitmap[integ_len]; */
+
+struct sadb_prop {
+ uint16_t sadb_prop_len;
+ uint16_t sadb_prop_exttype;
+ uint8_t sadb_prop_replay;
+ uint8_t sadb_prop_reserved[3];
+} __attribute__((packed));
+/* sizeof(struct sadb_prop) == 8 */
+
+/* followed by:
+ struct sadb_comb sadb_combs[(sadb_prop_len +
+ sizeof(uint64_t) - sizeof(struct sadb_prop)) /
+ sizeof(struct sadb_comb)]; */
+
+struct sadb_comb {
+ uint8_t sadb_comb_auth;
+ uint8_t sadb_comb_encrypt;
+ uint16_t sadb_comb_flags;
+ uint16_t sadb_comb_auth_minbits;
+ uint16_t sadb_comb_auth_maxbits;
+ uint16_t sadb_comb_encrypt_minbits;
+ uint16_t sadb_comb_encrypt_maxbits;
+ uint32_t sadb_comb_reserved;
+ uint32_t sadb_comb_soft_allocations;
+ uint32_t sadb_comb_hard_allocations;
+ uint64_t sadb_comb_soft_bytes;
+ uint64_t sadb_comb_hard_bytes;
+ uint64_t sadb_comb_soft_addtime;
+ uint64_t sadb_comb_hard_addtime;
+ uint64_t sadb_comb_soft_usetime;
+ uint64_t sadb_comb_hard_usetime;
+} __attribute__((packed));
+/* sizeof(struct sadb_comb) == 72 */
+
+struct sadb_supported {
+ uint16_t sadb_supported_len;
+ uint16_t sadb_supported_exttype;
+ uint32_t sadb_supported_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_supported) == 8 */
+
+/* followed by:
+ struct sadb_alg sadb_algs[(sadb_supported_len +
+ sizeof(uint64_t) - sizeof(struct sadb_supported)) /
+ sizeof(struct sadb_alg)]; */
+
+struct sadb_alg {
+ uint8_t sadb_alg_id;
+ uint8_t sadb_alg_ivlen;
+ uint16_t sadb_alg_minbits;
+ uint16_t sadb_alg_maxbits;
+ uint16_t sadb_alg_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_alg) == 8 */
+
+struct sadb_spirange {
+ uint16_t sadb_spirange_len;
+ uint16_t sadb_spirange_exttype;
+ uint32_t sadb_spirange_min;
+ uint32_t sadb_spirange_max;
+ uint32_t sadb_spirange_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_spirange) == 16 */
+
+struct sadb_x_kmprivate {
+ uint16_t sadb_x_kmprivate_len;
+ uint16_t sadb_x_kmprivate_exttype;
+ u_int32_t sadb_x_kmprivate_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_kmprivate) == 8 */
+
+struct sadb_x_sa2 {
+ uint16_t sadb_x_sa2_len;
+ uint16_t sadb_x_sa2_exttype;
+ uint8_t sadb_x_sa2_mode;
+ uint8_t sadb_x_sa2_reserved1;
+ uint16_t sadb_x_sa2_reserved2;
+ uint32_t sadb_x_sa2_sequence;
+ uint32_t sadb_x_sa2_reqid;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_sa2) == 16 */
+
+struct sadb_x_policy {
+ uint16_t sadb_x_policy_len;
+ uint16_t sadb_x_policy_exttype;
+ uint16_t sadb_x_policy_type;
+ uint8_t sadb_x_policy_dir;
+ uint8_t sadb_x_policy_reserved;
+ uint32_t sadb_x_policy_id;
+ uint32_t sadb_x_policy_priority;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_policy) == 16 */
+
+struct sadb_x_ipsecrequest {
+ uint16_t sadb_x_ipsecrequest_len;
+ uint16_t sadb_x_ipsecrequest_proto;
+ uint8_t sadb_x_ipsecrequest_mode;
+ uint8_t sadb_x_ipsecrequest_level;
+ uint16_t sadb_x_ipsecrequest_reserved1;
+ uint32_t sadb_x_ipsecrequest_reqid;
+ uint32_t sadb_x_ipsecrequest_reserved2;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_ipsecrequest) == 16 */
+
+/* This defines the TYPE of Nat Traversal in use. Currently only one
+ * type of NAT-T is supported, draft-ietf-ipsec-udp-encaps-06
+ */
+struct sadb_x_nat_t_type {
+ uint16_t sadb_x_nat_t_type_len;
+ uint16_t sadb_x_nat_t_type_exttype;
+ uint8_t sadb_x_nat_t_type_type;
+ uint8_t sadb_x_nat_t_type_reserved[3];
+} __attribute__((packed));
+/* sizeof(struct sadb_x_nat_t_type) == 8 */
+
+/* Pass a NAT Traversal port (Source or Dest port) */
+struct sadb_x_nat_t_port {
+ uint16_t sadb_x_nat_t_port_len;
+ uint16_t sadb_x_nat_t_port_exttype;
+ uint16_t sadb_x_nat_t_port_port;
+ uint16_t sadb_x_nat_t_port_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_nat_t_port) == 8 */
+
+/* Generic LSM security context */
+struct sadb_x_sec_ctx {
+ uint16_t sadb_x_sec_len;
+ uint16_t sadb_x_sec_exttype;
+ uint8_t sadb_x_ctx_alg; /* LSMs: e.g., selinux == 1 */
+ uint8_t sadb_x_ctx_doi;
+ uint16_t sadb_x_ctx_len;
+} __attribute__((packed));
+/* sizeof(struct sadb_sec_ctx) = 8 */
+
+/* Message types */
+#define SADB_RESERVED 0
+#define SADB_GETSPI 1
+#define SADB_UPDATE 2
+#define SADB_ADD 3
+#define SADB_DELETE 4
+#define SADB_GET 5
+#define SADB_ACQUIRE 6
+#define SADB_REGISTER 7
+#define SADB_EXPIRE 8
+#define SADB_FLUSH 9
+#define SADB_DUMP 10
+#define SADB_X_PROMISC 11
+#define SADB_X_PCHANGE 12
+#define SADB_X_SPDUPDATE 13
+#define SADB_X_SPDADD 14
+#define SADB_X_SPDDELETE 15
+#define SADB_X_SPDGET 16
+#define SADB_X_SPDACQUIRE 17
+#define SADB_X_SPDDUMP 18
+#define SADB_X_SPDFLUSH 19
+#define SADB_X_SPDSETIDX 20
+#define SADB_X_SPDEXPIRE 21
+#define SADB_X_SPDDELETE2 22
+#define SADB_X_NAT_T_NEW_MAPPING 23
+#define SADB_MAX 23
+
+/* Security Association flags */
+#define SADB_SAFLAGS_PFS 1
+#define SADB_SAFLAGS_NOPMTUDISC 0x20000000
+#define SADB_SAFLAGS_DECAP_DSCP 0x40000000
+#define SADB_SAFLAGS_NOECN 0x80000000
+
+/* Security Association states */
+#define SADB_SASTATE_LARVAL 0
+#define SADB_SASTATE_MATURE 1
+#define SADB_SASTATE_DYING 2
+#define SADB_SASTATE_DEAD 3
+#define SADB_SASTATE_MAX 3
+
+/* Security Association types */
+#define SADB_SATYPE_UNSPEC 0
+#define SADB_SATYPE_AH 2
+#define SADB_SATYPE_ESP 3
+#define SADB_SATYPE_RSVP 5
+#define SADB_SATYPE_OSPFV2 6
+#define SADB_SATYPE_RIPV2 7
+#define SADB_SATYPE_MIP 8
+#define SADB_X_SATYPE_IPCOMP 9
+#define SADB_SATYPE_MAX 9
+
+/* Authentication algorithms */
+#define SADB_AALG_NONE 0
+#define SADB_AALG_MD5HMAC 2
+#define SADB_AALG_SHA1HMAC 3
+#define SADB_X_AALG_SHA2_256HMAC 5
+#define SADB_X_AALG_SHA2_384HMAC 6
+#define SADB_X_AALG_SHA2_512HMAC 7
+#define SADB_X_AALG_RIPEMD160HMAC 8
+#define SADB_X_AALG_NULL 251 /* kame */
+#define SADB_AALG_MAX 251
+
+/* Encryption algorithms */
+#define SADB_EALG_NONE 0
+#define SADB_EALG_DESCBC 2
+#define SADB_EALG_3DESCBC 3
+#define SADB_X_EALG_CASTCBC 6
+#define SADB_X_EALG_BLOWFISHCBC 7
+#define SADB_EALG_NULL 11
+#define SADB_X_EALG_AESCBC 12
+#define SADB_EALG_MAX 253 /* last EALG */
+/* private allocations should use 249-255 (RFC2407) */
+#define SADB_X_EALG_SERPENTCBC 252 /* draft-ietf-ipsec-ciph-aes-cbc-00 */
+#define SADB_X_EALG_TWOFISHCBC 253 /* draft-ietf-ipsec-ciph-aes-cbc-00 */
+
+/* Compression algorithms */
+#define SADB_X_CALG_NONE 0
+#define SADB_X_CALG_OUI 1
+#define SADB_X_CALG_DEFLATE 2
+#define SADB_X_CALG_LZS 3
+#define SADB_X_CALG_LZJH 4
+#define SADB_X_CALG_MAX 4
+
+/* Extension Header values */
+#define SADB_EXT_RESERVED 0
+#define SADB_EXT_SA 1
+#define SADB_EXT_LIFETIME_CURRENT 2
+#define SADB_EXT_LIFETIME_HARD 3
+#define SADB_EXT_LIFETIME_SOFT 4
+#define SADB_EXT_ADDRESS_SRC 5
+#define SADB_EXT_ADDRESS_DST 6
+#define SADB_EXT_ADDRESS_PROXY 7
+#define SADB_EXT_KEY_AUTH 8
+#define SADB_EXT_KEY_ENCRYPT 9
+#define SADB_EXT_IDENTITY_SRC 10
+#define SADB_EXT_IDENTITY_DST 11
+#define SADB_EXT_SENSITIVITY 12
+#define SADB_EXT_PROPOSAL 13
+#define SADB_EXT_SUPPORTED_AUTH 14
+#define SADB_EXT_SUPPORTED_ENCRYPT 15
+#define SADB_EXT_SPIRANGE 16
+#define SADB_X_EXT_KMPRIVATE 17
+#define SADB_X_EXT_POLICY 18
+#define SADB_X_EXT_SA2 19
+/* The next four entries are for setting up NAT Traversal */
+#define SADB_X_EXT_NAT_T_TYPE 20
+#define SADB_X_EXT_NAT_T_SPORT 21
+#define SADB_X_EXT_NAT_T_DPORT 22
+#define SADB_X_EXT_NAT_T_OA 23
+#define SADB_X_EXT_SEC_CTX 24
+#define SADB_EXT_MAX 24
+
+/* Identity Extension values */
+#define SADB_IDENTTYPE_RESERVED 0
+#define SADB_IDENTTYPE_PREFIX 1
+#define SADB_IDENTTYPE_FQDN 2
+#define SADB_IDENTTYPE_USERFQDN 3
+#define SADB_IDENTTYPE_MAX 3
+
+#endif /* !(_LINUX_PFKEY2_H) */
diff --git a/src/include/linux/rtnetlink.h b/src/include/linux/rtnetlink.h
new file mode 100644
index 000000000..56bf7b01c
--- /dev/null
+++ b/src/include/linux/rtnetlink.h
@@ -0,0 +1,1072 @@
+#ifndef __LINUX_RTNETLINK_H
+#define __LINUX_RTNETLINK_H
+
+#include "netlink.h"
+
+/****
+ * Routing/neighbour discovery messages.
+ ****/
+
+/* Types of messages */
+
+enum {
+ RTM_BASE = 16,
+#define RTM_BASE RTM_BASE
+
+ RTM_NEWLINK = 16,
+#define RTM_NEWLINK RTM_NEWLINK
+ RTM_DELLINK,
+#define RTM_DELLINK RTM_DELLINK
+ RTM_GETLINK,
+#define RTM_GETLINK RTM_GETLINK
+ RTM_SETLINK,
+#define RTM_SETLINK RTM_SETLINK
+
+ RTM_NEWADDR = 20,
+#define RTM_NEWADDR RTM_NEWADDR
+ RTM_DELADDR,
+#define RTM_DELADDR RTM_DELADDR
+ RTM_GETADDR,
+#define RTM_GETADDR RTM_GETADDR
+
+ RTM_NEWROUTE = 24,
+#define RTM_NEWROUTE RTM_NEWROUTE
+ RTM_DELROUTE,
+#define RTM_DELROUTE RTM_DELROUTE
+ RTM_GETROUTE,
+#define RTM_GETROUTE RTM_GETROUTE
+
+ RTM_NEWNEIGH = 28,
+#define RTM_NEWNEIGH RTM_NEWNEIGH
+ RTM_DELNEIGH,
+#define RTM_DELNEIGH RTM_DELNEIGH
+ RTM_GETNEIGH,
+#define RTM_GETNEIGH RTM_GETNEIGH
+
+ RTM_NEWRULE = 32,
+#define RTM_NEWRULE RTM_NEWRULE
+ RTM_DELRULE,
+#define RTM_DELRULE RTM_DELRULE
+ RTM_GETRULE,
+#define RTM_GETRULE RTM_GETRULE
+
+ RTM_NEWQDISC = 36,
+#define RTM_NEWQDISC RTM_NEWQDISC
+ RTM_DELQDISC,
+#define RTM_DELQDISC RTM_DELQDISC
+ RTM_GETQDISC,
+#define RTM_GETQDISC RTM_GETQDISC
+
+ RTM_NEWTCLASS = 40,
+#define RTM_NEWTCLASS RTM_NEWTCLASS
+ RTM_DELTCLASS,
+#define RTM_DELTCLASS RTM_DELTCLASS
+ RTM_GETTCLASS,
+#define RTM_GETTCLASS RTM_GETTCLASS
+
+ RTM_NEWTFILTER = 44,
+#define RTM_NEWTFILTER RTM_NEWTFILTER
+ RTM_DELTFILTER,
+#define RTM_DELTFILTER RTM_DELTFILTER
+ RTM_GETTFILTER,
+#define RTM_GETTFILTER RTM_GETTFILTER
+
+ RTM_NEWACTION = 48,
+#define RTM_NEWACTION RTM_NEWACTION
+ RTM_DELACTION,
+#define RTM_DELACTION RTM_DELACTION
+ RTM_GETACTION,
+#define RTM_GETACTION RTM_GETACTION
+
+ RTM_NEWPREFIX = 52,
+#define RTM_NEWPREFIX RTM_NEWPREFIX
+ RTM_GETPREFIX = 54,
+#define RTM_GETPREFIX RTM_GETPREFIX
+
+ RTM_GETMULTICAST = 58,
+#define RTM_GETMULTICAST RTM_GETMULTICAST
+
+ RTM_GETANYCAST = 62,
+#define RTM_GETANYCAST RTM_GETANYCAST
+
+ RTM_NEWNEIGHTBL = 64,
+#define RTM_NEWNEIGHTBL RTM_NEWNEIGHTBL
+ RTM_GETNEIGHTBL = 66,
+#define RTM_GETNEIGHTBL RTM_GETNEIGHTBL
+ RTM_SETNEIGHTBL,
+#define RTM_SETNEIGHTBL RTM_SETNEIGHTBL
+
+ __RTM_MAX,
+#define RTM_MAX (((__RTM_MAX + 3) & ~3) - 1)
+};
+
+#define RTM_NR_MSGTYPES (RTM_MAX + 1 - RTM_BASE)
+#define RTM_NR_FAMILIES (RTM_NR_MSGTYPES >> 2)
+#define RTM_FAM(cmd) (((cmd) - RTM_BASE) >> 2)
+
+/*
+ Generic structure for encapsulation of optional route information.
+ It is reminiscent of sockaddr, but with sa_family replaced
+ with attribute type.
+ */
+
+struct rtattr
+{
+ unsigned short rta_len;
+ unsigned short rta_type;
+};
+
+/* Macros to handle rtattributes */
+
+#define RTA_ALIGNTO 4
+#define RTA_ALIGN(len) ( ((len)+RTA_ALIGNTO-1) & ~(RTA_ALIGNTO-1) )
+#define RTA_OK(rta,len) ((len) >= (int)sizeof(struct rtattr) && \
+ (rta)->rta_len >= sizeof(struct rtattr) && \
+ (rta)->rta_len <= (len))
+#define RTA_NEXT(rta,attrlen) ((attrlen) -= RTA_ALIGN((rta)->rta_len), \
+ (struct rtattr*)(((char*)(rta)) + RTA_ALIGN((rta)->rta_len)))
+#define RTA_LENGTH(len) (RTA_ALIGN(sizeof(struct rtattr)) + (len))
+#define RTA_SPACE(len) RTA_ALIGN(RTA_LENGTH(len))
+#define RTA_DATA(rta) ((void*)(((char*)(rta)) + RTA_LENGTH(0)))
+#define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0))
+
+
+
+
+/******************************************************************************
+ * Definitions used in routing table administration.
+ ****/
+
+struct rtmsg
+{
+ unsigned char rtm_family;
+ unsigned char rtm_dst_len;
+ unsigned char rtm_src_len;
+ unsigned char rtm_tos;
+
+ unsigned char rtm_table; /* Routing table id */
+ unsigned char rtm_protocol; /* Routing protocol; see below */
+ unsigned char rtm_scope; /* See below */
+ unsigned char rtm_type; /* See below */
+
+ unsigned rtm_flags;
+};
+
+/* rtm_type */
+
+enum
+{
+ RTN_UNSPEC,
+ RTN_UNICAST, /* Gateway or direct route */
+ RTN_LOCAL, /* Accept locally */
+ RTN_BROADCAST, /* Accept locally as broadcast,
+ send as broadcast */
+ RTN_ANYCAST, /* Accept locally as broadcast,
+ but send as unicast */
+ RTN_MULTICAST, /* Multicast route */
+ RTN_BLACKHOLE, /* Drop */
+ RTN_UNREACHABLE, /* Destination is unreachable */
+ RTN_PROHIBIT, /* Administratively prohibited */
+ RTN_THROW, /* Not in this table */
+ RTN_NAT, /* Translate this address */
+ RTN_XRESOLVE, /* Use external resolver */
+ __RTN_MAX
+};
+
+#define RTN_MAX (__RTN_MAX - 1)
+
+
+/* rtm_protocol */
+
+#define RTPROT_UNSPEC 0
+#define RTPROT_REDIRECT 1 /* Route installed by ICMP redirects;
+ not used by current IPv4 */
+#define RTPROT_KERNEL 2 /* Route installed by kernel */
+#define RTPROT_BOOT 3 /* Route installed during boot */
+#define RTPROT_STATIC 4 /* Route installed by administrator */
+
+/* Values of protocol >= RTPROT_STATIC are not interpreted by kernel;
+ they are just passed from user and back as is.
+ It will be used by hypothetical multiple routing daemons.
+ Note that protocol values should be standardized in order to
+ avoid conflicts.
+ */
+
+#define RTPROT_GATED 8 /* Apparently, GateD */
+#define RTPROT_RA 9 /* RDISC/ND router advertisements */
+#define RTPROT_MRT 10 /* Merit MRT */
+#define RTPROT_ZEBRA 11 /* Zebra */
+#define RTPROT_BIRD 12 /* BIRD */
+#define RTPROT_DNROUTED 13 /* DECnet routing daemon */
+#define RTPROT_XORP 14 /* XORP */
+#define RTPROT_NTK 15 /* Netsukuku */
+
+/* rtm_scope
+
+ Really it is not scope, but sort of distance to the destination.
+ NOWHERE are reserved for not existing destinations, HOST is our
+ local addresses, LINK are destinations, located on directly attached
+ link and UNIVERSE is everywhere in the Universe.
+
+ Intermediate values are also possible f.e. interior routes
+ could be assigned a value between UNIVERSE and LINK.
+*/
+
+enum rt_scope_t
+{
+ RT_SCOPE_UNIVERSE=0,
+/* User defined values */
+ RT_SCOPE_SITE=200,
+ RT_SCOPE_LINK=253,
+ RT_SCOPE_HOST=254,
+ RT_SCOPE_NOWHERE=255
+};
+
+/* rtm_flags */
+
+#define RTM_F_NOTIFY 0x100 /* Notify user of route change */
+#define RTM_F_CLONED 0x200 /* This route is cloned */
+#define RTM_F_EQUALIZE 0x400 /* Multipath equalizer: NI */
+#define RTM_F_PREFIX 0x800 /* Prefix addresses */
+
+/* Reserved table identifiers */
+
+enum rt_class_t
+{
+ RT_TABLE_UNSPEC=0,
+/* User defined values */
+ RT_TABLE_DEFAULT=253,
+ RT_TABLE_MAIN=254,
+ RT_TABLE_LOCAL=255,
+ __RT_TABLE_MAX
+};
+#define RT_TABLE_MAX (__RT_TABLE_MAX - 1)
+
+
+
+/* Routing message attributes */
+
+enum rtattr_type_t
+{
+ RTA_UNSPEC,
+ RTA_DST,
+ RTA_SRC,
+ RTA_IIF,
+ RTA_OIF,
+ RTA_GATEWAY,
+ RTA_PRIORITY,
+ RTA_PREFSRC,
+ RTA_METRICS,
+ RTA_MULTIPATH,
+ RTA_PROTOINFO,
+ RTA_FLOW,
+ RTA_CACHEINFO,
+ RTA_SESSION,
+ RTA_MP_ALGO,
+ __RTA_MAX
+};
+
+#define RTA_MAX (__RTA_MAX - 1)
+
+#define RTM_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct rtmsg))))
+#define RTM_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct rtmsg))
+
+/* RTM_MULTIPATH --- array of struct rtnexthop.
+ *
+ * "struct rtnexthop" describes all necessary nexthop information,
+ * i.e. parameters of path to a destination via this nexthop.
+ *
+ * At the moment it is impossible to set different prefsrc, mtu, window
+ * and rtt for different paths from multipath.
+ */
+
+struct rtnexthop
+{
+ unsigned short rtnh_len;
+ unsigned char rtnh_flags;
+ unsigned char rtnh_hops;
+ int rtnh_ifindex;
+};
+
+/* rtnh_flags */
+
+#define RTNH_F_DEAD 1 /* Nexthop is dead (used by multipath) */
+#define RTNH_F_PERVASIVE 2 /* Do recursive gateway lookup */
+#define RTNH_F_ONLINK 4 /* Gateway is forced on link */
+
+/* Macros to handle hexthops */
+
+#define RTNH_ALIGNTO 4
+#define RTNH_ALIGN(len) ( ((len)+RTNH_ALIGNTO-1) & ~(RTNH_ALIGNTO-1) )
+#define RTNH_OK(rtnh,len) ((rtnh)->rtnh_len >= sizeof(struct rtnexthop) && \
+ ((int)(rtnh)->rtnh_len) <= (len))
+#define RTNH_NEXT(rtnh) ((struct rtnexthop*)(((char*)(rtnh)) + RTNH_ALIGN((rtnh)->rtnh_len)))
+#define RTNH_LENGTH(len) (RTNH_ALIGN(sizeof(struct rtnexthop)) + (len))
+#define RTNH_SPACE(len) RTNH_ALIGN(RTNH_LENGTH(len))
+#define RTNH_DATA(rtnh) ((struct rtattr*)(((char*)(rtnh)) + RTNH_LENGTH(0)))
+
+/* RTM_CACHEINFO */
+
+struct rta_cacheinfo
+{
+ __u32 rta_clntref;
+ __u32 rta_lastuse;
+ __s32 rta_expires;
+ __u32 rta_error;
+ __u32 rta_used;
+
+#define RTNETLINK_HAVE_PEERINFO 1
+ __u32 rta_id;
+ __u32 rta_ts;
+ __u32 rta_tsage;
+};
+
+/* RTM_METRICS --- array of struct rtattr with types of RTAX_* */
+
+enum
+{
+ RTAX_UNSPEC,
+#define RTAX_UNSPEC RTAX_UNSPEC
+ RTAX_LOCK,
+#define RTAX_LOCK RTAX_LOCK
+ RTAX_MTU,
+#define RTAX_MTU RTAX_MTU
+ RTAX_WINDOW,
+#define RTAX_WINDOW RTAX_WINDOW
+ RTAX_RTT,
+#define RTAX_RTT RTAX_RTT
+ RTAX_RTTVAR,
+#define RTAX_RTTVAR RTAX_RTTVAR
+ RTAX_SSTHRESH,
+#define RTAX_SSTHRESH RTAX_SSTHRESH
+ RTAX_CWND,
+#define RTAX_CWND RTAX_CWND
+ RTAX_ADVMSS,
+#define RTAX_ADVMSS RTAX_ADVMSS
+ RTAX_REORDERING,
+#define RTAX_REORDERING RTAX_REORDERING
+ RTAX_HOPLIMIT,
+#define RTAX_HOPLIMIT RTAX_HOPLIMIT
+ RTAX_INITCWND,
+#define RTAX_INITCWND RTAX_INITCWND
+ RTAX_FEATURES,
+#define RTAX_FEATURES RTAX_FEATURES
+ __RTAX_MAX
+};
+
+#define RTAX_MAX (__RTAX_MAX - 1)
+
+#define RTAX_FEATURE_ECN 0x00000001
+#define RTAX_FEATURE_SACK 0x00000002
+#define RTAX_FEATURE_TIMESTAMP 0x00000004
+#define RTAX_FEATURE_ALLFRAG 0x00000008
+
+struct rta_session
+{
+ __u8 proto;
+ __u8 pad1;
+ __u16 pad2;
+
+ union {
+ struct {
+ __u16 sport;
+ __u16 dport;
+ } ports;
+
+ struct {
+ __u8 type;
+ __u8 code;
+ __u16 ident;
+ } icmpt;
+
+ __u32 spi;
+ } u;
+};
+
+
+/*********************************************************
+ * Interface address.
+ ****/
+
+struct ifaddrmsg
+{
+ unsigned char ifa_family;
+ unsigned char ifa_prefixlen; /* The prefix length */
+ unsigned char ifa_flags; /* Flags */
+ unsigned char ifa_scope; /* See above */
+ int ifa_index; /* Link index */
+};
+
+enum
+{
+ IFA_UNSPEC,
+ IFA_ADDRESS,
+ IFA_LOCAL,
+ IFA_LABEL,
+ IFA_BROADCAST,
+ IFA_ANYCAST,
+ IFA_CACHEINFO,
+ IFA_MULTICAST,
+ __IFA_MAX
+};
+
+#define IFA_MAX (__IFA_MAX - 1)
+
+/* ifa_flags */
+
+#define IFA_F_SECONDARY 0x01
+#define IFA_F_TEMPORARY IFA_F_SECONDARY
+
+#define IFA_F_DEPRECATED 0x20
+#define IFA_F_TENTATIVE 0x40
+#define IFA_F_PERMANENT 0x80
+
+struct ifa_cacheinfo
+{
+ __u32 ifa_prefered;
+ __u32 ifa_valid;
+ __u32 cstamp; /* created timestamp, hundredths of seconds */
+ __u32 tstamp; /* updated timestamp, hundredths of seconds */
+};
+
+
+#define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
+#define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
+
+/*
+ Important comment:
+ IFA_ADDRESS is prefix address, rather than local interface address.
+ It makes no difference for normally configured broadcast interfaces,
+ but for point-to-point IFA_ADDRESS is DESTINATION address,
+ local address is supplied in IFA_LOCAL attribute.
+ */
+
+/**************************************************************
+ * Neighbour discovery.
+ ****/
+
+struct ndmsg
+{
+ unsigned char ndm_family;
+ unsigned char ndm_pad1;
+ unsigned short ndm_pad2;
+ int ndm_ifindex; /* Link index */
+ __u16 ndm_state;
+ __u8 ndm_flags;
+ __u8 ndm_type;
+};
+
+enum
+{
+ NDA_UNSPEC,
+ NDA_DST,
+ NDA_LLADDR,
+ NDA_CACHEINFO,
+ NDA_PROBES,
+ __NDA_MAX
+};
+
+#define NDA_MAX (__NDA_MAX - 1)
+
+#define NDA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndmsg))))
+#define NDA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndmsg))
+
+/*
+ * Neighbor Cache Entry Flags
+ */
+
+#define NTF_PROXY 0x08 /* == ATF_PUBL */
+#define NTF_ROUTER 0x80
+
+/*
+ * Neighbor Cache Entry States.
+ */
+
+#define NUD_INCOMPLETE 0x01
+#define NUD_REACHABLE 0x02
+#define NUD_STALE 0x04
+#define NUD_DELAY 0x08
+#define NUD_PROBE 0x10
+#define NUD_FAILED 0x20
+
+/* Dummy states */
+#define NUD_NOARP 0x40
+#define NUD_PERMANENT 0x80
+#define NUD_NONE 0x00
+
+
+struct nda_cacheinfo
+{
+ __u32 ndm_confirmed;
+ __u32 ndm_used;
+ __u32 ndm_updated;
+ __u32 ndm_refcnt;
+};
+
+
+/*****************************************************************
+ * Neighbour tables specific messages.
+ *
+ * To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
+ * NLM_F_DUMP flag set. Every neighbour table configuration is
+ * spread over multiple messages to avoid running into message
+ * size limits on systems with many interfaces. The first message
+ * in the sequence transports all not device specific data such as
+ * statistics, configuration, and the default parameter set.
+ * This message is followed by 0..n messages carrying device
+ * specific parameter sets.
+ * Although the ordering should be sufficient, NDTA_NAME can be
+ * used to identify sequences. The initial message can be identified
+ * by checking for NDTA_CONFIG. The device specific messages do
+ * not contain this TLV but have NDTPA_IFINDEX set to the
+ * corresponding interface index.
+ *
+ * To change neighbour table attributes, send RTM_SETNEIGHTBL
+ * with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
+ * NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
+ * otherwise. Device specific parameter sets can be changed by
+ * setting NDTPA_IFINDEX to the interface index of the corresponding
+ * device.
+ ****/
+
+struct ndt_stats
+{
+ __u64 ndts_allocs;
+ __u64 ndts_destroys;
+ __u64 ndts_hash_grows;
+ __u64 ndts_res_failed;
+ __u64 ndts_lookups;
+ __u64 ndts_hits;
+ __u64 ndts_rcv_probes_mcast;
+ __u64 ndts_rcv_probes_ucast;
+ __u64 ndts_periodic_gc_runs;
+ __u64 ndts_forced_gc_runs;
+};
+
+enum {
+ NDTPA_UNSPEC,
+ NDTPA_IFINDEX, /* __u32, unchangeable */
+ NDTPA_REFCNT, /* __u32, read-only */
+ NDTPA_REACHABLE_TIME, /* __u64, read-only, msecs */
+ NDTPA_BASE_REACHABLE_TIME, /* __u64, msecs */
+ NDTPA_RETRANS_TIME, /* __u64, msecs */
+ NDTPA_GC_STALETIME, /* __u64, msecs */
+ NDTPA_DELAY_PROBE_TIME, /* __u64, msecs */
+ NDTPA_QUEUE_LEN, /* __u32 */
+ NDTPA_APP_PROBES, /* __u32 */
+ NDTPA_UCAST_PROBES, /* __u32 */
+ NDTPA_MCAST_PROBES, /* __u32 */
+ NDTPA_ANYCAST_DELAY, /* __u64, msecs */
+ NDTPA_PROXY_DELAY, /* __u64, msecs */
+ NDTPA_PROXY_QLEN, /* __u32 */
+ NDTPA_LOCKTIME, /* __u64, msecs */
+ __NDTPA_MAX
+};
+#define NDTPA_MAX (__NDTPA_MAX - 1)
+
+struct ndtmsg
+{
+ __u8 ndtm_family;
+ __u8 ndtm_pad1;
+ __u16 ndtm_pad2;
+};
+
+struct ndt_config
+{
+ __u16 ndtc_key_len;
+ __u16 ndtc_entry_size;
+ __u32 ndtc_entries;
+ __u32 ndtc_last_flush; /* delta to now in msecs */
+ __u32 ndtc_last_rand; /* delta to now in msecs */
+ __u32 ndtc_hash_rnd;
+ __u32 ndtc_hash_mask;
+ __u32 ndtc_hash_chain_gc;
+ __u32 ndtc_proxy_qlen;
+};
+
+enum {
+ NDTA_UNSPEC,
+ NDTA_NAME, /* char *, unchangeable */
+ NDTA_THRESH1, /* __u32 */
+ NDTA_THRESH2, /* __u32 */
+ NDTA_THRESH3, /* __u32 */
+ NDTA_CONFIG, /* struct ndt_config, read-only */
+ NDTA_PARMS, /* nested TLV NDTPA_* */
+ NDTA_STATS, /* struct ndt_stats, read-only */
+ NDTA_GC_INTERVAL, /* __u64, msecs */
+ __NDTA_MAX
+};
+#define NDTA_MAX (__NDTA_MAX - 1)
+
+#define NDTA_RTA(r) ((struct rtattr*)(((char*)(r)) + \
+ NLMSG_ALIGN(sizeof(struct ndtmsg))))
+#define NDTA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndtmsg))
+
+
+/****
+ * General form of address family dependent message.
+ ****/
+
+struct rtgenmsg
+{
+ unsigned char rtgen_family;
+};
+
+/*****************************************************************
+ * Link layer specific messages.
+ ****/
+
+/* struct ifinfomsg
+ * passes link level specific information, not dependent
+ * on network protocol.
+ */
+
+struct ifinfomsg
+{
+ unsigned char ifi_family;
+ unsigned char __ifi_pad;
+ unsigned short ifi_type; /* ARPHRD_* */
+ int ifi_index; /* Link index */
+ unsigned ifi_flags; /* IFF_* flags */
+ unsigned ifi_change; /* IFF_* change mask */
+};
+
+/********************************************************************
+ * prefix information
+ ****/
+
+struct prefixmsg
+{
+ unsigned char prefix_family;
+ unsigned char prefix_pad1;
+ unsigned short prefix_pad2;
+ int prefix_ifindex;
+ unsigned char prefix_type;
+ unsigned char prefix_len;
+ unsigned char prefix_flags;
+ unsigned char prefix_pad3;
+};
+
+enum
+{
+ PREFIX_UNSPEC,
+ PREFIX_ADDRESS,
+ PREFIX_CACHEINFO,
+ __PREFIX_MAX
+};
+
+#define PREFIX_MAX (__PREFIX_MAX - 1)
+
+struct prefix_cacheinfo
+{
+ __u32 preferred_time;
+ __u32 valid_time;
+};
+
+/* The struct should be in sync with struct net_device_stats */
+struct rtnl_link_stats
+{
+ __u32 rx_packets; /* total packets received */
+ __u32 tx_packets; /* total packets transmitted */
+ __u32 rx_bytes; /* total bytes received */
+ __u32 tx_bytes; /* total bytes transmitted */
+ __u32 rx_errors; /* bad packets received */
+ __u32 tx_errors; /* packet transmit problems */
+ __u32 rx_dropped; /* no space in linux buffers */
+ __u32 tx_dropped; /* no space available in linux */
+ __u32 multicast; /* multicast packets received */
+ __u32 collisions;
+
+ /* detailed rx_errors: */
+ __u32 rx_length_errors;
+ __u32 rx_over_errors; /* receiver ring buff overflow */
+ __u32 rx_crc_errors; /* recved pkt with crc error */
+ __u32 rx_frame_errors; /* recv'd frame alignment error */
+ __u32 rx_fifo_errors; /* recv'r fifo overrun */
+ __u32 rx_missed_errors; /* receiver missed packet */
+
+ /* detailed tx_errors */
+ __u32 tx_aborted_errors;
+ __u32 tx_carrier_errors;
+ __u32 tx_fifo_errors;
+ __u32 tx_heartbeat_errors;
+ __u32 tx_window_errors;
+
+ /* for cslip etc */
+ __u32 rx_compressed;
+ __u32 tx_compressed;
+};
+
+/* The struct should be in sync with struct ifmap */
+struct rtnl_link_ifmap
+{
+ __u64 mem_start;
+ __u64 mem_end;
+ __u64 base_addr;
+ __u16 irq;
+ __u8 dma;
+ __u8 port;
+};
+
+enum
+{
+ IFLA_UNSPEC,
+ IFLA_ADDRESS,
+ IFLA_BROADCAST,
+ IFLA_IFNAME,
+ IFLA_MTU,
+ IFLA_LINK,
+ IFLA_QDISC,
+ IFLA_STATS,
+ IFLA_COST,
+#define IFLA_COST IFLA_COST
+ IFLA_PRIORITY,
+#define IFLA_PRIORITY IFLA_PRIORITY
+ IFLA_MASTER,
+#define IFLA_MASTER IFLA_MASTER
+ IFLA_WIRELESS, /* Wireless Extension event - see wireless.h */
+#define IFLA_WIRELESS IFLA_WIRELESS
+ IFLA_PROTINFO, /* Protocol specific information for a link */
+#define IFLA_PROTINFO IFLA_PROTINFO
+ IFLA_TXQLEN,
+#define IFLA_TXQLEN IFLA_TXQLEN
+ IFLA_MAP,
+#define IFLA_MAP IFLA_MAP
+ IFLA_WEIGHT,
+#define IFLA_WEIGHT IFLA_WEIGHT
+ IFLA_OPERSTATE,
+ IFLA_LINKMODE,
+ __IFLA_MAX
+};
+
+
+#define IFLA_MAX (__IFLA_MAX - 1)
+
+#define IFLA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
+#define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg))
+
+/* ifi_flags.
+
+ IFF_* flags.
+
+ The only change is:
+ IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are
+ more not changeable by user. They describe link media
+ characteristics and set by device driver.
+
+ Comments:
+ - Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid
+ - If neither of these three flags are set;
+ the interface is NBMA.
+
+ - IFF_MULTICAST does not mean anything special:
+ multicasts can be used on all not-NBMA links.
+ IFF_MULTICAST means that this media uses special encapsulation
+ for multicast frames. Apparently, all IFF_POINTOPOINT and
+ IFF_BROADCAST devices are able to use multicasts too.
+ */
+
+/* IFLA_LINK.
+ For usual devices it is equal ifi_index.
+ If it is a "virtual interface" (f.e. tunnel), ifi_link
+ can point to real physical interface (f.e. for bandwidth calculations),
+ or maybe 0, what means, that real media is unknown (usual
+ for IPIP tunnels, when route to endpoint is allowed to change)
+ */
+
+/* Subtype attributes for IFLA_PROTINFO */
+enum
+{
+ IFLA_INET6_UNSPEC,
+ IFLA_INET6_FLAGS, /* link flags */
+ IFLA_INET6_CONF, /* sysctl parameters */
+ IFLA_INET6_STATS, /* statistics */
+ IFLA_INET6_MCAST, /* MC things. What of them? */
+ IFLA_INET6_CACHEINFO, /* time values and max reasm size */
+ __IFLA_INET6_MAX
+};
+
+#define IFLA_INET6_MAX (__IFLA_INET6_MAX - 1)
+
+struct ifla_cacheinfo
+{
+ __u32 max_reasm_len;
+ __u32 tstamp; /* ipv6InterfaceTable updated timestamp */
+ __u32 reachable_time;
+ __u32 retrans_time;
+};
+
+/*****************************************************************
+ * Traffic control messages.
+ ****/
+
+struct tcmsg
+{
+ unsigned char tcm_family;
+ unsigned char tcm__pad1;
+ unsigned short tcm__pad2;
+ int tcm_ifindex;
+ __u32 tcm_handle;
+ __u32 tcm_parent;
+ __u32 tcm_info;
+};
+
+enum
+{
+ TCA_UNSPEC,
+ TCA_KIND,
+ TCA_OPTIONS,
+ TCA_STATS,
+ TCA_XSTATS,
+ TCA_RATE,
+ TCA_FCNT,
+ TCA_STATS2,
+ __TCA_MAX
+};
+
+#define TCA_MAX (__TCA_MAX - 1)
+
+#define TCA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct tcmsg))))
+#define TCA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct tcmsg))
+
+#ifndef __KERNEL__
+/* RTnetlink multicast groups - backwards compatibility for userspace */
+#define RTMGRP_LINK 1
+#define RTMGRP_NOTIFY 2
+#define RTMGRP_NEIGH 4
+#define RTMGRP_TC 8
+
+#define RTMGRP_IPV4_IFADDR 0x10
+#define RTMGRP_IPV4_MROUTE 0x20
+#define RTMGRP_IPV4_ROUTE 0x40
+#define RTMGRP_IPV4_RULE 0x80
+
+#define RTMGRP_IPV6_IFADDR 0x100
+#define RTMGRP_IPV6_MROUTE 0x200
+#define RTMGRP_IPV6_ROUTE 0x400
+#define RTMGRP_IPV6_IFINFO 0x800
+
+#define RTMGRP_DECnet_IFADDR 0x1000
+#define RTMGRP_DECnet_ROUTE 0x4000
+
+#define RTMGRP_IPV6_PREFIX 0x20000
+#endif
+
+/* RTnetlink multicast groups */
+enum rtnetlink_groups {
+ RTNLGRP_NONE,
+#define RTNLGRP_NONE RTNLGRP_NONE
+ RTNLGRP_LINK,
+#define RTNLGRP_LINK RTNLGRP_LINK
+ RTNLGRP_NOTIFY,
+#define RTNLGRP_NOTIFY RTNLGRP_NOTIFY
+ RTNLGRP_NEIGH,
+#define RTNLGRP_NEIGH RTNLGRP_NEIGH
+ RTNLGRP_TC,
+#define RTNLGRP_TC RTNLGRP_TC
+ RTNLGRP_IPV4_IFADDR,
+#define RTNLGRP_IPV4_IFADDR RTNLGRP_IPV4_IFADDR
+ RTNLGRP_IPV4_MROUTE,
+#define RTNLGRP_IPV4_MROUTE RTNLGRP_IPV4_MROUTE
+ RTNLGRP_IPV4_ROUTE,
+#define RTNLGRP_IPV4_ROUTE RTNLGRP_IPV4_ROUTE
+ RTNLGRP_IPV4_RULE,
+#define RTNLGRP_IPV4_RULE RTNLGRP_IPV4_RULE
+ RTNLGRP_IPV6_IFADDR,
+#define RTNLGRP_IPV6_IFADDR RTNLGRP_IPV6_IFADDR
+ RTNLGRP_IPV6_MROUTE,
+#define RTNLGRP_IPV6_MROUTE RTNLGRP_IPV6_MROUTE
+ RTNLGRP_IPV6_ROUTE,
+#define RTNLGRP_IPV6_ROUTE RTNLGRP_IPV6_ROUTE
+ RTNLGRP_IPV6_IFINFO,
+#define RTNLGRP_IPV6_IFINFO RTNLGRP_IPV6_IFINFO
+ RTNLGRP_DECnet_IFADDR,
+#define RTNLGRP_DECnet_IFADDR RTNLGRP_DECnet_IFADDR
+ RTNLGRP_NOP2,
+ RTNLGRP_DECnet_ROUTE,
+#define RTNLGRP_DECnet_ROUTE RTNLGRP_DECnet_ROUTE
+ RTNLGRP_NOP3,
+ RTNLGRP_NOP4,
+ RTNLGRP_IPV6_PREFIX,
+#define RTNLGRP_IPV6_PREFIX RTNLGRP_IPV6_PREFIX
+ __RTNLGRP_MAX
+};
+#define RTNLGRP_MAX (__RTNLGRP_MAX - 1)
+
+/* TC action piece */
+struct tcamsg
+{
+ unsigned char tca_family;
+ unsigned char tca__pad1;
+ unsigned short tca__pad2;
+};
+#define TA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct tcamsg))))
+#define TA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct tcamsg))
+#define TCA_ACT_TAB 1 /* attr type must be >=1 */
+#define TCAA_MAX 1
+
+/* End of information exported to user level */
+
+#ifdef __KERNEL__
+
+#include <linux/config.h>
+#include <linux/mutex.h>
+
+extern size_t rtattr_strlcpy(char *dest, const struct rtattr *rta, size_t size);
+static __inline__ int rtattr_strcmp(const struct rtattr *rta, const char *str)
+{
+ int len = strlen(str) + 1;
+ return len > rta->rta_len || memcmp(RTA_DATA(rta), str, len);
+}
+
+extern int rtattr_parse(struct rtattr *tb[], int maxattr, struct rtattr *rta, int len);
+
+#define rtattr_parse_nested(tb, max, rta) \
+ rtattr_parse((tb), (max), RTA_DATA((rta)), RTA_PAYLOAD((rta)))
+
+extern struct sock *rtnl;
+
+struct rtnetlink_link
+{
+ int (*doit)(struct sk_buff *, struct nlmsghdr*, void *attr);
+ int (*dumpit)(struct sk_buff *, struct netlink_callback *cb);
+};
+
+extern struct rtnetlink_link * rtnetlink_links[NPROTO];
+extern int rtnetlink_send(struct sk_buff *skb, __u32 pid, __u32 group, int echo);
+extern int rtnetlink_put_metrics(struct sk_buff *skb, __u32 *metrics);
+
+extern void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data);
+
+#define RTA_PUT(skb, attrtype, attrlen, data) \
+({ if (unlikely(skb_tailroom(skb) < (int)RTA_SPACE(attrlen))) \
+ goto rtattr_failure; \
+ __rta_fill(skb, attrtype, attrlen, data); })
+
+#define RTA_APPEND(skb, attrlen, data) \
+({ if (unlikely(skb_tailroom(skb) < (int)(attrlen))) \
+ goto rtattr_failure; \
+ memcpy(skb_put(skb, attrlen), data, attrlen); })
+
+#define RTA_PUT_NOHDR(skb, attrlen, data) \
+({ RTA_APPEND(skb, RTA_ALIGN(attrlen), data); \
+ memset(skb->tail - (RTA_ALIGN(attrlen) - attrlen), 0, \
+ RTA_ALIGN(attrlen) - attrlen); })
+
+#define RTA_PUT_U8(skb, attrtype, value) \
+({ __u8 _tmp = (value); \
+ RTA_PUT(skb, attrtype, sizeof(__u8), &_tmp); })
+
+#define RTA_PUT_U16(skb, attrtype, value) \
+({ __u16 _tmp = (value); \
+ RTA_PUT(skb, attrtype, sizeof(__u16), &_tmp); })
+
+#define RTA_PUT_U32(skb, attrtype, value) \
+({ __u32 _tmp = (value); \
+ RTA_PUT(skb, attrtype, sizeof(__u32), &_tmp); })
+
+#define RTA_PUT_U64(skb, attrtype, value) \
+({ __u64 _tmp = (value); \
+ RTA_PUT(skb, attrtype, sizeof(__u64), &_tmp); })
+
+#define RTA_PUT_SECS(skb, attrtype, value) \
+ RTA_PUT_U64(skb, attrtype, (value) / HZ)
+
+#define RTA_PUT_MSECS(skb, attrtype, value) \
+ RTA_PUT_U64(skb, attrtype, jiffies_to_msecs(value))
+
+#define RTA_PUT_STRING(skb, attrtype, value) \
+ RTA_PUT(skb, attrtype, strlen(value) + 1, value)
+
+#define RTA_PUT_FLAG(skb, attrtype) \
+ RTA_PUT(skb, attrtype, 0, NULL);
+
+#define RTA_NEST(skb, type) \
+({ struct rtattr *__start = (struct rtattr *) (skb)->tail; \
+ RTA_PUT(skb, type, 0, NULL); \
+ __start; })
+
+#define RTA_NEST_END(skb, start) \
+({ (start)->rta_len = ((skb)->tail - (unsigned char *) (start)); \
+ (skb)->len; })
+
+#define RTA_NEST_CANCEL(skb, start) \
+({ if (start) \
+ skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
+ -1; })
+
+#define RTA_GET_U8(rta) \
+({ if (!rta || RTA_PAYLOAD(rta) < sizeof(__u8)) \
+ goto rtattr_failure; \
+ *(__u8 *) RTA_DATA(rta); })
+
+#define RTA_GET_U16(rta) \
+({ if (!rta || RTA_PAYLOAD(rta) < sizeof(__u16)) \
+ goto rtattr_failure; \
+ *(__u16 *) RTA_DATA(rta); })
+
+#define RTA_GET_U32(rta) \
+({ if (!rta || RTA_PAYLOAD(rta) < sizeof(__u32)) \
+ goto rtattr_failure; \
+ *(__u32 *) RTA_DATA(rta); })
+
+#define RTA_GET_U64(rta) \
+({ __u64 _tmp; \
+ if (!rta || RTA_PAYLOAD(rta) < sizeof(__u64)) \
+ goto rtattr_failure; \
+ memcpy(&_tmp, RTA_DATA(rta), sizeof(_tmp)); \
+ _tmp; })
+
+#define RTA_GET_FLAG(rta) (!!(rta))
+
+#define RTA_GET_SECS(rta) ((unsigned long) RTA_GET_U64(rta) * HZ)
+#define RTA_GET_MSECS(rta) (msecs_to_jiffies((unsigned long) RTA_GET_U64(rta)))
+
+static __inline__ struct rtattr *
+__rta_reserve(struct sk_buff *skb, int attrtype, int attrlen)
+{
+ struct rtattr *rta;
+ int size = RTA_LENGTH(attrlen);
+
+ rta = (struct rtattr*)skb_put(skb, RTA_ALIGN(size));
+ rta->rta_type = attrtype;
+ rta->rta_len = size;
+ memset(RTA_DATA(rta) + attrlen, 0, RTA_ALIGN(size) - size);
+ return rta;
+}
+
+#define __RTA_PUT(skb, attrtype, attrlen) \
+({ if (unlikely(skb_tailroom(skb) < (int)RTA_SPACE(attrlen))) \
+ goto rtattr_failure; \
+ __rta_reserve(skb, attrtype, attrlen); })
+
+extern void rtmsg_ifinfo(int type, struct net_device *dev, unsigned change);
+
+/* RTNL is used as a global lock for all changes to network configuration */
+extern void rtnl_lock(void);
+extern void rtnl_unlock(void);
+extern int rtnl_trylock(void);
+
+extern void rtnetlink_init(void);
+extern void __rtnl_unlock(void);
+
+#define ASSERT_RTNL() do { \
+ if (unlikely(rtnl_trylock())) { \
+ rtnl_unlock(); \
+ printk(KERN_ERR "RTNL: assertion failed at %s (%d)\n", \
+ __FILE__, __LINE__); \
+ dump_stack(); \
+ } \
+} while(0)
+
+#define BUG_TRAP(x) do { \
+ if (unlikely(!(x))) { \
+ printk(KERN_ERR "KERNEL: assertion (%s) failed at %s (%d)\n", \
+ #x, __FILE__ , __LINE__); \
+ } \
+} while(0)
+
+#endif /* __KERNEL__ */
+
+
+#endif /* __LINUX_RTNETLINK_H */
diff --git a/src/include/linux/udp.h b/src/include/linux/udp.h
new file mode 100644
index 000000000..2ee121bd0
--- /dev/null
+++ b/src/include/linux/udp.h
@@ -0,0 +1,63 @@
+/*
+ * INET An implementation of the TCP/IP protocol suite for the LINUX
+ * operating system. INET is implemented using the BSD Socket
+ * interface as the means of communication with the user level.
+ *
+ * Definitions for the UDP protocol.
+ *
+ * Version: @(#)udp.h 1.0.2 04/28/93
+ *
+ * Author: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+#ifndef _LINUX_UDP_H
+#define _LINUX_UDP_H
+
+#include <linux/types.h>
+
+struct udphdr {
+ __u16 source;
+ __u16 dest;
+ __u16 len;
+ __u16 check;
+};
+
+/* UDP socket options */
+#define UDP_CORK 1 /* Never send partially complete segments */
+#define UDP_ENCAP 100 /* Set the socket to accept encapsulated packets */
+
+/* UDP encapsulation types */
+#define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
+#define UDP_ENCAP_ESPINUDP 2 /* draft-ietf-ipsec-udp-encaps-06 */
+
+#ifdef __KERNEL__
+#include <linux/config.h>
+#include <linux/types.h>
+
+#include <net/inet_sock.h>
+
+struct udp_sock {
+ /* inet_sock has to be the first member */
+ struct inet_sock inet;
+ int pending; /* Any pending frames ? */
+ unsigned int corkflag; /* Cork is required */
+ __u16 encap_type; /* Is this an Encapsulation socket? */
+ /*
+ * Following member retains the infomation to create a UDP header
+ * when the socket is uncorked.
+ */
+ __u16 len; /* total length of pending frames */
+};
+
+static __inline__ struct udp_sock *udp_sk(const struct sock *sk)
+{
+ return (struct udp_sock *)sk;
+}
+
+#endif
+
+#endif /* _LINUX_UDP_H */
diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h
new file mode 100644
index 000000000..6b42cc474
--- /dev/null
+++ b/src/include/linux/xfrm.h
@@ -0,0 +1,343 @@
+#ifndef _LINUX_XFRM_H
+#define _LINUX_XFRM_H
+
+#include <linux/types.h>
+
+/* All of the structures in this file may not change size as they are
+ * passed into the kernel from userspace via netlink sockets.
+ */
+
+/* Structure to encapsulate addresses. I do not want to use
+ * "standard" structure. My apologies.
+ */
+typedef union
+{
+ __u32 a4;
+ __u32 a6[4];
+} xfrm_address_t;
+
+/* Ident of a specific xfrm_state. It is used on input to lookup
+ * the state by (spi,daddr,ah/esp) or to store information about
+ * spi, protocol and tunnel address on output.
+ */
+struct xfrm_id
+{
+ xfrm_address_t daddr;
+ __u32 spi;
+ __u8 proto;
+};
+
+struct xfrm_sec_ctx {
+ __u8 ctx_doi;
+ __u8 ctx_alg;
+ __u16 ctx_len;
+ __u32 ctx_sid;
+ char ctx_str[0];
+};
+
+/* Security Context Domains of Interpretation */
+#define XFRM_SC_DOI_RESERVED 0
+#define XFRM_SC_DOI_LSM 1
+
+/* Security Context Algorithms */
+#define XFRM_SC_ALG_RESERVED 0
+#define XFRM_SC_ALG_SELINUX 1
+
+/* Selector, used as selector both on policy rules (SPD) and SAs. */
+
+struct xfrm_selector
+{
+ xfrm_address_t daddr;
+ xfrm_address_t saddr;
+ __u16 dport;
+ __u16 dport_mask;
+ __u16 sport;
+ __u16 sport_mask;
+ __u16 family;
+ __u8 prefixlen_d;
+ __u8 prefixlen_s;
+ __u8 proto;
+ int ifindex;
+ uid_t user;
+};
+
+#define XFRM_INF (~(__u64)0)
+
+struct xfrm_lifetime_cfg
+{
+ __u64 soft_byte_limit;
+ __u64 hard_byte_limit;
+ __u64 soft_packet_limit;
+ __u64 hard_packet_limit;
+ __u64 soft_add_expires_seconds;
+ __u64 hard_add_expires_seconds;
+ __u64 soft_use_expires_seconds;
+ __u64 hard_use_expires_seconds;
+};
+
+struct xfrm_lifetime_cur
+{
+ __u64 bytes;
+ __u64 packets;
+ __u64 add_time;
+ __u64 use_time;
+};
+
+struct xfrm_replay_state
+{
+ __u32 oseq;
+ __u32 seq;
+ __u32 bitmap;
+};
+
+struct xfrm_algo {
+ char alg_name[64];
+ int alg_key_len; /* in bits */
+ char alg_key[0];
+};
+
+struct xfrm_stats {
+ __u32 replay_window;
+ __u32 replay;
+ __u32 integrity_failed;
+};
+
+enum
+{
+ XFRM_POLICY_IN = 0,
+ XFRM_POLICY_OUT = 1,
+ XFRM_POLICY_FWD = 2,
+ XFRM_POLICY_MAX = 3
+};
+
+enum
+{
+ XFRM_SHARE_ANY, /* No limitations */
+ XFRM_SHARE_SESSION, /* For this session only */
+ XFRM_SHARE_USER, /* For this user only */
+ XFRM_SHARE_UNIQUE /* Use once */
+};
+
+/* Netlink configuration messages. */
+enum {
+ XFRM_MSG_BASE = 0x10,
+
+ XFRM_MSG_NEWSA = 0x10,
+#define XFRM_MSG_NEWSA XFRM_MSG_NEWSA
+ XFRM_MSG_DELSA,
+#define XFRM_MSG_DELSA XFRM_MSG_DELSA
+ XFRM_MSG_GETSA,
+#define XFRM_MSG_GETSA XFRM_MSG_GETSA
+
+ XFRM_MSG_NEWPOLICY,
+#define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY
+ XFRM_MSG_DELPOLICY,
+#define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY
+ XFRM_MSG_GETPOLICY,
+#define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY
+
+ XFRM_MSG_ALLOCSPI,
+#define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI
+ XFRM_MSG_ACQUIRE,
+#define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE
+ XFRM_MSG_EXPIRE,
+#define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE
+
+ XFRM_MSG_UPDPOLICY,
+#define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY
+ XFRM_MSG_UPDSA,
+#define XFRM_MSG_UPDSA XFRM_MSG_UPDSA
+
+ XFRM_MSG_POLEXPIRE,
+#define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE
+
+ XFRM_MSG_FLUSHSA,
+#define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA
+ XFRM_MSG_FLUSHPOLICY,
+#define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY
+
+ XFRM_MSG_NEWAE,
+#define XFRM_MSG_NEWAE XFRM_MSG_NEWAE
+ XFRM_MSG_GETAE,
+#define XFRM_MSG_GETAE XFRM_MSG_GETAE
+ __XFRM_MSG_MAX
+};
+#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1)
+
+#define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)
+
+/*
+ * Generic LSM security context for comunicating to user space
+ * NOTE: Same format as sadb_x_sec_ctx
+ */
+struct xfrm_user_sec_ctx {
+ __u16 len;
+ __u16 exttype;
+ __u8 ctx_alg; /* LSMs: e.g., selinux == 1 */
+ __u8 ctx_doi;
+ __u16 ctx_len;
+};
+
+struct xfrm_user_tmpl {
+ struct xfrm_id id;
+ __u16 family;
+ xfrm_address_t saddr;
+ __u32 reqid;
+ __u8 mode;
+ __u8 share;
+ __u8 optional;
+ __u32 aalgos;
+ __u32 ealgos;
+ __u32 calgos;
+};
+
+struct xfrm_encap_tmpl {
+ __u16 encap_type;
+ __u16 encap_sport;
+ __u16 encap_dport;
+ xfrm_address_t encap_oa;
+};
+
+/* AEVENT flags */
+enum xfrm_ae_ftype_t {
+ XFRM_AE_UNSPEC,
+ XFRM_AE_RTHR=1, /* replay threshold*/
+ XFRM_AE_RVAL=2, /* replay value */
+ XFRM_AE_LVAL=4, /* lifetime value */
+ XFRM_AE_ETHR=8, /* expiry timer threshold */
+ XFRM_AE_CR=16, /* Event cause is replay update */
+ XFRM_AE_CE=32, /* Event cause is timer expiry */
+ XFRM_AE_CU=64, /* Event cause is policy update */
+ __XFRM_AE_MAX
+
+#define XFRM_AE_MAX (__XFRM_AE_MAX - 1)
+};
+
+/* Netlink message attributes. */
+enum xfrm_attr_type_t {
+ XFRMA_UNSPEC,
+ XFRMA_ALG_AUTH, /* struct xfrm_algo */
+ XFRMA_ALG_CRYPT, /* struct xfrm_algo */
+ XFRMA_ALG_COMP, /* struct xfrm_algo */
+ XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */
+ XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */
+ XFRMA_SA,
+ XFRMA_POLICY,
+ XFRMA_SEC_CTX, /* struct xfrm_sec_ctx */
+ XFRMA_LTIME_VAL,
+ XFRMA_REPLAY_VAL,
+ XFRMA_REPLAY_THRESH,
+ XFRMA_ETIMER_THRESH,
+ __XFRMA_MAX
+
+#define XFRMA_MAX (__XFRMA_MAX - 1)
+};
+
+struct xfrm_usersa_info {
+ struct xfrm_selector sel;
+ struct xfrm_id id;
+ xfrm_address_t saddr;
+ struct xfrm_lifetime_cfg lft;
+ struct xfrm_lifetime_cur curlft;
+ struct xfrm_stats stats;
+ __u32 seq;
+ __u32 reqid;
+ __u16 family;
+ __u8 mode; /* 0=transport,1=tunnel */
+ __u8 replay_window;
+ __u8 flags;
+#define XFRM_STATE_NOECN 1
+#define XFRM_STATE_DECAP_DSCP 2
+#define XFRM_STATE_NOPMTUDISC 4
+};
+
+struct xfrm_usersa_id {
+ xfrm_address_t daddr;
+ __u32 spi;
+ __u16 family;
+ __u8 proto;
+};
+
+struct xfrm_aevent_id {
+ struct xfrm_usersa_id sa_id;
+ __u32 flags;
+};
+
+struct xfrm_userspi_info {
+ struct xfrm_usersa_info info;
+ __u32 min;
+ __u32 max;
+};
+
+struct xfrm_userpolicy_info {
+ struct xfrm_selector sel;
+ struct xfrm_lifetime_cfg lft;
+ struct xfrm_lifetime_cur curlft;
+ __u32 priority;
+ __u32 index;
+ __u8 dir;
+ __u8 action;
+#define XFRM_POLICY_ALLOW 0
+#define XFRM_POLICY_BLOCK 1
+ __u8 flags;
+#define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */
+ __u8 share;
+};
+
+struct xfrm_userpolicy_id {
+ struct xfrm_selector sel;
+ __u32 index;
+ __u8 dir;
+};
+
+struct xfrm_user_acquire {
+ struct xfrm_id id;
+ xfrm_address_t saddr;
+ struct xfrm_selector sel;
+ struct xfrm_userpolicy_info policy;
+ __u32 aalgos;
+ __u32 ealgos;
+ __u32 calgos;
+ __u32 seq;
+};
+
+struct xfrm_user_expire {
+ struct xfrm_usersa_info state;
+ __u8 hard;
+};
+
+struct xfrm_user_polexpire {
+ struct xfrm_userpolicy_info pol;
+ __u8 hard;
+};
+
+struct xfrm_usersa_flush {
+ __u8 proto;
+};
+
+#ifndef __KERNEL__
+/* backwards compatibility for userspace */
+#define XFRMGRP_ACQUIRE 1
+#define XFRMGRP_EXPIRE 2
+#define XFRMGRP_SA 4
+#define XFRMGRP_POLICY 8
+#endif
+
+enum xfrm_nlgroups {
+ XFRMNLGRP_NONE,
+#define XFRMNLGRP_NONE XFRMNLGRP_NONE
+ XFRMNLGRP_ACQUIRE,
+#define XFRMNLGRP_ACQUIRE XFRMNLGRP_ACQUIRE
+ XFRMNLGRP_EXPIRE,
+#define XFRMNLGRP_EXPIRE XFRMNLGRP_EXPIRE
+ XFRMNLGRP_SA,
+#define XFRMNLGRP_SA XFRMNLGRP_SA
+ XFRMNLGRP_POLICY,
+#define XFRMNLGRP_POLICY XFRMNLGRP_POLICY
+ XFRMNLGRP_AEVENTS,
+#define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS
+ __XFRMNLGRP_MAX
+};
+#define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1)
+
+#endif /* _LINUX_XFRM_H */
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
index eaf0e9d79..3a12ba5b9 100644
--- a/src/ipsec/Makefile.in
+++ b/src/ipsec/Makefile.in
@@ -98,6 +98,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -110,6 +111,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -120,8 +122,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -143,6 +149,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -152,6 +159,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -165,9 +174,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -182,6 +195,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
sbin_SCRIPTS = ipsec
CLEANFILES = ipsec
dist_man8_MANS = ipsec.8
diff --git a/src/ipsec/ipsec.in b/src/ipsec/ipsec.in
index bd74b6f16..067d24784 100755
--- a/src/ipsec/ipsec.in
+++ b/src/ipsec/ipsec.in
@@ -111,10 +111,8 @@ down)
fi
exit 0
;;
-listalgs|listpubkeys|listaacerts|\
-listacerts|listgroups|\listcards|\
-rereadsecrets|rereadgroups|\
-rereadaacerts|rereadacerts)
+listalgs|listpubkeys|\listcards|\
+rereadsecrets|rereadgroups)
op="$1"
shift
if test -e $IPSEC_PLUTO_PID
@@ -123,9 +121,11 @@ rereadaacerts|rereadacerts)
fi
exit 0
;;
-listcerts|listcacerts|listocspcerts|\
+listcerts|listcacerts|listaacerts|\
+listacerts|listgroups|listocspcerts|\
listcainfos|listcrls|listocsp|listall|\
-rereadcacerts|rereadocspcerts|rereadcrls|\
+rereadcacerts|rereadaacerts|rereadacerts|\
+rereadocspcerts|rereadcrls|\
rereadall|purgeocsp)
op="$1"
shift
diff --git a/src/libcrypto/Makefile.am b/src/libcrypto/Makefile.am
index 23066033d..4416c8daf 100644
--- a/src/libcrypto/Makefile.am
+++ b/src/libcrypto/Makefile.am
@@ -5,7 +5,7 @@ include/md32_common.h include/cbc_generic.h include/hmac_generic.h libblowfish/b
libblowfish/bf_pi.h libblowfish/bf_locl.h libblowfish/bf_enc.c libsha2/hmac_sha2.c libsha2/sha2.h libsha2/hmac_sha2.h \
libsha2/sha2.c libserpent/serpent_cbc.c libserpent/serpent_cbc.h libserpent/serpent.c libserpent/serpent.h \
libtwofish/twofish_cbc.h libtwofish/twofish_cbc.c libtwofish/twofish.c libtwofish/twofish.h libdes/des_enc.c \
-libdes/podd.h libdes/sk.h libdes/set_key.c libdes/speed.c libdes/fcrypt_b.c libdes/fcrypt.c libdes/destest.c \
-libdes/spr.h libdes/cbc_enc.c libdes/ecb_enc.c libdes/des_opts.c libdes/des_locl.h libdes/des_ver.h libdes/des.h
+libdes/podd.h libdes/sk.h libdes/set_key.c libdes/fcrypt_b.c libdes/fcrypt.c libdes/destest.c \
+libdes/spr.h libdes/cbc_enc.c libdes/ecb_enc.c libdes/des_locl.h libdes/des_ver.h libdes/des.h
INCLUDES = -I$(top_srcdir)/src/libcrypto/include
diff --git a/src/libcrypto/Makefile.in b/src/libcrypto/Makefile.in
index 63b7d4907..dca1b18e7 100644
--- a/src/libcrypto/Makefile.in
+++ b/src/libcrypto/Makefile.in
@@ -52,9 +52,9 @@ am_libcrypto_a_OBJECTS = aes_xcbc_mac.$(OBJEXT) aes_cbc.$(OBJEXT) \
aes.$(OBJEXT) bf_skey.$(OBJEXT) bf_enc.$(OBJEXT) \
hmac_sha2.$(OBJEXT) sha2.$(OBJEXT) serpent_cbc.$(OBJEXT) \
serpent.$(OBJEXT) twofish_cbc.$(OBJEXT) twofish.$(OBJEXT) \
- des_enc.$(OBJEXT) set_key.$(OBJEXT) speed.$(OBJEXT) \
- fcrypt_b.$(OBJEXT) fcrypt.$(OBJEXT) destest.$(OBJEXT) \
- cbc_enc.$(OBJEXT) ecb_enc.$(OBJEXT) des_opts.$(OBJEXT)
+ des_enc.$(OBJEXT) set_key.$(OBJEXT) fcrypt_b.$(OBJEXT) \
+ fcrypt.$(OBJEXT) destest.$(OBJEXT) cbc_enc.$(OBJEXT) \
+ ecb_enc.$(OBJEXT)
libcrypto_a_OBJECTS = $(am_libcrypto_a_OBJECTS)
DEFAULT_INCLUDES = -I. -I$(srcdir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
@@ -116,6 +116,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -128,6 +129,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -138,8 +140,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -161,6 +167,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -170,6 +177,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -183,9 +192,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -200,6 +213,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
noinst_LIBRARIES = libcrypto.a
libcrypto_a_SOURCES = \
libaes/aes_xcbc_mac.c libaes/aes_cbc.c libaes/aes_xcbc_mac.h libaes/aes_cbc.h libaes/aes.c libaes/aes.h \
@@ -207,8 +222,8 @@ include/md32_common.h include/cbc_generic.h include/hmac_generic.h libblowfish/b
libblowfish/bf_pi.h libblowfish/bf_locl.h libblowfish/bf_enc.c libsha2/hmac_sha2.c libsha2/sha2.h libsha2/hmac_sha2.h \
libsha2/sha2.c libserpent/serpent_cbc.c libserpent/serpent_cbc.h libserpent/serpent.c libserpent/serpent.h \
libtwofish/twofish_cbc.h libtwofish/twofish_cbc.c libtwofish/twofish.c libtwofish/twofish.h libdes/des_enc.c \
-libdes/podd.h libdes/sk.h libdes/set_key.c libdes/speed.c libdes/fcrypt_b.c libdes/fcrypt.c libdes/destest.c \
-libdes/spr.h libdes/cbc_enc.c libdes/ecb_enc.c libdes/des_opts.c libdes/des_locl.h libdes/des_ver.h libdes/des.h
+libdes/podd.h libdes/sk.h libdes/set_key.c libdes/fcrypt_b.c libdes/fcrypt.c libdes/destest.c \
+libdes/spr.h libdes/cbc_enc.c libdes/ecb_enc.c libdes/des_locl.h libdes/des_ver.h libdes/des.h
INCLUDES = -I$(top_srcdir)/src/libcrypto/include
all: all-am
@@ -265,7 +280,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bf_skey.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cbc_enc.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/des_enc.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/des_opts.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/destest.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecb_enc.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fcrypt.Po@am__quote@
@@ -275,7 +289,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/serpent_cbc.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_key.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha2.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/speed.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/twofish.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/twofish_cbc.Po@am__quote@
@@ -482,20 +495,6 @@ set_key.obj: libdes/set_key.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o set_key.obj `if test -f 'libdes/set_key.c'; then $(CYGPATH_W) 'libdes/set_key.c'; else $(CYGPATH_W) '$(srcdir)/libdes/set_key.c'; fi`
-speed.o: libdes/speed.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT speed.o -MD -MP -MF "$(DEPDIR)/speed.Tpo" -c -o speed.o `test -f 'libdes/speed.c' || echo '$(srcdir)/'`libdes/speed.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/speed.Tpo" "$(DEPDIR)/speed.Po"; else rm -f "$(DEPDIR)/speed.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='libdes/speed.c' object='speed.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o speed.o `test -f 'libdes/speed.c' || echo '$(srcdir)/'`libdes/speed.c
-
-speed.obj: libdes/speed.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT speed.obj -MD -MP -MF "$(DEPDIR)/speed.Tpo" -c -o speed.obj `if test -f 'libdes/speed.c'; then $(CYGPATH_W) 'libdes/speed.c'; else $(CYGPATH_W) '$(srcdir)/libdes/speed.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/speed.Tpo" "$(DEPDIR)/speed.Po"; else rm -f "$(DEPDIR)/speed.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='libdes/speed.c' object='speed.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o speed.obj `if test -f 'libdes/speed.c'; then $(CYGPATH_W) 'libdes/speed.c'; else $(CYGPATH_W) '$(srcdir)/libdes/speed.c'; fi`
-
fcrypt_b.o: libdes/fcrypt_b.c
@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fcrypt_b.o -MD -MP -MF "$(DEPDIR)/fcrypt_b.Tpo" -c -o fcrypt_b.o `test -f 'libdes/fcrypt_b.c' || echo '$(srcdir)/'`libdes/fcrypt_b.c; \
@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/fcrypt_b.Tpo" "$(DEPDIR)/fcrypt_b.Po"; else rm -f "$(DEPDIR)/fcrypt_b.Tpo"; exit 1; fi
@@ -566,20 +565,6 @@ ecb_enc.obj: libdes/ecb_enc.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ecb_enc.obj `if test -f 'libdes/ecb_enc.c'; then $(CYGPATH_W) 'libdes/ecb_enc.c'; else $(CYGPATH_W) '$(srcdir)/libdes/ecb_enc.c'; fi`
-des_opts.o: libdes/des_opts.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT des_opts.o -MD -MP -MF "$(DEPDIR)/des_opts.Tpo" -c -o des_opts.o `test -f 'libdes/des_opts.c' || echo '$(srcdir)/'`libdes/des_opts.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/des_opts.Tpo" "$(DEPDIR)/des_opts.Po"; else rm -f "$(DEPDIR)/des_opts.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='libdes/des_opts.c' object='des_opts.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o des_opts.o `test -f 'libdes/des_opts.c' || echo '$(srcdir)/'`libdes/des_opts.c
-
-des_opts.obj: libdes/des_opts.c
-@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT des_opts.obj -MD -MP -MF "$(DEPDIR)/des_opts.Tpo" -c -o des_opts.obj `if test -f 'libdes/des_opts.c'; then $(CYGPATH_W) 'libdes/des_opts.c'; else $(CYGPATH_W) '$(srcdir)/libdes/des_opts.c'; fi`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/des_opts.Tpo" "$(DEPDIR)/des_opts.Po"; else rm -f "$(DEPDIR)/des_opts.Tpo"; exit 1; fi
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='libdes/des_opts.c' object='des_opts.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o des_opts.obj `if test -f 'libdes/des_opts.c'; then $(CYGPATH_W) 'libdes/des_opts.c'; else $(CYGPATH_W) '$(srcdir)/libdes/des_opts.c'; fi`
-
mostlyclean-libtool:
-rm -f *.lo
diff --git a/src/libcrypto/libdes/des_opts.c b/src/libcrypto/libdes/des_opts.c
deleted file mode 100644
index b6693c405..000000000
--- a/src/libcrypto/libdes/des_opts.c
+++ /dev/null
@@ -1,620 +0,0 @@
-/* crypto/des/des_opts.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
- * This is for machines with 64k code segment size restrictions. */
-
-#ifndef MSDOS
-#define TIMES
-#endif
-
-#include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern void exit();
-#endif
-#include <signal.h>
-#ifndef VMS
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-#else /* VMS */
-#include <types.h>
-struct tms {
- time_t tms_utime;
- time_t tms_stime;
- time_t tms_uchild; /* I dunno... */
- time_t tms_uchildsys; /* so these names are a guess :-) */
- }
-#endif
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#ifdef sun
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include "des_locl.h"
-#include "spr.h"
-
-#define DES_DEFAULT_OPTIONS
-
-#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4)
-#define PART1
-#define PART2
-#define PART3
-#define PART4
-#endif
-
-#ifdef PART1
-
-#undef DES_UNROLL
-#undef DES_RISC1
-#undef DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#define des_encrypt des_encrypt_u4_cisc_idx
-#define des_encrypt2 des_encrypt2_u4_cisc_idx
-#define des_encrypt3 des_encrypt3_u4_cisc_idx
-#define des_decrypt3 des_decrypt3_u4_cisc_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#undef DES_RISC1
-#undef DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt des_encrypt_u16_cisc_idx
-#define des_encrypt2 des_encrypt2_u16_cisc_idx
-#define des_encrypt3 des_encrypt3_u16_cisc_idx
-#define des_decrypt3 des_decrypt3_u16_cisc_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#undef DES_UNROLL
-#define DES_RISC1
-#undef DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt des_encrypt_u4_risc1_idx
-#define des_encrypt2 des_encrypt2_u4_risc1_idx
-#define des_encrypt3 des_encrypt3_u4_risc1_idx
-#define des_decrypt3 des_decrypt3_u4_risc1_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#endif
-
-#ifdef PART2
-
-#undef DES_UNROLL
-#undef DES_RISC1
-#define DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt des_encrypt_u4_risc2_idx
-#define des_encrypt2 des_encrypt2_u4_risc2_idx
-#define des_encrypt3 des_encrypt3_u4_risc2_idx
-#define des_decrypt3 des_decrypt3_u4_risc2_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#define DES_RISC1
-#undef DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt des_encrypt_u16_risc1_idx
-#define des_encrypt2 des_encrypt2_u16_risc1_idx
-#define des_encrypt3 des_encrypt3_u16_risc1_idx
-#define des_decrypt3 des_decrypt3_u16_risc1_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#undef DES_RISC1
-#define DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt des_encrypt_u16_risc2_idx
-#define des_encrypt2 des_encrypt2_u16_risc2_idx
-#define des_encrypt3 des_encrypt3_u16_risc2_idx
-#define des_decrypt3 des_decrypt3_u16_risc2_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#endif
-
-#ifdef PART3
-
-#undef DES_UNROLL
-#undef DES_RISC1
-#undef DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt des_encrypt_u4_cisc_ptr
-#define des_encrypt2 des_encrypt2_u4_cisc_ptr
-#define des_encrypt3 des_encrypt3_u4_cisc_ptr
-#define des_decrypt3 des_decrypt3_u4_cisc_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#undef DES_RISC1
-#undef DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt des_encrypt_u16_cisc_ptr
-#define des_encrypt2 des_encrypt2_u16_cisc_ptr
-#define des_encrypt3 des_encrypt3_u16_cisc_ptr
-#define des_decrypt3 des_decrypt3_u16_cisc_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#undef DES_UNROLL
-#define DES_RISC1
-#undef DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt des_encrypt_u4_risc1_ptr
-#define des_encrypt2 des_encrypt2_u4_risc1_ptr
-#define des_encrypt3 des_encrypt3_u4_risc1_ptr
-#define des_decrypt3 des_decrypt3_u4_risc1_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#endif
-
-#ifdef PART4
-
-#undef DES_UNROLL
-#undef DES_RISC1
-#define DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt des_encrypt_u4_risc2_ptr
-#define des_encrypt2 des_encrypt2_u4_risc2_ptr
-#define des_encrypt3 des_encrypt3_u4_risc2_ptr
-#define des_decrypt3 des_decrypt3_u4_risc2_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#define DES_RISC1
-#undef DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt des_encrypt_u16_risc1_ptr
-#define des_encrypt2 des_encrypt2_u16_risc1_ptr
-#define des_encrypt3 des_encrypt3_u16_risc1_ptr
-#define des_decrypt3 des_decrypt3_u16_risc1_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#undef DES_RISC1
-#define DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt des_encrypt_u16_risc2_ptr
-#define des_encrypt2 des_encrypt2_u16_risc2_ptr
-#define des_encrypt3 des_encrypt3_u16_risc2_ptr
-#define des_decrypt3 des_decrypt3_u16_risc2_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#endif
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-# ifndef VMS
-# define HZ 100.0
-# else /* VMS */
-# define HZ 100.0
-# endif
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#define BUFSIZE ((long)1024)
-long run=0;
-
-#ifndef NOPROTO
-double Time_F(int s);
-#else
-double Time_F();
-#endif
-
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-#ifndef NOPROTO
-SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-double Time_F(s)
-int s;
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
- }
-
-#ifdef SIGALRM
-#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
-#else
-#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
-#endif
-
-#define time_it(func,name,index) \
- print_name(name); \
- Time_F(START); \
- for (count=0,run=1; COND(cb); count++) \
- { \
- unsigned long d[2]; \
- func(d,&(sch[0]),DES_ENCRYPT); \
- } \
- tm[index]=Time_F(STOP); \
- fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
- tm[index]=((double)COUNT(cb))/tm[index];
-
-#define print_it(name,index) \
- fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
- tm[index]*8,1.0e6/tm[index]);
-
-int main(argc,argv)
-int argc;
-char **argv;
- {
- long count;
- static unsigned char buf[BUFSIZE];
- static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
- static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
- static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
- des_key_schedule sch,sch2,sch3;
- double d,tm[16],max=0;
- int rank[16];
- char *str[16];
- int max_idx=0,i,num=0,j;
-#ifndef SIGALARM
- long ca,cb,cc,cd,ce;
-#endif
-
- for (i=0; i<12; i++)
- {
- tm[i]=0.0;
- rank[i]=0;
- }
-
-#ifndef TIMES
- fprintf(stderr,"To get the most acurate results, try to run this\n");
- fprintf(stderr,"program when this computer is idle.\n");
-#endif
-
- des_set_key((C_Block *)key,sch);
- des_set_key((C_Block *)key2,sch2);
- des_set_key((C_Block *)key3,sch3);
-
-#ifndef SIGALRM
- fprintf(stderr,"First we calculate the approximate speed ...\n");
- des_set_key((C_Block *)key,sch);
- count=10;
- do {
- long i;
- unsigned long data[2];
-
- count*=2;
- Time_F(START);
- for (i=count; i; i--)
- des_encrypt(data,&(sch[0]),DES_ENCRYPT);
- d=Time_F(STOP);
- } while (d < 3.0);
- ca=count;
- cb=count*3;
- cc=count*3*8/BUFSIZE+1;
- cd=count*8/BUFSIZE+1;
-
- ce=count/20+1;
-#define COND(d) (count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
- alarm(10);
-#endif
-
-#ifdef PART1
- time_it(des_encrypt_u4_cisc_idx, "des_encrypt_u4_cisc_idx ", 0);
- time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1);
- time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2);
- num+=3;
-#endif
-#ifdef PART2
- time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3);
- time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4);
- time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5);
- num+=3;
-#endif
-#ifdef PART3
- time_it(des_encrypt_u4_cisc_ptr, "des_encrypt_u4_cisc_ptr ", 6);
- time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7);
- time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8);
- num+=3;
-#endif
-#ifdef PART4
- time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9);
- time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10);
- time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11);
- num+=3;
-#endif
-
-#ifdef PART1
- str[0]=" 4 c i";
- print_it("des_encrypt_u4_cisc_idx ",0);
- max=tm[0];
- max_idx=0;
- str[1]="16 c i";
- print_it("des_encrypt_u16_cisc_idx ",1);
- if (max < tm[1]) { max=tm[1]; max_idx=1; }
- str[2]=" 4 r1 i";
- print_it("des_encrypt_u4_risc1_idx ",2);
- if (max < tm[2]) { max=tm[2]; max_idx=2; }
-#endif
-#ifdef PART2
- str[3]="16 r1 i";
- print_it("des_encrypt_u16_risc1_idx",3);
- if (max < tm[3]) { max=tm[3]; max_idx=3; }
- str[4]=" 4 r2 i";
- print_it("des_encrypt_u4_risc2_idx ",4);
- if (max < tm[4]) { max=tm[4]; max_idx=4; }
- str[5]="16 r2 i";
- print_it("des_encrypt_u16_risc2_idx",5);
- if (max < tm[5]) { max=tm[5]; max_idx=5; }
-#endif
-#ifdef PART3
- str[6]=" 4 c p";
- print_it("des_encrypt_u4_cisc_ptr ",6);
- if (max < tm[6]) { max=tm[6]; max_idx=6; }
- str[7]="16 c p";
- print_it("des_encrypt_u16_cisc_ptr ",7);
- if (max < tm[7]) { max=tm[7]; max_idx=7; }
- str[8]=" 4 r1 p";
- print_it("des_encrypt_u4_risc1_ptr ",8);
- if (max < tm[8]) { max=tm[8]; max_idx=8; }
-#endif
-#ifdef PART4
- str[9]="16 r1 p";
- print_it("des_encrypt_u16_risc1_ptr",9);
- if (max < tm[9]) { max=tm[9]; max_idx=9; }
- str[10]=" 4 r2 p";
- print_it("des_encrypt_u4_risc2_ptr ",10);
- if (max < tm[10]) { max=tm[10]; max_idx=10; }
- str[11]="16 r2 p";
- print_it("des_encrypt_u16_risc2_ptr",11);
- if (max < tm[11]) { max=tm[11]; max_idx=11; }
-#endif
- printf("options des ecb/s\n");
- printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
- d=tm[max_idx];
- tm[max_idx]= -2.0;
- max= -1.0;
- for (;;)
- {
- for (i=0; i<12; i++)
- {
- if (max < tm[i]) { max=tm[i]; j=i; }
- }
- if (max < 0.0) break;
- printf("%s %12.2f %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
- tm[j]= -2.0;
- max= -1.0;
- }
-
- switch (max_idx)
- {
- case 0:
- printf("-DDES_DEFAULT_OPTIONS\n");
- break;
- case 1:
- printf("-DDES_UNROLL\n");
- break;
- case 2:
- printf("-DDES_RISC1\n");
- break;
- case 3:
- printf("-DDES_UNROLL -DDES_RISC1\n");
- break;
- case 4:
- printf("-DDES_RISC2\n");
- break;
- case 5:
- printf("-DDES_UNROLL -DDES_RISC2\n");
- break;
- case 6:
- printf("-DDES_PTR\n");
- break;
- case 7:
- printf("-DDES_UNROLL -DDES_PTR\n");
- break;
- case 8:
- printf("-DDES_RISC1 -DDES_PTR\n");
- break;
- case 9:
- printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n");
- break;
- case 10:
- printf("-DDES_RISC2 -DDES_PTR\n");
- break;
- case 11:
- printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n");
- break;
- }
- exit(0);
-#if defined(LINT) || defined(MSDOS)
- return(0);
-#endif
- }
diff --git a/src/libcrypto/libdes/speed.c b/src/libcrypto/libdes/speed.c
deleted file mode 100644
index e3d753b2e..000000000
--- a/src/libcrypto/libdes/speed.c
+++ /dev/null
@@ -1,329 +0,0 @@
-/* crypto/des/speed.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
-
-#ifndef MSDOS
-#define TIMES
-#endif
-
-#include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern int exit();
-#endif
-#include <signal.h>
-#ifndef VMS
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-#else /* VMS */
-#include <types.h>
-struct tms {
- time_t tms_utime;
- time_t tms_stime;
- time_t tms_uchild; /* I dunno... */
- time_t tms_uchildsys; /* so these names are a guess :-) */
- }
-#endif
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#ifdef sun
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include "des_locl.h"
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-# ifndef VMS
-# define HZ 100.0
-# else /* VMS */
-# define HZ 100.0
-# endif
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#define BUFSIZE ((long)1024)
-long run=0;
-
-#ifndef NOPROTO
-double Time_F(int s);
-#else
-double Time_F();
-#endif
-
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-#ifndef NOPROTO
-SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-double Time_F(s)
-int s;
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
- }
-
-int main(argc,argv)
-int argc;
-char **argv;
- {
- long count;
- static unsigned char buf[BUFSIZE];
- static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
- static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
- static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
- des_key_schedule sch,sch2,sch3;
- double a,b,c,d,e;
-#ifndef SIGALRM
- long ca,cb,cc,cd,ce;
-#endif
-
-#ifndef TIMES
- printf("To get the most acurate results, try to run this\n");
- printf("program when this computer is idle.\n");
-#endif
-
- des_set_key((C_Block *)key2,sch2);
- des_set_key((C_Block *)key3,sch3);
-
-#ifndef SIGALRM
- printf("First we calculate the approximate speed ...\n");
- des_set_key((C_Block *)key,sch);
- count=10;
- do {
- long i;
- DES_LONG data[2];
-
- count*=2;
- Time_F(START);
- for (i=count; i; i--)
- des_encrypt(data,&(sch[0]),DES_ENCRYPT);
- d=Time_F(STOP);
- } while (d < 3.0);
- ca=count;
- cb=count*3;
- cc=count*3*8/BUFSIZE+1;
- cd=count*8/BUFSIZE+1;
- ce=count/20+1;
- printf("Doing set_key %ld times\n",ca);
-#define COND(d) (count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
- printf("Doing set_key for 10 seconds\n");
- alarm(10);
-#endif
-
- Time_F(START);
- for (count=0,run=1; COND(ca); count++)
- des_set_key((C_Block *)key,sch);
- d=Time_F(STOP);
- printf("%ld set_key's in %.2f seconds\n",count,d);
- a=((double)COUNT(ca))/d;
-
-#ifdef SIGALRM
- printf("Doing des_encrypt's for 10 seconds\n");
- alarm(10);
-#else
- printf("Doing des_encrypt %ld times\n",cb);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cb); count++)
- {
- DES_LONG data[2];
-
- des_encrypt(data,&(sch[0]),DES_ENCRYPT);
- }
- d=Time_F(STOP);
- printf("%ld des_encrypt's in %.2f second\n",count,d);
- b=((double)COUNT(cb)*8)/d;
-
-#ifdef SIGALRM
- printf("Doing des_cbc_encrypt on %ld byte blocks for 10 seconds\n",
- BUFSIZE);
- alarm(10);
-#else
- printf("Doing des_cbc_encrypt %ld times on %ld byte blocks\n",cc,
- BUFSIZE);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cc); count++)
- des_ncbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,&(sch[0]),
- (C_Block *)&(key[0]),DES_ENCRYPT);
- d=Time_F(STOP);
- printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n",
- count,BUFSIZE,d);
- c=((double)COUNT(cc)*BUFSIZE)/d;
-
-#ifdef SIGALRM
- printf("Doing des_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
- BUFSIZE);
- alarm(10);
-#else
- printf("Doing des_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
- BUFSIZE);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cd); count++)
- des_ede3_cbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,
- &(sch[0]),
- &(sch2[0]),
- &(sch3[0]),
- (C_Block *)&(key[0]),
- DES_ENCRYPT);
- d=Time_F(STOP);
- printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
- count,BUFSIZE,d);
- d=((double)COUNT(cd)*BUFSIZE)/d;
-
-#ifdef SIGALRM
- printf("Doing crypt for 10 seconds\n");
- alarm(10);
-#else
- printf("Doing crypt %ld times\n",ce);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(ce); count++)
- crypt("testing1","ef");
- e=Time_F(STOP);
- printf("%ld crypts in %.2f second\n",count,e);
- e=((double)COUNT(ce))/e;
-
- printf("set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
- printf("DES raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
- printf("DES cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
- printf("DES ede cbc bytes per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);
- printf("crypt per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);
- exit(0);
-#if defined(LINT) || defined(MSDOS)
- return(0);
-#endif
- }
diff --git a/src/libfreeswan/Makefile.in b/src/libfreeswan/Makefile.in
index 97b53d7c0..fa57d5aab 100644
--- a/src/libfreeswan/Makefile.in
+++ b/src/libfreeswan/Makefile.in
@@ -129,6 +129,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -141,6 +142,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -151,8 +153,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -174,6 +180,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -183,6 +190,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -196,9 +205,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -213,6 +226,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
noinst_LIBRARIES = libfreeswan.a
libfreeswan_a_SOURCES = addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \
atosa.c atosubnet.c atoul.c copyright.c datatot.c freeswan.h \
diff --git a/src/libfreeswan/ipsec_ah.h b/src/libfreeswan/ipsec_ah.h
index e088288d3..7a250248e 100644
--- a/src/libfreeswan/ipsec_ah.h
+++ b/src/libfreeswan/ipsec_ah.h
@@ -109,127 +109,3 @@ struct ahhdr /* Generic AH header */
extern int debug_ah;
#endif /* CONFIG_IPSEC_DEBUG */
#endif /* __KERNEL__ */
-
-/*
- * $Log: ipsec_ah.h,v $
- * Revision 1.2 2004/03/22 21:53:18 as
- * merged alg-0.8.1 branch with HEAD
- *
- * Revision 1.1.4.1 2004/03/16 09:48:18 as
- * alg-0.8.1rc12 patch merged
- *
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.20 2003/02/06 02:21:34 rgb
- *
- * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h .
- * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr".
- * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code.
- *
- * Revision 1.19 2002/09/16 21:19:13 mcr
- * fixes for west-ah-icmp-01 - length of AH header must be
- * calculated properly, and next_header field properly copied.
- *
- * Revision 1.18 2002/05/14 02:37:02 rgb
- * Change reference from _TDB to _IPSA.
- *
- * Revision 1.17 2002/04/24 07:36:46 mcr
- * Moved from ./klips/net/ipsec/ipsec_ah.h,v
- *
- * Revision 1.16 2002/02/20 01:27:06 rgb
- * Ditched a pile of structs only used by the old Netlink interface.
- *
- * Revision 1.15 2001/12/11 02:35:57 rgb
- * Change "struct net_device" to "struct device" for 2.2 compatibility.
- *
- * Revision 1.14 2001/11/26 09:23:47 rgb
- * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
- *
- * Revision 1.13.2.1 2001/09/25 02:18:24 mcr
- * replace "struct device" with "struct netdevice"
- *
- * Revision 1.13 2001/06/14 19:35:08 rgb
- * Update copyright date.
- *
- * Revision 1.12 2000/09/12 03:21:20 rgb
- * Cleared out unused htonq.
- *
- * Revision 1.11 2000/09/08 19:12:55 rgb
- * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
- *
- * Revision 1.10 2000/01/21 06:13:10 rgb
- * Tidied up spacing.
- * Added macros for HMAC padding magic numbers.(kravietz)
- *
- * Revision 1.9 1999/12/07 18:16:23 rgb
- * Fixed comments at end of #endif lines.
- *
- * Revision 1.8 1999/04/11 00:28:56 henry
- * GPL boilerplate
- *
- * Revision 1.7 1999/04/06 04:54:25 rgb
- * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
- * patch shell fixes.
- *
- * Revision 1.6 1999/01/26 02:06:01 rgb
- * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
- *
- * Revision 1.5 1999/01/22 06:17:49 rgb
- * Updated macro comments.
- * Added context types to support algorithm switch code.
- * 64-bit clean-up -- converting 'u long long' to __u64.
- *
- * Revision 1.4 1998/07/14 15:54:56 rgb
- * Add #ifdef __KERNEL__ to protect kernel-only structures.
- *
- * Revision 1.3 1998/06/30 18:05:16 rgb
- * Comment out references to htonq.
- *
- * Revision 1.2 1998/06/25 19:33:46 rgb
- * Add prototype for protocol receive function.
- * Rearrange for more logical layout.
- *
- * Revision 1.1 1998/06/18 21:27:43 henry
- * move sources from klips/src to klips/net/ipsec, to keep stupid
- * kernel-build scripts happier in the presence of symlinks
- *
- * Revision 1.4 1998/05/18 22:28:43 rgb
- * Disable key printing facilities from /proc/net/ipsec_*.
- *
- * Revision 1.3 1998/04/21 21:29:07 rgb
- * Rearrange debug switches to change on the fly debug output from user
- * space. Only kernel changes checked in at this time. radij.c was also
- * changed to temporarily remove buggy debugging code in rj_delete causing
- * an OOPS and hence, netlink device open errors.
- *
- * Revision 1.2 1998/04/12 22:03:17 rgb
- * Updated ESP-3DES-HMAC-MD5-96,
- * ESP-DES-HMAC-MD5-96,
- * AH-HMAC-MD5-96,
- * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
- * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
- *
- * Fixed eroute references in /proc/net/ipsec*.
- *
- * Started to patch module unloading memory leaks in ipsec_netlink and
- * radij tree unloading.
- *
- * Revision 1.1 1998/04/09 03:05:55 henry
- * sources moved up from linux/net/ipsec
- *
- * Revision 1.1.1.1 1998/04/08 05:35:02 henry
- * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
- *
- * Revision 0.4 1997/01/15 01:28:15 ji
- * Added definitions for new AH transforms.
- *
- * Revision 0.3 1996/11/20 14:35:48 ji
- * Minor Cleanup.
- * Rationalized debugging code.
- *
- * Revision 0.2 1996/11/02 00:18:33 ji
- * First limited release.
- *
- *
- */
diff --git a/src/libfreeswan/ipsec_encap.h b/src/libfreeswan/ipsec_encap.h
index 17cd69269..f95259466 100644
--- a/src/libfreeswan/ipsec_encap.h
+++ b/src/libfreeswan/ipsec_encap.h
@@ -53,91 +53,3 @@ struct sockaddr_encap
#define _IPSEC_ENCAP_H_
#endif /* _IPSEC_ENCAP_H_ */
-
-/*
- * $Log: ipsec_encap.h,v $
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.17 2002/04/24 07:36:46 mcr
- * Moved from ./klips/net/ipsec/ipsec_encap.h,v
- *
- * Revision 1.16 2001/11/26 09:23:47 rgb
- * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
- *
- * Revision 1.15.2.1 2001/09/25 02:18:54 mcr
- * struct eroute moved to ipsec_eroute.h
- *
- * Revision 1.15 2001/09/14 16:58:36 rgb
- * Added support for storing the first and last packets through a HOLD.
- *
- * Revision 1.14 2001/09/08 21:13:31 rgb
- * Added pfkey ident extension support for ISAKMPd. (NetCelo)
- *
- * Revision 1.13 2001/06/14 19:35:08 rgb
- * Update copyright date.
- *
- * Revision 1.12 2001/05/27 06:12:10 rgb
- * Added structures for pid, packet count and last access time to eroute.
- * Added packet count to beginning of /proc/net/ipsec_eroute.
- *
- * Revision 1.11 2000/09/08 19:12:56 rgb
- * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
- *
- * Revision 1.10 2000/03/22 16:15:36 rgb
- * Fixed renaming of dev_get (MB).
- *
- * Revision 1.9 2000/01/21 06:13:26 rgb
- * Added a macro for AF_ENCAP
- *
- * Revision 1.8 1999/12/31 14:56:55 rgb
- * MB fix for 2.3 dev-use-count.
- *
- * Revision 1.7 1999/11/18 04:09:18 rgb
- * Replaced all kernel version macros to shorter, readable form.
- *
- * Revision 1.6 1999/09/24 00:34:13 rgb
- * Add Marc Boucher's support for 2.3.xx+.
- *
- * Revision 1.5 1999/04/11 00:28:57 henry
- * GPL boilerplate
- *
- * Revision 1.4 1999/04/06 04:54:25 rgb
- * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
- * patch shell fixes.
- *
- * Revision 1.3 1998/10/19 14:44:28 rgb
- * Added inclusion of freeswan.h.
- * sa_id structure implemented and used: now includes protocol.
- *
- * Revision 1.2 1998/07/14 18:19:33 rgb
- * Added #ifdef __KERNEL__ directives to restrict scope of header.
- *
- * Revision 1.1 1998/06/18 21:27:44 henry
- * move sources from klips/src to klips/net/ipsec, to keep stupid
- * kernel-build scripts happier in the presence of symlinks
- *
- * Revision 1.2 1998/04/21 21:29:10 rgb
- * Rearrange debug switches to change on the fly debug output from user
- * space. Only kernel changes checked in at this time. radij.c was also
- * changed to temporarily remove buggy debugging code in rj_delete causing
- * an OOPS and hence, netlink device open errors.
- *
- * Revision 1.1 1998/04/09 03:05:58 henry
- * sources moved up from linux/net/ipsec
- *
- * Revision 1.1.1.1 1998/04/08 05:35:02 henry
- * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
- *
- * Revision 0.4 1997/01/15 01:28:15 ji
- * Minor cosmetic changes.
- *
- * Revision 0.3 1996/11/20 14:35:48 ji
- * Minor Cleanup.
- * Rationalized debugging code.
- *
- * Revision 0.2 1996/11/02 00:18:33 ji
- * First limited release.
- *
- *
- */
diff --git a/src/libfreeswan/ipsec_eroute.h b/src/libfreeswan/ipsec_eroute.h
index 2ee2a10b8..9bba4bfb4 100644
--- a/src/libfreeswan/ipsec_eroute.h
+++ b/src/libfreeswan/ipsec_eroute.h
@@ -80,24 +80,3 @@ struct eroute
#define _IPSEC_EROUTE_H_
#endif /* _IPSEC_EROUTE_H_ */
-
-/*
- * $Log: ipsec_eroute.h,v $
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.3 2002/04/24 07:36:46 mcr
- * Moved from ./klips/net/ipsec/ipsec_eroute.h,v
- *
- * Revision 1.2 2001/11/26 09:16:13 rgb
- * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
- *
- * Revision 1.1.2.1 2001/09/25 02:18:54 mcr
- * struct eroute moved to ipsec_eroute.h
- *
- *
- * Local variables:
- * c-file-style: "linux"
- * End:
- *
- */
diff --git a/src/libfreeswan/ipsec_errs.h b/src/libfreeswan/ipsec_errs.h
index f14b5e675..39cfece2b 100644
--- a/src/libfreeswan/ipsec_errs.h
+++ b/src/libfreeswan/ipsec_errs.h
@@ -30,24 +30,3 @@ struct ipsec_errs {
__u32 ips_encpad_errs; /* # of encryption pad errors*/
__u32 ips_replaywin_errs; /* # of pkt sequence errors */
};
-
-/*
- * $Log: ipsec_errs.h,v $
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.3 2002/04/24 07:36:46 mcr
- * Moved from ./klips/net/ipsec/ipsec_errs.h,v
- *
- * Revision 1.2 2001/11/26 09:16:13 rgb
- * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
- *
- * Revision 1.1.2.1 2001/09/25 02:25:57 mcr
- * lifetime structure created and common functions created.
- *
- *
- * Local variables:
- * c-file-style: "linux"
- * End:
- *
- */
diff --git a/src/libfreeswan/ipsec_esp.h b/src/libfreeswan/ipsec_esp.h
index c7d5ea15d..90ef28e9b 100644
--- a/src/libfreeswan/ipsec_esp.h
+++ b/src/libfreeswan/ipsec_esp.h
@@ -78,143 +78,3 @@ struct esphdr
extern int debug_esp;
#endif /* CONFIG_IPSEC_DEBUG */
#endif /* __KERNEL__ */
-
-/*
- * $Log: ipsec_esp.h,v $
- * Revision 1.2 2004/03/22 21:53:18 as
- * merged alg-0.8.1 branch with HEAD
- *
- * Revision 1.1.4.1 2004/03/16 09:48:18 as
- * alg-0.8.1rc12 patch merged
- *
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.21 2003/02/06 02:21:34 rgb
- *
- * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h .
- * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr".
- * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code.
- *
- * Revision 1.20 2002/05/14 02:37:02 rgb
- * Change reference from _TDB to _IPSA.
- *
- * Revision 1.19 2002/04/24 07:55:32 mcr
- * #include patches and Makefiles for post-reorg compilation.
- *
- * Revision 1.18 2002/04/24 07:36:46 mcr
- * Moved from ./klips/net/ipsec/ipsec_esp.h,v
- *
- * Revision 1.17 2002/02/20 01:27:07 rgb
- * Ditched a pile of structs only used by the old Netlink interface.
- *
- * Revision 1.16 2001/12/11 02:35:57 rgb
- * Change "struct net_device" to "struct device" for 2.2 compatibility.
- *
- * Revision 1.15 2001/11/26 09:23:48 rgb
- * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
- *
- * Revision 1.14.2.3 2001/10/23 04:16:42 mcr
- * get definition of des_key_schedule from des.h
- *
- * Revision 1.14.2.2 2001/10/22 20:33:13 mcr
- * use "des_key_schedule" structure instead of cooking our own.
- *
- * Revision 1.14.2.1 2001/09/25 02:18:25 mcr
- * replace "struct device" with "struct netdevice"
- *
- * Revision 1.14 2001/06/14 19:35:08 rgb
- * Update copyright date.
- *
- * Revision 1.13 2000/09/08 19:12:56 rgb
- * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
- *
- * Revision 1.12 2000/08/01 14:51:50 rgb
- * Removed _all_ remaining traces of DES.
- *
- * Revision 1.11 2000/01/10 16:36:20 rgb
- * Ditch last of EME option flags, including initiator.
- *
- * Revision 1.10 1999/12/07 18:16:22 rgb
- * Fixed comments at end of #endif lines.
- *
- * Revision 1.9 1999/04/11 00:28:57 henry
- * GPL boilerplate
- *
- * Revision 1.8 1999/04/06 04:54:25 rgb
- * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
- * patch shell fixes.
- *
- * Revision 1.7 1999/01/26 02:06:00 rgb
- * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
- *
- * Revision 1.6 1999/01/22 15:22:05 rgb
- * Re-enable IV in the espblkrply_edata structure to avoid breaking pluto
- * until pluto can be fixed properly.
- *
- * Revision 1.5 1999/01/22 06:18:16 rgb
- * Updated macro comments.
- * Added key schedule types to support algorithm switch code.
- *
- * Revision 1.4 1998/08/12 00:07:32 rgb
- * Added data structures for new xforms: null, {,3}dessha1.
- *
- * Revision 1.3 1998/07/14 15:57:01 rgb
- * Add #ifdef __KERNEL__ to protect kernel-only structures.
- *
- * Revision 1.2 1998/06/25 19:33:46 rgb
- * Add prototype for protocol receive function.
- * Rearrange for more logical layout.
- *
- * Revision 1.1 1998/06/18 21:27:45 henry
- * move sources from klips/src to klips/net/ipsec, to keep stupid
- * kernel-build scripts happier in the presence of symlinks
- *
- * Revision 1.6 1998/06/05 02:28:08 rgb
- * Minor comment fix.
- *
- * Revision 1.5 1998/05/27 22:34:00 rgb
- * Changed structures to accomodate key separation.
- *
- * Revision 1.4 1998/05/18 22:28:43 rgb
- * Disable key printing facilities from /proc/net/ipsec_*.
- *
- * Revision 1.3 1998/04/21 21:29:07 rgb
- * Rearrange debug switches to change on the fly debug output from user
- * space. Only kernel changes checked in at this time. radij.c was also
- * changed to temporarily remove buggy debugging code in rj_delete causing
- * an OOPS and hence, netlink device open errors.
- *
- * Revision 1.2 1998/04/12 22:03:20 rgb
- * Updated ESP-3DES-HMAC-MD5-96,
- * ESP-DES-HMAC-MD5-96,
- * AH-HMAC-MD5-96,
- * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
- * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
- *
- * Fixed eroute references in /proc/net/ipsec*.
- *
- * Started to patch module unloading memory leaks in ipsec_netlink and
- * radij tree unloading.
- *
- * Revision 1.1 1998/04/09 03:06:00 henry
- * sources moved up from linux/net/ipsec
- *
- * Revision 1.1.1.1 1998/04/08 05:35:02 henry
- * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
- *
- * Revision 0.5 1997/06/03 04:24:48 ji
- * Added ESP-3DES-MD5-96 transform.
- *
- * Revision 0.4 1997/01/15 01:28:15 ji
- * Added definitions for new ESP transforms.
- *
- * Revision 0.3 1996/11/20 14:35:48 ji
- * Minor Cleanup.
- * Rationalized debugging code.
- *
- * Revision 0.2 1996/11/02 00:18:33 ji
- * First limited release.
- *
- *
- */
diff --git a/src/libfreeswan/ipsec_ipe4.h b/src/libfreeswan/ipsec_ipe4.h
index 73b6ae899..14d1eadee 100644
--- a/src/libfreeswan/ipsec_ipe4.h
+++ b/src/libfreeswan/ipsec_ipe4.h
@@ -25,44 +25,3 @@ struct ipe4_xdata /* transform table data */
};
#define EMT_IPE4_ULEN 8 /* coming from user mode */
-
-
-/*
- * $Log: ipsec_ipe4.h,v $
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.5 2002/04/24 07:36:46 mcr
- * Moved from ./klips/net/ipsec/ipsec_ipe4.h,v
- *
- * Revision 1.4 2001/06/14 19:35:08 rgb
- * Update copyright date.
- *
- * Revision 1.3 1999/04/11 00:28:57 henry
- * GPL boilerplate
- *
- * Revision 1.2 1999/04/06 04:54:25 rgb
- * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
- * patch shell fixes.
- *
- * Revision 1.1 1998/06/18 21:27:47 henry
- * move sources from klips/src to klips/net/ipsec, to keep stupid
- * kernel-build scripts happier in the presence of symlinks
- *
- * Revision 1.1 1998/04/09 03:06:07 henry
- * sources moved up from linux/net/ipsec
- *
- * Revision 1.1.1.1 1998/04/08 05:35:03 henry
- * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
- *
- * Revision 0.4 1997/01/15 01:28:15 ji
- * No changes.
- *
- * Revision 0.3 1996/11/20 14:48:53 ji
- * Release update only.
- *
- * Revision 0.2 1996/11/02 00:18:33 ji
- * First limited release.
- *
- *
- */
diff --git a/src/libfreeswan/ipsec_kversion.h b/src/libfreeswan/ipsec_kversion.h
index 7bf56ac7f..332c21bd5 100644
--- a/src/libfreeswan/ipsec_kversion.h
+++ b/src/libfreeswan/ipsec_kversion.h
@@ -189,39 +189,3 @@
#endif /* !SPINLOCK_23 */
#endif /* _FREESWAN_KVERSIONS_H */
-
-/*
- * $Log: ipsec_kversion.h,v $
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.7 2003/07/31 22:48:08 mcr
- * derive NET25-ness from presence of NETLINK_XFRM macro.
- *
- * Revision 1.6 2003/06/24 20:22:32 mcr
- * added new global: ipsecdevices[] so that we can keep track of
- * the ipsecX devices. They will be referenced with dev_hold(),
- * so 2.2 may need this as well.
- *
- * Revision 1.5 2003/04/03 17:38:09 rgb
- * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}.
- *
- * Revision 1.4 2002/04/24 07:36:46 mcr
- * Moved from ./klips/net/ipsec/ipsec_kversion.h,v
- *
- * Revision 1.3 2002/04/12 03:21:17 mcr
- * three parameter version of ip_select_ident appears first
- * in 2.4.2 (RH7.1) not 2.4.4.
- *
- * Revision 1.2 2002/03/08 21:35:22 rgb
- * Defined LINUX_KERNEL_HAS_SNPRINTF to shut up compiler warnings after
- * 2.4.9. (Andreas Piesk).
- *
- * Revision 1.1 2002/01/29 02:11:42 mcr
- * removal of kversions.h - sources that needed it now use ipsec_param.h.
- * updating of IPv6 structures to match latest in6.h version.
- * removed dead code from freeswan.h that also duplicated kversions.h
- * code.
- *
- *
- */
diff --git a/src/libfreeswan/ipsec_life.h b/src/libfreeswan/ipsec_life.h
index 4cf270272..598a73665 100644
--- a/src/libfreeswan/ipsec_life.h
+++ b/src/libfreeswan/ipsec_life.h
@@ -88,25 +88,3 @@ enum ipsec_life_type {
#define _IPSEC_LIFE_H_
#endif /* _IPSEC_LIFE_H_ */
-
-
-/*
- * $Log: ipsec_life.h,v $
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.3 2002/04/24 07:36:46 mcr
- * Moved from ./klips/net/ipsec/ipsec_life.h,v
- *
- * Revision 1.2 2001/11/26 09:16:14 rgb
- * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
- *
- * Revision 1.1.2.1 2001/09/25 02:25:58 mcr
- * lifetime structure created and common functions created.
- *
- *
- * Local variables:
- * c-file-style: "linux"
- * End:
- *
- */
diff --git a/src/libfreeswan/ipsec_md5h.h b/src/libfreeswan/ipsec_md5h.h
index 3fc54bc82..a79c8256f 100644
--- a/src/libfreeswan/ipsec_md5h.h
+++ b/src/libfreeswan/ipsec_md5h.h
@@ -81,60 +81,3 @@ void MD5Update PROTO_LIST
void MD5Final PROTO_LIST ((unsigned char [16], void *));
#endif /* _IPSEC_MD5H_H_ */
-
-/*
- * $Log: ipsec_md5h.h,v $
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.8 2002/09/10 01:45:09 mcr
- * changed type of MD5_CTX and SHA1_CTX to void * so that
- * the function prototypes would match, and could be placed
- * into a pointer to a function.
- *
- * Revision 1.7 2002/04/24 07:36:46 mcr
- * Moved from ./klips/net/ipsec/ipsec_md5h.h,v
- *
- * Revision 1.6 1999/12/13 13:59:13 rgb
- * Quick fix to argument size to Update bugs.
- *
- * Revision 1.5 1999/12/07 18:16:23 rgb
- * Fixed comments at end of #endif lines.
- *
- * Revision 1.4 1999/04/06 04:54:26 rgb
- * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
- * patch shell fixes.
- *
- * Revision 1.3 1999/01/22 06:19:58 rgb
- * 64-bit clean-up.
- *
- * Revision 1.2 1998/11/30 13:22:54 rgb
- * Rationalised all the klips kernel file headers. They are much shorter
- * now and won't conflict under RH5.2.
- *
- * Revision 1.1 1998/06/18 21:27:48 henry
- * move sources from klips/src to klips/net/ipsec, to keep stupid
- * kernel-build scripts happier in the presence of symlinks
- *
- * Revision 1.2 1998/04/23 20:54:03 rgb
- * Fixed md5 and sha1 include file nesting issues, to be cleaned up when
- * verified.
- *
- * Revision 1.1 1998/04/09 03:04:21 henry
- * sources moved up from linux/net/ipsec
- * these two include files modified not to include others except in kernel
- *
- * Revision 1.1.1.1 1998/04/08 05:35:03 henry
- * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
- *
- * Revision 0.4 1997/01/15 01:28:15 ji
- * No changes.
- *
- * Revision 0.3 1996/11/20 14:48:53 ji
- * Release update only.
- *
- * Revision 0.2 1996/11/02 00:18:33 ji
- * First limited release.
- *
- *
- */
diff --git a/src/libfreeswan/ipsec_rcv.h b/src/libfreeswan/ipsec_rcv.h
index 3ae239bf9..063ccf462 100644
--- a/src/libfreeswan/ipsec_rcv.h
+++ b/src/libfreeswan/ipsec_rcv.h
@@ -70,127 +70,3 @@ extern int debug_rcv;
#endif /* CONFIG_IPSEC_DEBUG */
extern int sysctl_ipsec_inbound_policy_check;
#endif /* __KERNEL__ */
-
-/*
- * $Log: ipsec_rcv.h,v $
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.17 2002/09/03 16:32:32 mcr
- * definitions of ipsec_birth_reply.
- *
- * Revision 1.16 2002/05/14 02:36:00 rgb
- * Change references to _TDB to _IPSA.
- *
- * Revision 1.15 2002/04/24 07:36:47 mcr
- * Moved from ./klips/net/ipsec/ipsec_rcv.h,v
- *
- * Revision 1.14 2001/09/07 22:15:48 rgb
- * Fix for removal of transport layer protocol handler arg in 2.4.4.
- *
- * Revision 1.13 2001/06/14 19:35:09 rgb
- * Update copyright date.
- *
- * Revision 1.12 2001/03/16 07:36:44 rgb
- * Fixed #endif comment to sate compiler.
- *
- * Revision 1.11 2000/09/21 04:34:21 rgb
- * Moved declaration of sysctl_ipsec_inbound_policy_check outside
- * CONFIG_IPSEC_DEBUG. (MB)
- *
- * Revision 1.10 2000/09/18 02:36:10 rgb
- * Exported sysctl_ipsec_inbound_policy_check for skb_decompress().
- *
- * Revision 1.9 2000/09/08 19:12:56 rgb
- * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
- *
- * Revision 1.8 1999/11/18 04:09:19 rgb
- * Replaced all kernel version macros to shorter, readable form.
- *
- * Revision 1.7 1999/05/25 01:45:37 rgb
- * Fix version macros for 2.0.x as a module.
- *
- * Revision 1.6 1999/05/08 21:24:27 rgb
- * Add includes for 2.2.x include into net/ipv4/protocol.c
- *
- * Revision 1.5 1999/05/05 22:02:32 rgb
- * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
- *
- * Revision 1.4 1999/04/11 00:28:59 henry
- * GPL boilerplate
- *
- * Revision 1.3 1999/04/06 04:54:27 rgb
- * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
- * patch shell fixes.
- *
- * Revision 1.2 1999/01/22 20:06:59 rgb
- * Fixed cut-and-paste error from ipsec_esp.h.
- *
- * Revision 1.1 1999/01/21 20:29:12 rgb
- * Converted from transform switching to algorithm switching.
- *
- * Log: ipsec_esp.h,v
- * Revision 1.4 1998/08/12 00:07:32 rgb
- * Added data structures for new xforms: null, {,3}dessha1.
- *
- * Revision 1.3 1998/07/14 15:57:01 rgb
- * Add #ifdef __KERNEL__ to protect kernel-only structures.
- *
- * Revision 1.2 1998/06/25 19:33:46 rgb
- * Add prototype for protocol receive function.
- * Rearrange for more logical layout.
- *
- * Revision 1.1 1998/06/18 21:27:45 henry
- * move sources from klips/src to klips/net/ipsec, to keep stupid
- * kernel-build scripts happier in the presence of symlinks
- *
- * Revision 1.6 1998/06/05 02:28:08 rgb
- * Minor comment fix.
- *
- * Revision 1.5 1998/05/27 22:34:00 rgb
- * Changed structures to accomodate key separation.
- *
- * Revision 1.4 1998/05/18 22:28:43 rgb
- * Disable key printing facilities from /proc/net/ipsec_*.
- *
- * Revision 1.3 1998/04/21 21:29:07 rgb
- * Rearrange debug switches to change on the fly debug output from user
- * space. Only kernel changes checked in at this time. radij.c was also
- * changed to temporarily remove buggy debugging code in rj_delete causing
- * an OOPS and hence, netlink device open errors.
- *
- * Revision 1.2 1998/04/12 22:03:20 rgb
- * Updated ESP-3DES-HMAC-MD5-96,
- * ESP-DES-HMAC-MD5-96,
- * AH-HMAC-MD5-96,
- * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
- * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
- *
- * Fixed eroute references in /proc/net/ipsec*.
- *
- * Started to patch module unloading memory leaks in ipsec_netlink and
- * radij tree unloading.
- *
- * Revision 1.1 1998/04/09 03:06:00 henry
- * sources moved up from linux/net/ipsec
- *
- * Revision 1.1.1.1 1998/04/08 05:35:02 henry
- * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
- *
- * Revision 0.5 1997/06/03 04:24:48 ji
- * Added ESP-3DES-MD5-96 transform.
- *
- * Revision 0.4 1997/01/15 01:28:15 ji
- * Added definitions for new ESP transforms.
- *
- * Revision 0.3 1996/11/20 14:35:48 ji
- * Minor Cleanup.
- * Rationalized debugging code.
- *
- * Revision 0.2 1996/11/02 00:18:33 ji
- * First limited release.
- *
- *
- */
-
-
diff --git a/src/libfreeswan/ipsec_sa.h b/src/libfreeswan/ipsec_sa.h
index 555df42d3..4dd682569 100644
--- a/src/libfreeswan/ipsec_sa.h
+++ b/src/libfreeswan/ipsec_sa.h
@@ -250,89 +250,3 @@ enum ipsec_direction {
#define _IPSEC_SA_H_
#endif /* _IPSEC_SA_H_ */
-
-/*
- * $Log: ipsec_sa.h,v $
- * Revision 1.3 2004/04/28 08:07:11 as
- * added dhr's freeswan-2.06 changes
- *
- * Revision 1.2 2004/03/22 21:53:18 as
- * merged alg-0.8.1 branch with HEAD
- *
- * Revision 1.1.2.1.2.1 2004/03/16 09:48:18 as
- * alg-0.8.1rc12 patch merged
- *
- * Revision 1.1.2.1 2004/03/15 22:30:06 as
- * nat-0.6c patch merged
- *
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.15 2003/05/11 00:53:09 mcr
- * IPsecSAref_t and macros were moved to freeswan.h.
- *
- * Revision 1.14 2003/02/12 19:31:55 rgb
- * Fixed bug in "file seen" machinery.
- * Updated copyright year.
- *
- * Revision 1.13 2003/01/30 02:31:52 rgb
- *
- * Re-wrote comments describing SAref system for accuracy.
- * Rename SAref table macro names for clarity.
- * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
- * Transmit error code through to caller from callee for better diagnosis of problems.
- * Enclose all macro arguments in parens to avoid any possible obscrure bugs.
- *
- * Revision 1.12 2002/10/07 18:31:19 rgb
- * Change comment to reflect the flexible nature of the main and sub-table widths.
- * Added a counter for the number of unused entries in each subtable.
- * Further break up host field type macro to host field.
- * Move field width sanity checks to ipsec_sa.c
- * Define a mask for an entire saref.
- *
- * Revision 1.11 2002/09/20 15:40:33 rgb
- * Re-write most of the SAref macros and types to eliminate any pointer references to Entrys.
- * Fixed SAref/nfmark macros.
- * Rework saref freeslist.
- * Place all ipsec sadb globals into one struct.
- * Restrict some bits to kernel context for use to klips utils.
- *
- * Revision 1.10 2002/09/20 05:00:34 rgb
- * Update copyright date.
- *
- * Revision 1.9 2002/09/17 17:19:29 mcr
- * make it compile even if there is no netfilter - we lost
- * functionality, but it works, especially on 2.2.
- *
- * Revision 1.8 2002/07/28 22:59:53 mcr
- * clarified/expanded one comment.
- *
- * Revision 1.7 2002/07/26 08:48:31 rgb
- * Added SA ref table code.
- *
- * Revision 1.6 2002/05/31 17:27:48 rgb
- * Comment fix.
- *
- * Revision 1.5 2002/05/27 18:55:03 rgb
- * Remove final vistiges of tdb references via IPSEC_KLIPS1_COMPAT.
- *
- * Revision 1.4 2002/05/23 07:13:36 rgb
- * Convert "usecount" to "refcount" to remove ambiguity.
- *
- * Revision 1.3 2002/04/24 07:36:47 mcr
- * Moved from ./klips/net/ipsec/ipsec_sa.h,v
- *
- * Revision 1.2 2001/11/26 09:16:15 rgb
- * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
- *
- * Revision 1.1.2.1 2001/09/25 02:24:58 mcr
- * struct tdb -> struct ipsec_sa.
- * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c
- * ipsec_xform.c removed. header file still contains useful things.
- *
- *
- * Local variables:
- * c-file-style: "linux"
- * End:
- *
- */
diff --git a/src/libfreeswan/ipsec_sha1.h b/src/libfreeswan/ipsec_sha1.h
index 116170e6b..1319081ad 100644
--- a/src/libfreeswan/ipsec_sha1.h
+++ b/src/libfreeswan/ipsec_sha1.h
@@ -30,50 +30,3 @@ void SHA1Final(unsigned char digest[20], void *context);
#endif /* _IPSEC_SHA1_H_ */
-
-/*
- * $Log: ipsec_sha1.h,v $
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.7 2002/09/10 01:45:09 mcr
- * changed type of MD5_CTX and SHA1_CTX to void * so that
- * the function prototypes would match, and could be placed
- * into a pointer to a function.
- *
- * Revision 1.6 2002/04/24 07:36:47 mcr
- * Moved from ./klips/net/ipsec/ipsec_sha1.h,v
- *
- * Revision 1.5 1999/12/13 13:59:13 rgb
- * Quick fix to argument size to Update bugs.
- *
- * Revision 1.4 1999/12/07 18:16:23 rgb
- * Fixed comments at end of #endif lines.
- *
- * Revision 1.3 1999/04/06 04:54:27 rgb
- * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
- * patch shell fixes.
- *
- * Revision 1.2 1998/11/30 13:22:54 rgb
- * Rationalised all the klips kernel file headers. They are much shorter
- * now and won't conflict under RH5.2.
- *
- * Revision 1.1 1998/06/18 21:27:50 henry
- * move sources from klips/src to klips/net/ipsec, to keep stupid
- * kernel-build scripts happier in the presence of symlinks
- *
- * Revision 1.2 1998/04/23 20:54:05 rgb
- * Fixed md5 and sha1 include file nesting issues, to be cleaned up when
- * verified.
- *
- * Revision 1.1 1998/04/09 03:04:21 henry
- * sources moved up from linux/net/ipsec
- * these two include files modified not to include others except in kernel
- *
- * Revision 1.1.1.1 1998/04/08 05:35:04 henry
- * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
- *
- * Revision 0.4 1997/01/15 01:28:15 ji
- * New transform
- *
- */
diff --git a/src/libfreeswan/ipsec_tunnel.h b/src/libfreeswan/ipsec_tunnel.h
index 3b25e95e1..672755946 100644
--- a/src/libfreeswan/ipsec_tunnel.h
+++ b/src/libfreeswan/ipsec_tunnel.h
@@ -16,6 +16,7 @@
* RCSID $Id: ipsec_tunnel.h,v 1.1 2004/03/15 20:35:25 as Exp $
*/
+#include <linux/types.h>
#ifdef NET_21
# define DEV_QUEUE_XMIT(skb, device, pri) {\
@@ -125,141 +126,3 @@ extern int sysctl_ipsec_debug_verbose;
#define DB_TN_OXFS 0x0080
#define DB_TN_REVEC 0x0100
#endif /* CONFIG_IPSEC_DEBUG */
-
-/*
- * $Log: ipsec_tunnel.h,v $
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.28 2003/06/24 20:22:32 mcr
- * added new global: ipsecdevices[] so that we can keep track of
- * the ipsecX devices. They will be referenced with dev_hold(),
- * so 2.2 may need this as well.
- *
- * Revision 1.27 2003/04/03 17:38:09 rgb
- * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}.
- *
- * Revision 1.26 2003/02/12 19:32:20 rgb
- * Updated copyright year.
- *
- * Revision 1.25 2002/05/27 18:56:07 rgb
- * Convert to dynamic ipsec device allocation.
- *
- * Revision 1.24 2002/04/24 07:36:48 mcr
- * Moved from ./klips/net/ipsec/ipsec_tunnel.h,v
- *
- * Revision 1.23 2001/11/06 19:50:44 rgb
- * Moved IP_SEND, ICMP_SEND, DEV_QUEUE_XMIT macros to ipsec_tunnel.h for
- * use also by pfkey_v2_parser.c
- *
- * Revision 1.22 2001/09/15 16:24:05 rgb
- * Re-inject first and last HOLD packet when an eroute REPLACE is done.
- *
- * Revision 1.21 2001/06/14 19:35:10 rgb
- * Update copyright date.
- *
- * Revision 1.20 2000/09/15 11:37:02 rgb
- * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
- * IPCOMP zlib deflate code.
- *
- * Revision 1.19 2000/09/08 19:12:56 rgb
- * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
- *
- * Revision 1.18 2000/07/28 13:50:54 rgb
- * Changed enet_statistics to net_device_stats and added back compatibility
- * for pre-2.1.19.
- *
- * Revision 1.17 1999/11/19 01:12:15 rgb
- * Purge unneeded proc_info prototypes, now that static linking uses
- * dynamic proc_info registration.
- *
- * Revision 1.16 1999/11/18 18:51:00 rgb
- * Changed all device registrations for static linking to
- * dynamic to reduce the number and size of patches.
- *
- * Revision 1.15 1999/11/18 04:14:21 rgb
- * Replaced all kernel version macros to shorter, readable form.
- * Added CONFIG_PROC_FS compiler directives in case it is shut off.
- * Added Marc Boucher's 2.3.25 proc patches.
- *
- * Revision 1.14 1999/05/25 02:50:10 rgb
- * Fix kernel version macros for 2.0.x static linking.
- *
- * Revision 1.13 1999/05/25 02:41:06 rgb
- * Add ipsec_klipsdebug support for static linking.
- *
- * Revision 1.12 1999/05/05 22:02:32 rgb
- * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
- *
- * Revision 1.11 1999/04/29 15:19:50 rgb
- * Add return values to init and cleanup functions.
- *
- * Revision 1.10 1999/04/16 16:02:39 rgb
- * Bump up macro to 4 ipsec I/Fs.
- *
- * Revision 1.9 1999/04/15 15:37:25 rgb
- * Forward check changes from POST1_00 branch.
- *
- * Revision 1.5.2.1 1999/04/02 04:26:14 rgb
- * Backcheck from HEAD, pre1.0.
- *
- * Revision 1.8 1999/04/11 00:29:01 henry
- * GPL boilerplate
- *
- * Revision 1.7 1999/04/06 04:54:28 rgb
- * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
- * patch shell fixes.
- *
- * Revision 1.6 1999/03/31 05:44:48 rgb
- * Keep PMTU reduction private.
- *
- * Revision 1.5 1999/02/10 22:31:20 rgb
- * Change rebuild_header member to reflect generality of link layer.
- *
- * Revision 1.4 1998/12/01 13:22:04 rgb
- * Added support for debug printing of version info.
- *
- * Revision 1.3 1998/07/29 20:42:46 rgb
- * Add a macro for clearing all tunnel devices.
- * Rearrange structures and declarations for sharing with userspace.
- *
- * Revision 1.2 1998/06/25 20:01:45 rgb
- * Make prototypes available for ipsec_init and ipsec proc_dir_entries
- * for static linking.
- *
- * Revision 1.1 1998/06/18 21:27:50 henry
- * move sources from klips/src to klips/net/ipsec, to keep stupid
- * kernel-build scripts happier in the presence of symlinks
- *
- * Revision 1.3 1998/05/18 21:51:50 rgb
- * Added macros for num of I/F's and a procfs debug switch.
- *
- * Revision 1.2 1998/04/21 21:29:09 rgb
- * Rearrange debug switches to change on the fly debug output from user
- * space. Only kernel changes checked in at this time. radij.c was also
- * changed to temporarily remove buggy debugging code in rj_delete causing
- * an OOPS and hence, netlink device open errors.
- *
- * Revision 1.1 1998/04/09 03:06:13 henry
- * sources moved up from linux/net/ipsec
- *
- * Revision 1.1.1.1 1998/04/08 05:35:05 henry
- * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
- *
- * Revision 0.5 1997/06/03 04:24:48 ji
- * Added transport mode.
- * Changed the way routing is done.
- * Lots of bug fixes.
- *
- * Revision 0.4 1997/01/15 01:28:15 ji
- * No changes.
- *
- * Revision 0.3 1996/11/20 14:39:04 ji
- * Minor cleanups.
- * Rationalized debugging code.
- *
- * Revision 0.2 1996/11/02 00:18:33 ji
- * First limited release.
- *
- *
- */
diff --git a/src/libfreeswan/ipsec_xform.h b/src/libfreeswan/ipsec_xform.h
index 1dc6b6083..80beb7345 100644
--- a/src/libfreeswan/ipsec_xform.h
+++ b/src/libfreeswan/ipsec_xform.h
@@ -82,193 +82,3 @@ static inline const char *auth_name_id (unsigned id) {
#define _IPSEC_XFORM_H_
#endif /* _IPSEC_XFORM_H_ */
-
-/*
- * $Log: ipsec_xform.h,v $
- * Revision 1.3 2004/09/29 22:26:13 as
- * included ipsec_policy.h
- *
- * Revision 1.2 2004/03/22 21:53:18 as
- * merged alg-0.8.1 branch with HEAD
- *
- * Revision 1.1.4.1 2004/03/16 09:48:18 as
- * alg-0.8.1rc12 patch merged
- *
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.36 2002/04/24 07:36:48 mcr
- * Moved from ./klips/net/ipsec/ipsec_xform.h,v
- *
- * Revision 1.35 2001/11/26 09:23:51 rgb
- * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
- *
- * Revision 1.33.2.1 2001/09/25 02:24:58 mcr
- * struct tdb -> struct ipsec_sa.
- * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c
- * ipsec_xform.c removed. header file still contains useful things.
- *
- * Revision 1.34 2001/11/06 19:47:17 rgb
- * Changed lifetime_packets to uint32 from uint64.
- *
- * Revision 1.33 2001/09/08 21:13:34 rgb
- * Added pfkey ident extension support for ISAKMPd. (NetCelo)
- *
- * Revision 1.32 2001/07/06 07:40:01 rgb
- * Reformatted for readability.
- * Added inbound policy checking fields for use with IPIP SAs.
- *
- * Revision 1.31 2001/06/14 19:35:11 rgb
- * Update copyright date.
- *
- * Revision 1.30 2001/05/30 08:14:03 rgb
- * Removed vestiges of esp-null transforms.
- *
- * Revision 1.29 2001/01/30 23:42:47 rgb
- * Allow pfkey msgs from pid other than user context required for ACQUIRE
- * and subsequent ADD or UDATE.
- *
- * Revision 1.28 2000/11/06 04:30:40 rgb
- * Add Svenning's adaptive content compression.
- *
- * Revision 1.27 2000/09/19 00:38:25 rgb
- * Fixed algorithm name bugs introduced for ipcomp.
- *
- * Revision 1.26 2000/09/17 21:36:48 rgb
- * Added proto2txt macro.
- *
- * Revision 1.25 2000/09/17 18:56:47 rgb
- * Added IPCOMP support.
- *
- * Revision 1.24 2000/09/12 19:34:12 rgb
- * Defined XF_IP6 from Gerhard for ipv6 tunnel support.
- *
- * Revision 1.23 2000/09/12 03:23:14 rgb
- * Cleaned out now unused tdb_xform and tdb_xdata members of struct tdb.
- *
- * Revision 1.22 2000/09/08 19:12:56 rgb
- * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
- *
- * Revision 1.21 2000/09/01 18:32:43 rgb
- * Added (disabled) sensitivity members to tdb struct.
- *
- * Revision 1.20 2000/08/30 05:31:01 rgb
- * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst.
- * Kill remainder of tdb_xform, tdb_xdata, xformsw.
- *
- * Revision 1.19 2000/08/01 14:51:52 rgb
- * Removed _all_ remaining traces of DES.
- *
- * Revision 1.18 2000/01/21 06:17:45 rgb
- * Tidied up spacing.
- *
- * Revision 1.17 1999/11/17 15:53:40 rgb
- * Changed all occurrences of #include "../../../lib/freeswan.h"
- * to #include <freeswan.h> which works due to -Ilibfreeswan in the
- * klips/net/ipsec/Makefile.
- *
- * Revision 1.16 1999/10/16 04:23:07 rgb
- * Add stats for replaywin_errs, replaywin_max_sequence_difference,
- * authentication errors, encryption size errors, encryption padding
- * errors, and time since last packet.
- *
- * Revision 1.15 1999/10/16 00:29:11 rgb
- * Added SA lifetime packet counting variables.
- *
- * Revision 1.14 1999/10/01 00:04:14 rgb
- * Added tdb structure locking.
- * Add function to initialize tdb hash table.
- *
- * Revision 1.13 1999/04/29 15:20:57 rgb
- * dd return values to init and cleanup functions.
- * Eliminate unnessessary usage of tdb_xform member to further switch
- * away from the transform switch to the algorithm switch.
- * Change gettdb parameter to a pointer to reduce stack loading and
- * facilitate parameter sanity checking.
- * Add a parameter to tdbcleanup to be able to delete a class of SAs.
- *
- * Revision 1.12 1999/04/15 15:37:25 rgb
- * Forward check changes from POST1_00 branch.
- *
- * Revision 1.9.2.2 1999/04/13 20:35:57 rgb
- * Fix spelling mistake in comment.
- *
- * Revision 1.9.2.1 1999/03/30 17:13:52 rgb
- * Extend struct tdb to support pfkey.
- *
- * Revision 1.11 1999/04/11 00:29:01 henry
- * GPL boilerplate
- *
- * Revision 1.10 1999/04/06 04:54:28 rgb
- * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
- * patch shell fixes.
- *
- * Revision 1.9 1999/01/26 02:09:31 rgb
- * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
- * Removed dead code.
- *
- * Revision 1.8 1999/01/22 06:29:35 rgb
- * Added algorithm switch code.
- * Cruft clean-out.
- *
- * Revision 1.7 1998/11/10 05:37:35 rgb
- * Add support for SA direction flag.
- *
- * Revision 1.6 1998/10/19 14:44:29 rgb
- * Added inclusion of freeswan.h.
- * sa_id structure implemented and used: now includes protocol.
- *
- * Revision 1.5 1998/08/12 00:12:30 rgb
- * Added macros for new xforms. Added prototypes for new xforms.
- *
- * Revision 1.4 1998/07/28 00:04:20 rgb
- * Add macro for clearing the SA table.
- *
- * Revision 1.3 1998/07/14 18:06:46 rgb
- * Added #ifdef __KERNEL__ directives to restrict scope of header.
- *
- * Revision 1.2 1998/06/23 03:02:19 rgb
- * Created a prototype for ipsec_tdbcleanup when it was moved from
- * ipsec_init.c.
- *
- * Revision 1.1 1998/06/18 21:27:51 henry
- * move sources from klips/src to klips/net/ipsec, to keep stupid
- * kernel-build scripts happier in the presence of symlinks
- *
- * Revision 1.4 1998/06/11 05:55:31 rgb
- * Added transform version string pointer to xformsw structure definition.
- * Added extern declarations for transform version strings.
- *
- * Revision 1.3 1998/05/18 22:02:54 rgb
- * Modify the *_zeroize function prototypes to include one parameter.
- *
- * Revision 1.2 1998/04/21 21:29:08 rgb
- * Rearrange debug switches to change on the fly debug output from user
- * space. Only kernel changes checked in at this time. radij.c was also
- * changed to temporarily remove buggy debugging code in rj_delete causing
- * an OOPS and hence, netlink device open errors.
- *
- * Revision 1.1 1998/04/09 03:06:14 henry
- * sources moved up from linux/net/ipsec
- *
- * Revision 1.1.1.1 1998/04/08 05:35:06 henry
- * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
- *
- * Revision 0.5 1997/06/03 04:24:48 ji
- * Added ESP-3DES-MD5-96
- *
- * Revision 0.4 1997/01/15 01:28:15 ji
- * Added new transforms.
- *
- * Revision 0.3 1996/11/20 14:39:04 ji
- * Minor cleanups.
- * Rationalized debugging code.
- *
- * Revision 0.2 1996/11/02 00:18:33 ji
- * First limited release.
- *
- * Local variables:
- * c-file-style: "linux"
- * End:
- *
- */
diff --git a/src/libfreeswan/pfkey.h b/src/libfreeswan/pfkey.h
index afa5ce032..01c404677 100644
--- a/src/libfreeswan/pfkey.h
+++ b/src/libfreeswan/pfkey.h
@@ -324,175 +324,3 @@ pfkey_v2_sadb_type_string(int sadb_type);
#endif /* __NET_IPSEC_PF_KEY_H */
-
-/*
- * $Log: pfkey.h,v $
- * Revision 1.2 2004/03/22 21:53:18 as
- * merged alg-0.8.1 branch with HEAD
- *
- * Revision 1.1.2.1.2.1 2004/03/16 09:48:18 as
- * alg-0.8.1rc12 patch merged
- *
- * Revision 1.1.2.1 2004/03/15 22:30:06 as
- * nat-0.6c patch merged
- *
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.42 2003/08/25 22:08:19 mcr
- * removed pfkey_proto_init() from pfkey.h for 2.6 support.
- *
- * Revision 1.41 2003/05/07 17:28:57 mcr
- * new function pfkey_debug_func added for us in debugging from
- * pfkey library.
- *
- * Revision 1.40 2003/01/30 02:31:34 rgb
- *
- * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
- *
- * Revision 1.39 2002/09/20 15:40:21 rgb
- * Switch from pfkey_alloc_ipsec_sa() to ipsec_sa_alloc().
- * Added ref parameter to pfkey_sa_build().
- * Cleaned out unused cruft.
- *
- * Revision 1.38 2002/05/14 02:37:24 rgb
- * Change all references to tdb, TDB or Tunnel Descriptor Block to ips,
- * ipsec_sa or ipsec_sa.
- * Added function prototypes for the functions moved to
- * pfkey_v2_ext_process.c.
- *
- * Revision 1.37 2002/04/24 07:36:49 mcr
- * Moved from ./lib/pfkey.h,v
- *
- * Revision 1.36 2002/01/20 20:34:49 mcr
- * added pfkey_v2_sadb_type_string to decode sadb_type to string.
- *
- * Revision 1.35 2001/11/27 05:27:47 mcr
- * pfkey parses are now maintained by a structure
- * that includes their name for debug purposes.
- *
- * Revision 1.34 2001/11/26 09:23:53 rgb
- * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
- *
- * Revision 1.33 2001/11/06 19:47:47 rgb
- * Added packet parameter to lifetime and comb structures.
- *
- * Revision 1.32 2001/09/08 21:13:34 rgb
- * Added pfkey ident extension support for ISAKMPd. (NetCelo)
- *
- * Revision 1.31 2001/06/14 19:35:16 rgb
- * Update copyright date.
- *
- * Revision 1.30 2001/02/27 07:04:52 rgb
- * Added satype2name prototype.
- *
- * Revision 1.29 2001/02/26 19:59:33 rgb
- * Ditch unused sadb_satype2proto[], replaced by satype2proto().
- *
- * Revision 1.28 2000/10/10 20:10:19 rgb
- * Added support for debug_ipcomp and debug_verbose to klipsdebug.
- *
- * Revision 1.27 2000/09/21 04:20:45 rgb
- * Fixed array size off-by-one error. (Thanks Svenning!)
- *
- * Revision 1.26 2000/09/12 03:26:05 rgb
- * Added pfkey_acquire prototype.
- *
- * Revision 1.25 2000/09/08 19:21:28 rgb
- * Fix pfkey_prop_build() parameter to be only single indirection.
- *
- * Revision 1.24 2000/09/01 18:46:42 rgb
- * Added a supported algorithms array lists, one per satype and registered
- * existing algorithms.
- * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to
- * list.
- *
- * Revision 1.23 2000/08/27 01:55:26 rgb
- * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code.
- *
- * Revision 1.22 2000/08/20 21:39:23 rgb
- * Added kernel prototypes for kernel funcitions pfkey_upmsg() and
- * pfkey_expire().
- *
- * Revision 1.21 2000/08/15 17:29:23 rgb
- * Fixes from SZI to untested pfkey_prop_build().
- *
- * Revision 1.20 2000/05/10 20:14:19 rgb
- * Fleshed out sensitivity, proposal and supported extensions.
- *
- * Revision 1.19 2000/03/16 14:07:23 rgb
- * Renamed ALIGN macro to avoid fighting with others in kernel.
- *
- * Revision 1.18 2000/01/22 23:24:06 rgb
- * Added prototypes for proto2satype(), satype2proto() and proto2name().
- *
- * Revision 1.17 2000/01/21 06:26:59 rgb
- * Converted from double tdb arguments to one structure (extr)
- * containing pointers to all temporary information structures.
- * Added klipsdebug switching capability.
- * Dropped unused argument to pfkey_x_satype_build().
- *
- * Revision 1.16 1999/12/29 21:17:41 rgb
- * Changed pfkey_msg_build() I/F to include a struct sadb_msg**
- * parameter for cleaner manipulation of extensions[] and to guard
- * against potential memory leaks.
- * Changed the I/F to pfkey_msg_free() for the same reason.
- *
- * Revision 1.15 1999/12/09 23:12:54 rgb
- * Added macro for BITS_PER_OCTET.
- * Added argument to pfkey_sa_build() to do eroutes.
- *
- * Revision 1.14 1999/12/08 20:33:25 rgb
- * Changed sa_family_t to uint16_t for 2.0.xx compatibility.
- *
- * Revision 1.13 1999/12/07 19:53:40 rgb
- * Removed unused first argument from extension parsers.
- * Changed __u* types to uint* to avoid use of asm/types.h and
- * sys/types.h in userspace code.
- * Added function prototypes for pfkey message and extensions
- * initialisation and cleanup.
- *
- * Revision 1.12 1999/12/01 22:19:38 rgb
- * Change pfkey_sa_build to accept an SPI in network byte order.
- *
- * Revision 1.11 1999/11/27 11:55:26 rgb
- * Added extern sadb_satype2proto to enable moving protocol lookup table
- * to lib/pfkey_v2_parse.c.
- * Delete unused, moved typedefs.
- * Add argument to pfkey_msg_parse() for direction.
- * Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
- *
- * Revision 1.10 1999/11/23 22:29:21 rgb
- * This file has been moved in the distribution from klips/net/ipsec to
- * lib.
- * Add macros for dealing with alignment and rounding up more opaquely.
- * The uint<n>_t type defines have been moved to freeswan.h to avoid
- * chicken-and-egg problems.
- * Add macros for dealing with alignment and rounding up more opaque.
- * Added prototypes for using extention header bitmaps.
- * Added prototypes of all the build functions.
- *
- * Revision 1.9 1999/11/20 21:59:48 rgb
- * Moved socketlist type declarations and prototypes for shared use.
- * Slightly modified scope of sockaddr_key declaration.
- *
- * Revision 1.8 1999/11/17 14:34:25 rgb
- * Protect sa_family_t from being used in userspace with GLIBC<2.
- *
- * Revision 1.7 1999/10/27 19:40:35 rgb
- * Add a maximum PFKEY packet size macro.
- *
- * Revision 1.6 1999/10/26 16:58:58 rgb
- * Created a sockaddr_key and key_opt socket extension structures.
- *
- * Revision 1.5 1999/06/10 05:24:41 rgb
- * Renamed variables to reduce confusion.
- *
- * Revision 1.4 1999/04/29 15:21:11 rgb
- * Add pfkey support to debugging.
- * Add return values to init and cleanup functions.
- *
- * Revision 1.3 1999/04/15 17:58:07 rgb
- * Add RCSID labels.
- *
- */
diff --git a/src/libfreeswan/pfkey_v2_debug.c b/src/libfreeswan/pfkey_v2_debug.c
index 8430766aa..8b4be384f 100644
--- a/src/libfreeswan/pfkey_v2_debug.c
+++ b/src/libfreeswan/pfkey_v2_debug.c
@@ -126,52 +126,3 @@ pfkey_v2_sadb_type_string(int sadb_type)
return "unknown-sadb-type";
}
}
-
-
-
-
-/*
- * $Log: pfkey_v2_debug.c,v $
- * Revision 1.2 2004/03/22 21:53:18 as
- * merged alg-0.8.1 branch with HEAD
- *
- * Revision 1.1.2.1 2004/03/15 22:30:06 as
- * nat-0.6c patch merged
- *
- * Revision 1.1 2004/03/15 20:35:26 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.7 2002/09/20 05:01:26 rgb
- * Fixed limit inclusion error in both type and ext string conversion.
- *
- * Revision 1.6 2002/04/24 07:55:32 mcr
- * #include patches and Makefiles for post-reorg compilation.
- *
- * Revision 1.5 2002/04/24 07:36:40 mcr
- * Moved from ./lib/pfkey_v2_debug.c,v
- *
- * Revision 1.4 2002/01/29 22:25:36 rgb
- * Re-add ipsec_kversion.h to keep MALLOC happy.
- *
- * Revision 1.3 2002/01/29 01:59:09 mcr
- * removal of kversions.h - sources that needed it now use ipsec_param.h.
- * updating of IPv6 structures to match latest in6.h version.
- * removed dead code from freeswan.h that also duplicated kversions.h
- * code.
- *
- * Revision 1.2 2002/01/20 20:34:50 mcr
- * added pfkey_v2_sadb_type_string to decode sadb_type to string.
- *
- * Revision 1.1 2001/11/27 05:30:06 mcr
- * initial set of debug strings for pfkey debugging.
- * this will eventually only be included for debug builds.
- *
- * Revision 1.1 2001/09/21 04:12:03 mcr
- * first compilable version.
- *
- *
- * Local variables:
- * c-file-style: "linux"
- * End:
- *
- */
diff --git a/src/libfreeswan/pfkey_v2_ext_bits.c b/src/libfreeswan/pfkey_v2_ext_bits.c
index b41941848..280438750 100644
--- a/src/libfreeswan/pfkey_v2_ext_bits.c
+++ b/src/libfreeswan/pfkey_v2_ext_bits.c
@@ -722,68 +722,3 @@ unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/]
}
}
};
-
-/*
- * $Log: pfkey_v2_ext_bits.c,v $
- * Revision 1.2 2004/03/22 21:53:18 as
- * merged alg-0.8.1 branch with HEAD
- *
- * Revision 1.1.2.1 2004/03/15 22:30:06 as
- * nat-0.6c patch merged
- *
- * Revision 1.1 2004/03/15 20:35:26 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.15 2002/04/24 07:55:32 mcr
- * #include patches and Makefiles for post-reorg compilation.
- *
- * Revision 1.14 2002/04/24 07:36:40 mcr
- * Moved from ./lib/pfkey_v2_ext_bits.c,v
- *
- * Revision 1.13 2002/01/29 22:25:36 rgb
- * Re-add ipsec_kversion.h to keep MALLOC happy.
- *
- * Revision 1.12 2002/01/29 01:59:10 mcr
- * removal of kversions.h - sources that needed it now use ipsec_param.h.
- * updating of IPv6 structures to match latest in6.h version.
- * removed dead code from freeswan.h that also duplicated kversions.h
- * code.
- *
- * Revision 1.11 2001/10/18 04:45:24 rgb
- * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h,
- * lib/freeswan.h version macros moved to lib/kversions.h.
- * Other compiler directive cleanups.
- *
- * Revision 1.10 2001/09/08 21:13:35 rgb
- * Added pfkey ident extension support for ISAKMPd. (NetCelo)
- *
- * Revision 1.9 2001/06/14 19:35:16 rgb
- * Update copyright date.
- *
- * Revision 1.8 2001/03/26 23:07:36 rgb
- * Remove requirement for auth and enc key from UPDATE.
- *
- * Revision 1.7 2000/09/12 22:35:37 rgb
- * Restructured to remove unused extensions from CLEARFLOW messages.
- *
- * Revision 1.6 2000/09/09 06:39:01 rgb
- * Added comments for clarity.
- *
- * Revision 1.5 2000/06/02 22:54:14 rgb
- * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support.
- *
- * Revision 1.4 2000/01/21 06:27:56 rgb
- * Added address cases for eroute flows.
- * Added comments for each message type.
- * Added klipsdebug switching capability.
- * Fixed GRPSA bitfields.
- *
- * Revision 1.3 1999/12/01 22:20:27 rgb
- * Remove requirement for a proxy address in an incoming getspi message.
- *
- * Revision 1.2 1999/11/27 11:57:06 rgb
- * Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
- * Add CVS log entry to bottom of file.
- * Cleaned out unused bits.
- *
- */
diff --git a/src/libfreeswan/pfkey_v2_parse.c b/src/libfreeswan/pfkey_v2_parse.c
index 440aa8c1d..c19ec1c99 100644
--- a/src/libfreeswan/pfkey_v2_parse.c
+++ b/src/libfreeswan/pfkey_v2_parse.c
@@ -1597,228 +1597,3 @@ errlab:
return error;
}
-
-/*
- * $Log: pfkey_v2_parse.c,v $
- * Revision 1.4 2004/06/13 20:35:07 as
- * removed references to ipsec_netlink.h
- *
- * Revision 1.3 2004/03/30 10:00:17 as
- * 64 bit issues
- *
- * Revision 1.2 2004/03/22 21:53:18 as
- * merged alg-0.8.1 branch with HEAD
- *
- * Revision 1.1.2.1 2004/03/15 22:30:06 as
- * nat-0.6c patch merged
- *
- * Revision 1.1 2004/03/15 20:35:26 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.53 2003/01/30 02:32:09 rgb
- *
- * Rename SAref table macro names for clarity.
- * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
- *
- * Revision 1.52 2002/12/30 06:53:07 mcr
- * deal with short SA structures... #if 0 out for now. Probably
- * not quite the right way.
- *
- * Revision 1.51 2002/12/13 18:16:02 mcr
- * restored sa_ref code
- *
- * Revision 1.50 2002/12/13 18:06:52 mcr
- * temporarily removed sadb_x_sa_ref reference for 2.xx
- *
- * Revision 1.49 2002/10/05 05:02:58 dhr
- *
- * C labels go on statements
- *
- * Revision 1.48 2002/09/20 15:40:45 rgb
- * Added sadb_x_sa_ref to struct sadb_sa.
- *
- * Revision 1.47 2002/09/20 05:01:31 rgb
- * Fixed usage of pfkey_lib_debug.
- * Format for function declaration style consistency.
- * Added text labels to elucidate numeric values presented.
- * Re-organised debug output to reduce noise in output.
- *
- * Revision 1.46 2002/07/24 18:44:54 rgb
- * Type fiddling to tame ia64 compiler.
- *
- * Revision 1.45 2002/05/23 07:14:11 rgb
- * Cleaned up %p variants to 0p%p for test suite cleanup.
- *
- * Revision 1.44 2002/04/24 07:55:32 mcr
- * #include patches and Makefiles for post-reorg compilation.
- *
- * Revision 1.43 2002/04/24 07:36:40 mcr
- * Moved from ./lib/pfkey_v2_parse.c,v
- *
- * Revision 1.42 2002/01/29 22:25:36 rgb
- * Re-add ipsec_kversion.h to keep MALLOC happy.
- *
- * Revision 1.41 2002/01/29 01:59:10 mcr
- * removal of kversions.h - sources that needed it now use ipsec_param.h.
- * updating of IPv6 structures to match latest in6.h version.
- * removed dead code from freeswan.h that also duplicated kversions.h
- * code.
- *
- * Revision 1.40 2002/01/20 20:34:50 mcr
- * added pfkey_v2_sadb_type_string to decode sadb_type to string.
- *
- * Revision 1.39 2001/11/27 05:29:22 mcr
- * pfkey parses are now maintained by a structure
- * that includes their name for debug purposes.
- * DEBUGGING() macro changed so that it takes a debug
- * level so that pf_key() can use this to decode the
- * structures without innundanting humans.
- * Also uses pfkey_v2_sadb_ext_string() in messages.
- *
- * Revision 1.38 2001/11/06 19:47:47 rgb
- * Added packet parameter to lifetime and comb structures.
- *
- * Revision 1.37 2001/10/18 04:45:24 rgb
- * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h,
- * lib/freeswan.h version macros moved to lib/kversions.h.
- * Other compiler directive cleanups.
- *
- * Revision 1.36 2001/06/14 19:35:16 rgb
- * Update copyright date.
- *
- * Revision 1.35 2001/05/03 19:44:51 rgb
- * Standardise on SENDERR() macro.
- *
- * Revision 1.34 2001/03/16 07:41:51 rgb
- * Put freeswan.h include before pluto includes.
- *
- * Revision 1.33 2001/02/27 07:13:51 rgb
- * Added satype2name() function.
- * Added text to default satype_tbl entry.
- * Added satype2name() conversions for most satype debug output.
- *
- * Revision 1.32 2001/02/26 20:01:09 rgb
- * Added internal IP protocol 61 for magic SAs.
- * Ditch unused sadb_satype2proto[], replaced by satype2proto().
- * Re-formatted debug output (split lines, consistent spacing).
- * Removed acquire, register and expire requirements for a known satype.
- * Changed message type checking to a switch structure.
- * Verify expected NULL auth for IPCOMP.
- * Enforced spi > 0x100 requirement, now that pass uses a magic SA for
- * appropriate message types.
- *
- * Revision 1.31 2000/12/01 07:09:00 rgb
- * Added ipcomp sanity check to require encalgo is set.
- *
- * Revision 1.30 2000/11/17 18:10:30 rgb
- * Fixed bugs mostly relating to spirange, to treat all spi variables as
- * network byte order since this is the way PF_KEYv2 stored spis.
- *
- * Revision 1.29 2000/10/12 00:02:39 rgb
- * Removed 'format, ##' nonsense from debug macros for RH7.0.
- *
- * Revision 1.28 2000/09/20 16:23:04 rgb
- * Remove over-paranoid extension check in the presence of sadb_msg_errno.
- *
- * Revision 1.27 2000/09/20 04:04:21 rgb
- * Changed static functions to DEBUG_NO_STATIC to reveal function names in
- * oopsen.
- *
- * Revision 1.26 2000/09/15 11:37:02 rgb
- * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
- * IPCOMP zlib deflate code.
- *
- * Revision 1.25 2000/09/12 22:35:37 rgb
- * Restructured to remove unused extensions from CLEARFLOW messages.
- *
- * Revision 1.24 2000/09/12 18:59:54 rgb
- * Added Gerhard's IPv6 support to pfkey parts of libfreeswan.
- *
- * Revision 1.23 2000/09/12 03:27:00 rgb
- * Moved DEBUGGING definition to compile kernel with debug off.
- *
- * Revision 1.22 2000/09/09 06:39:27 rgb
- * Restrict pfkey errno check to downward messages only.
- *
- * Revision 1.21 2000/09/08 19:22:34 rgb
- * Enabled pfkey_sens_parse().
- * Added check for errno on downward acquire messages only.
- *
- * Revision 1.20 2000/09/01 18:48:23 rgb
- * Fixed reserved check bug and added debug output in
- * pfkey_supported_parse().
- * Fixed debug output label bug in pfkey_ident_parse().
- *
- * Revision 1.19 2000/08/27 01:55:26 rgb
- * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code.
- *
- * Revision 1.18 2000/08/24 17:00:36 rgb
- * Ignore unknown extensions instead of failing.
- *
- * Revision 1.17 2000/06/02 22:54:14 rgb
- * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support.
- *
- * Revision 1.16 2000/05/10 19:25:11 rgb
- * Fleshed out proposal and supported extensions.
- *
- * Revision 1.15 2000/01/24 21:15:31 rgb
- * Added disabled pluto pfkey lib debug flag.
- * Added algo debugging reporting.
- *
- * Revision 1.14 2000/01/22 23:24:29 rgb
- * Added new functions proto2satype() and satype2proto() and lookup
- * table satype_tbl. Also added proto2name() since it was easy.
- *
- * Revision 1.13 2000/01/21 09:43:59 rgb
- * Cast ntohl(spi) as (unsigned long int) to shut up compiler.
- *
- * Revision 1.12 2000/01/21 06:28:19 rgb
- * Added address cases for eroute flows.
- * Indented compiler directives for readability.
- * Added klipsdebug switching capability.
- *
- * Revision 1.11 1999/12/29 21:14:59 rgb
- * Fixed debug text cut and paste typo.
- *
- * Revision 1.10 1999/12/10 17:45:24 rgb
- * Added address debugging.
- *
- * Revision 1.9 1999/12/09 23:11:42 rgb
- * Ditched <string.h> include since we no longer use memset().
- * Use new pfkey_extensions_init() instead of memset().
- * Added check for SATYPE in pfkey_msg_build().
- * Tidy up comments and debugging comments.
- *
- * Revision 1.8 1999/12/07 19:55:26 rgb
- * Removed unused first argument from extension parsers.
- * Removed static pluto debug flag.
- * Moved message type and state checking to pfkey_msg_parse().
- * Changed print[fk] type from lx to x to quiet compiler.
- * Removed redundant remain check.
- * Changed __u* types to uint* to avoid use of asm/types.h and
- * sys/types.h in userspace code.
- *
- * Revision 1.7 1999/12/01 22:20:51 rgb
- * Moved pfkey_lib_debug variable into the library.
- * Added pfkey version check into header parsing.
- * Added check for SATYPE only for those extensions that require a
- * non-zero value.
- *
- * Revision 1.6 1999/11/27 11:58:05 rgb
- * Added ipv6 headers.
- * Moved sadb_satype2proto protocol lookup table from
- * klips/net/ipsec/pfkey_v2_parser.c.
- * Enable lifetime_current checking.
- * Debugging error messages added.
- * Add argument to pfkey_msg_parse() for direction.
- * Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
- * Add CVS log entry to bottom of file.
- * Moved auth and enc alg check to pfkey_msg_parse().
- * Enable accidentally disabled spirange parsing.
- * Moved protocol/algorithm checks from klips/net/ipsec/pfkey_v2_parser.c
- *
- * Local variables:
- * c-file-style: "linux"
- * End:
- *
- */
diff --git a/src/libfreeswan/radij.h b/src/libfreeswan/radij.h
index 2a66093a0..7fe30a6ea 100644
--- a/src/libfreeswan/radij.h
+++ b/src/libfreeswan/radij.h
@@ -199,82 +199,3 @@ extern int maj_keylen;
#endif /* __KERNEL__ */
#endif /* _RADIJ_H_ */
-
-
-/*
- * $Log: radij.h,v $
- * Revision 1.1 2004/03/15 20:35:25 as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.12 2002/04/24 07:36:48 mcr
- * Moved from ./klips/net/ipsec/radij.h,v
- *
- * Revision 1.11 2001/09/20 15:33:00 rgb
- * Min/max cleanup.
- *
- * Revision 1.10 1999/11/18 04:09:20 rgb
- * Replaced all kernel version macros to shorter, readable form.
- *
- * Revision 1.9 1999/05/05 22:02:33 rgb
- * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
- *
- * Revision 1.8 1999/04/29 15:24:58 rgb
- * Add check for existence of macros min/max.
- *
- * Revision 1.7 1999/04/11 00:29:02 henry
- * GPL boilerplate
- *
- * Revision 1.6 1999/04/06 04:54:29 rgb
- * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
- * patch shell fixes.
- *
- * Revision 1.5 1999/01/22 06:30:32 rgb
- * 64-bit clean-up.
- *
- * Revision 1.4 1998/11/30 13:22:55 rgb
- * Rationalised all the klips kernel file headers. They are much shorter
- * now and won't conflict under RH5.2.
- *
- * Revision 1.3 1998/10/25 02:43:27 rgb
- * Change return type on rj_addroute and rj_delete and add and argument
- * to the latter to be able to transmit more infomation about errors.
- *
- * Revision 1.2 1998/07/14 18:09:51 rgb
- * Add a routine to clear eroute table.
- * Added #ifdef __KERNEL__ directives to restrict scope of header.
- *
- * Revision 1.1 1998/06/18 21:30:22 henry
- * move sources from klips/src to klips/net/ipsec to keep stupid kernel
- * build scripts happier about symlinks
- *
- * Revision 1.4 1998/05/25 20:34:16 rgb
- * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions.
- *
- * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and
- * add ipsec_rj_walker_delete.
- *
- * Recover memory for eroute table on unload of module.
- *
- * Revision 1.3 1998/04/22 16:51:37 rgb
- * Tidy up radij debug code from recent rash of modifications to debug code.
- *
- * Revision 1.2 1998/04/14 17:30:38 rgb
- * Fix up compiling errors for radij tree memory reclamation.
- *
- * Revision 1.1 1998/04/09 03:06:16 henry
- * sources moved up from linux/net/ipsec
- *
- * Revision 1.1.1.1 1998/04/08 05:35:04 henry
- * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
- *
- * Revision 0.4 1997/01/15 01:28:15 ji
- * No changes.
- *
- * Revision 0.3 1996/11/20 14:44:45 ji
- * Release update only.
- *
- * Revision 0.2 1996/11/02 00:18:33 ji
- * First limited release.
- *
- *
- */
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index b103be193..292abc0a4 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -11,6 +11,7 @@ asn1/asn1.c asn1/asn1.h \
asn1/oid.c asn1/oid.h \
asn1/pem.c asn1/pem.h \
asn1/ttodata.c asn1/ttodata.h \
+crypto/ac.c crypto/ac.h \
crypto/ca.c crypto/ca.h \
crypto/certinfo.c crypto/certinfo.h \
crypto/crl.c crypto/crl.h \
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index e5c5c758e..015308449 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -60,7 +60,7 @@ am__DEPENDENCIES_1 =
libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
am_libstrongswan_la_OBJECTS = library.lo chunk.lo debug.lo enum.lo \
- printf_hook.lo asn1.lo oid.lo pem.lo ttodata.lo ca.lo \
+ printf_hook.lo asn1.lo oid.lo pem.lo ttodata.lo ac.lo ca.lo \
certinfo.lo crl.lo crypter.lo aes_cbc_crypter.lo \
des_crypter.lo diffie_hellman.lo hasher.lo sha1_hasher.lo \
sha2_hasher.lo md5_hasher.lo hmac.lo ocsp.lo fips_prf.lo \
@@ -129,6 +129,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -141,6 +142,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -151,8 +153,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -174,6 +180,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -183,6 +190,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -196,9 +205,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -213,6 +226,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
lib_LTLIBRARIES = libstrongswan.la
libstrongswan_la_SOURCES = \
credential_store.h \
@@ -225,6 +240,7 @@ asn1/asn1.c asn1/asn1.h \
asn1/oid.c asn1/oid.h \
asn1/pem.c asn1/pem.h \
asn1/ttodata.c asn1/ttodata.h \
+crypto/ac.c crypto/ac.h \
crypto/ca.c crypto/ca.h \
crypto/certinfo.c crypto/certinfo.h \
crypto/crl.c crypto/crl.h \
@@ -333,6 +349,7 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_cbc_crypter.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ca.Plo@am__quote@
@@ -421,6 +438,13 @@ ttodata.lo: asn1/ttodata.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ttodata.lo `test -f 'asn1/ttodata.c' || echo '$(srcdir)/'`asn1/ttodata.c
+ac.lo: crypto/ac.c
+@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ac.lo -MD -MP -MF "$(DEPDIR)/ac.Tpo" -c -o ac.lo `test -f 'crypto/ac.c' || echo '$(srcdir)/'`crypto/ac.c; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ac.Tpo" "$(DEPDIR)/ac.Plo"; else rm -f "$(DEPDIR)/ac.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/ac.c' object='ac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ac.lo `test -f 'crypto/ac.c' || echo '$(srcdir)/'`crypto/ac.c
+
ca.lo: crypto/ca.c
@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ca.lo -MD -MP -MF "$(DEPDIR)/ca.Tpo" -c -o ca.lo `test -f 'crypto/ca.c' || echo '$(srcdir)/'`crypto/ca.c; \
@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ca.Tpo" "$(DEPDIR)/ca.Plo"; else rm -f "$(DEPDIR)/ca.Tpo"; exit 1; fi
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 91a6621d4..2a0aa4ff6 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -731,3 +731,43 @@ chunk_t timetoasn1(const time_t *time, asn1_t type)
formatted_time.len = strlen(buf);
return asn1_simple_object(type, formatted_time);
}
+
+/**
+ * ASN.1 definition of time
+ */
+static const asn1Object_t timeObjects[] = {
+ { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */
+ { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */
+ { 0, "generalizeTime",ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */
+ { 0, "end opt", ASN1_EOC, ASN1_END } /* 3 */
+};
+#define TIME_UTC 0
+#define TIME_GENERALIZED 2
+#define TIME_ROOF 4
+
+/**
+ * extracts and converts a UTCTIME or GENERALIZEDTIME object
+ */
+time_t parse_time(chunk_t blob, int level0)
+{
+ asn1_ctx_t ctx;
+ chunk_t object;
+ u_int level;
+ int objectID = 0;
+
+ asn1_init(&ctx, blob, level0, FALSE, FALSE);
+
+ while (objectID < TIME_ROOF)
+ {
+ if (!extract_object(timeObjects, &objectID, &object, &level, &ctx))
+ return 0;
+
+ if (objectID == TIME_UTC || objectID == TIME_GENERALIZED)
+ {
+ return asn1totime(&object, (objectID == TIME_UTC)
+ ? ASN1_UTCTIME : ASN1_GENERALIZEDTIME);
+ }
+ objectID++;
+ }
+ return 0;
+}
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index 5ab519ec8..365ccb438 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -124,6 +124,8 @@ extern void asn1_init(asn1_ctx_t *ctx, chunk_t blob, u_int level0, bool implicit
extern bool extract_object(asn1Object_t const *objects, u_int *objectID, chunk_t *object, u_int *level, asn1_ctx_t *ctx);
extern bool parse_asn1_simple_object(chunk_t *object, asn1_t type, u_int level, const char* name);
extern int parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters);
+extern time_t parse_time(chunk_t blob, int level0);
+
extern bool is_asn1(chunk_t blob);
extern void code_asn1_length(size_t length, chunk_t *code);
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index 4b0632de2..48df1b7c4 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -28,7 +28,7 @@ const oid_t oid_names[] = {
{ 0x01, 0, 1, "pilotAttributeType" }, /* 15 */
{ 0x01, 17, 0, "UID" }, /* 16 */
{ 0x19, 0, 0, "DC" }, /* 17 */
- {0x55, 51, 1, "X.500" }, /* 18 */
+ {0x55, 52, 1, "X.500" }, /* 18 */
{ 0x04, 36, 1, "X.509" }, /* 19 */
{ 0x03, 21, 0, "CN" }, /* 20 */
{ 0x04, 22, 0, "S" }, /* 21 */
@@ -54,144 +54,145 @@ const oid_t oid_names[] = {
{ 0x11, 42, 0, "subjectAltName" }, /* 41 */
{ 0x12, 43, 0, "issuerAltName" }, /* 42 */
{ 0x13, 44, 0, "basicConstraints" }, /* 43 */
- { 0x15, 45, 0, "reasonCode" }, /* 44 */
- { 0x1F, 46, 0, "crlDistributionPoints" }, /* 45 */
- { 0x20, 47, 0, "certificatePolicies" }, /* 46 */
- { 0x23, 48, 0, "authorityKeyIdentifier" }, /* 47 */
- { 0x25, 49, 0, "extendedKeyUsage" }, /* 48 */
- { 0x37, 50, 0, "targetInformation" }, /* 49 */
- { 0x38, 0, 0, "noRevAvail" }, /* 50 */
- {0x2A, 88, 1, "" }, /* 51 */
- { 0x86, 0, 1, "" }, /* 52 */
- { 0x48, 0, 1, "" }, /* 53 */
- { 0x86, 0, 1, "" }, /* 54 */
- { 0xF7, 0, 1, "" }, /* 55 */
- { 0x0D, 0, 1, "RSADSI" }, /* 56 */
- { 0x01, 83, 1, "PKCS" }, /* 57 */
- { 0x01, 66, 1, "PKCS-1" }, /* 58 */
- { 0x01, 60, 0, "rsaEncryption" }, /* 59 */
- { 0x02, 61, 0, "md2WithRSAEncryption" }, /* 60 */
- { 0x04, 62, 0, "md5WithRSAEncryption" }, /* 61 */
- { 0x05, 63, 0, "sha-1WithRSAEncryption" }, /* 62 */
- { 0x0B, 64, 0, "sha256WithRSAEncryption"}, /* 63 */
- { 0x0C, 65, 0, "sha384WithRSAEncryption"}, /* 64 */
- { 0x0D, 0, 0, "sha512WithRSAEncryption"}, /* 65 */
- { 0x07, 73, 1, "PKCS-7" }, /* 66 */
- { 0x01, 68, 0, "data" }, /* 67 */
- { 0x02, 69, 0, "signedData" }, /* 68 */
- { 0x03, 70, 0, "envelopedData" }, /* 69 */
- { 0x04, 71, 0, "signedAndEnvelopedData" }, /* 70 */
- { 0x05, 72, 0, "digestedData" }, /* 71 */
- { 0x06, 0, 0, "encryptedData" }, /* 72 */
- { 0x09, 0, 1, "PKCS-9" }, /* 73 */
- { 0x01, 75, 0, "E" }, /* 74 */
- { 0x02, 76, 0, "unstructuredName" }, /* 75 */
- { 0x03, 77, 0, "contentType" }, /* 76 */
- { 0x04, 78, 0, "messageDigest" }, /* 77 */
- { 0x05, 79, 0, "signingTime" }, /* 78 */
- { 0x06, 80, 0, "counterSignature" }, /* 79 */
- { 0x07, 81, 0, "challengePassword" }, /* 80 */
- { 0x08, 82, 0, "unstructuredAddress" }, /* 81 */
- { 0x0E, 0, 0, "extensionRequest" }, /* 82 */
- { 0x02, 86, 1, "digestAlgorithm" }, /* 83 */
- { 0x02, 85, 0, "md2" }, /* 84 */
- { 0x05, 0, 0, "md5" }, /* 85 */
- { 0x03, 0, 1, "encryptionAlgorithm" }, /* 86 */
- { 0x07, 0, 0, "3des-ede-cbc" }, /* 87 */
- {0x2B, 149, 1, "" }, /* 88 */
- { 0x06, 136, 1, "dod" }, /* 89 */
- { 0x01, 0, 1, "internet" }, /* 90 */
- { 0x04, 105, 1, "private" }, /* 91 */
- { 0x01, 0, 1, "enterprise" }, /* 92 */
- { 0x82, 98, 1, "" }, /* 93 */
- { 0x37, 0, 1, "Microsoft" }, /* 94 */
- { 0x0A, 0, 1, "" }, /* 95 */
- { 0x03, 0, 1, "" }, /* 96 */
- { 0x03, 0, 0, "msSGC" }, /* 97 */
- { 0x89, 0, 1, "" }, /* 98 */
- { 0x31, 0, 1, "" }, /* 99 */
- { 0x01, 0, 1, "" }, /* 100 */
- { 0x01, 0, 1, "" }, /* 101 */
- { 0x02, 0, 1, "" }, /* 102 */
- { 0x02, 104, 0, "" }, /* 103 */
- { 0x4B, 0, 0, "TCGID" }, /* 104 */
- { 0x05, 0, 1, "security" }, /* 105 */
- { 0x05, 0, 1, "mechanisms" }, /* 106 */
- { 0x07, 0, 1, "id-pkix" }, /* 107 */
- { 0x01, 110, 1, "id-pe" }, /* 108 */
- { 0x01, 0, 0, "authorityInfoAccess" }, /* 109 */
- { 0x03, 120, 1, "id-kp" }, /* 110 */
- { 0x01, 112, 0, "serverAuth" }, /* 111 */
- { 0x02, 113, 0, "clientAuth" }, /* 112 */
- { 0x03, 114, 0, "codeSigning" }, /* 113 */
- { 0x04, 115, 0, "emailProtection" }, /* 114 */
- { 0x05, 116, 0, "ipsecEndSystem" }, /* 115 */
- { 0x06, 117, 0, "ipsecTunnel" }, /* 116 */
- { 0x07, 118, 0, "ipsecUser" }, /* 117 */
- { 0x08, 119, 0, "timeStamping" }, /* 118 */
- { 0x09, 0, 0, "ocspSigning" }, /* 119 */
- { 0x08, 122, 1, "id-otherNames" }, /* 120 */
- { 0x05, 0, 0, "xmppAddr" }, /* 121 */
- { 0x0A, 127, 1, "id-aca" }, /* 122 */
- { 0x01, 124, 0, "authenticationInfo" }, /* 123 */
- { 0x02, 125, 0, "accessIdentity" }, /* 124 */
- { 0x03, 126, 0, "chargingIdentity" }, /* 125 */
- { 0x04, 0, 0, "group" }, /* 126 */
- { 0x30, 0, 1, "id-ad" }, /* 127 */
- { 0x01, 0, 1, "ocsp" }, /* 128 */
- { 0x01, 130, 0, "basic" }, /* 129 */
- { 0x02, 131, 0, "nonce" }, /* 130 */
- { 0x03, 132, 0, "crl" }, /* 131 */
- { 0x04, 133, 0, "response" }, /* 132 */
- { 0x05, 134, 0, "noCheck" }, /* 133 */
- { 0x06, 135, 0, "archiveCutoff" }, /* 134 */
- { 0x07, 0, 0, "serviceLocator" }, /* 135 */
- { 0x0E, 142, 1, "oiw" }, /* 136 */
- { 0x03, 0, 1, "secsig" }, /* 137 */
- { 0x02, 0, 1, "algorithms" }, /* 138 */
- { 0x07, 140, 0, "des-cbc" }, /* 139 */
- { 0x1A, 141, 0, "sha-1" }, /* 140 */
- { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 141 */
- { 0x24, 0, 1, "TeleTrusT" }, /* 142 */
- { 0x03, 0, 1, "algorithm" }, /* 143 */
- { 0x03, 0, 1, "signatureAlgorithm" }, /* 144 */
- { 0x01, 0, 1, "rsaSignature" }, /* 145 */
- { 0x02, 147, 0, "rsaSigWithripemd160" }, /* 146 */
- { 0x03, 148, 0, "rsaSigWithripemd128" }, /* 147 */
- { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 148 */
- {0x60, 0, 1, "" }, /* 149 */
- { 0x86, 0, 1, "" }, /* 150 */
- { 0x48, 0, 1, "" }, /* 151 */
- { 0x01, 0, 1, "organization" }, /* 152 */
- { 0x65, 160, 1, "gov" }, /* 153 */
- { 0x03, 0, 1, "csor" }, /* 154 */
- { 0x04, 0, 1, "nistalgorithm" }, /* 155 */
- { 0x02, 0, 1, "hashalgs" }, /* 156 */
- { 0x01, 158, 0, "id-SHA-256" }, /* 157 */
- { 0x02, 159, 0, "id-SHA-384" }, /* 158 */
- { 0x03, 0, 0, "id-SHA-512" }, /* 159 */
- { 0x86, 0, 1, "" }, /* 160 */
- { 0xf8, 0, 1, "" }, /* 161 */
- { 0x42, 174, 1, "netscape" }, /* 162 */
- { 0x01, 169, 1, "" }, /* 163 */
- { 0x01, 165, 0, "nsCertType" }, /* 164 */
- { 0x03, 166, 0, "nsRevocationUrl" }, /* 165 */
- { 0x04, 167, 0, "nsCaRevocationUrl" }, /* 166 */
- { 0x08, 168, 0, "nsCaPolicyUrl" }, /* 167 */
- { 0x0d, 0, 0, "nsComment" }, /* 168 */
- { 0x03, 172, 1, "directory" }, /* 169 */
- { 0x01, 0, 1, "" }, /* 170 */
- { 0x03, 0, 0, "employeeNumber" }, /* 171 */
- { 0x04, 0, 1, "policy" }, /* 172 */
- { 0x01, 0, 0, "nsSGC" }, /* 173 */
- { 0x45, 0, 1, "verisign" }, /* 174 */
- { 0x01, 0, 1, "pki" }, /* 175 */
- { 0x09, 0, 1, "attributes" }, /* 176 */
- { 0x02, 178, 0, "messageType" }, /* 177 */
- { 0x03, 179, 0, "pkiStatus" }, /* 178 */
- { 0x04, 180, 0, "failInfo" }, /* 179 */
- { 0x05, 181, 0, "senderNonce" }, /* 180 */
- { 0x06, 182, 0, "recipientNonce" }, /* 181 */
- { 0x07, 183, 0, "transID" }, /* 182 */
- { 0x08, 0, 0, "extensionReq" } /* 183 */
+ { 0x14, 45, 0, "crlNumber" }, /* 44 */
+ { 0x15, 46, 0, "reasonCode" }, /* 45 */
+ { 0x1F, 47, 0, "crlDistributionPoints" }, /* 46 */
+ { 0x20, 48, 0, "certificatePolicies" }, /* 47 */
+ { 0x23, 49, 0, "authorityKeyIdentifier" }, /* 48 */
+ { 0x25, 50, 0, "extendedKeyUsage" }, /* 49 */
+ { 0x37, 51, 0, "targetInformation" }, /* 50 */
+ { 0x38, 0, 0, "noRevAvail" }, /* 51 */
+ {0x2A, 89, 1, "" }, /* 52 */
+ { 0x86, 0, 1, "" }, /* 53 */
+ { 0x48, 0, 1, "" }, /* 54 */
+ { 0x86, 0, 1, "" }, /* 55 */
+ { 0xF7, 0, 1, "" }, /* 56 */
+ { 0x0D, 0, 1, "RSADSI" }, /* 57 */
+ { 0x01, 84, 1, "PKCS" }, /* 58 */
+ { 0x01, 67, 1, "PKCS-1" }, /* 59 */
+ { 0x01, 61, 0, "rsaEncryption" }, /* 60 */
+ { 0x02, 62, 0, "md2WithRSAEncryption" }, /* 61 */
+ { 0x04, 63, 0, "md5WithRSAEncryption" }, /* 62 */
+ { 0x05, 64, 0, "sha-1WithRSAEncryption" }, /* 63 */
+ { 0x0B, 65, 0, "sha256WithRSAEncryption"}, /* 64 */
+ { 0x0C, 66, 0, "sha384WithRSAEncryption"}, /* 65 */
+ { 0x0D, 0, 0, "sha512WithRSAEncryption"}, /* 66 */
+ { 0x07, 74, 1, "PKCS-7" }, /* 67 */
+ { 0x01, 69, 0, "data" }, /* 68 */
+ { 0x02, 70, 0, "signedData" }, /* 69 */
+ { 0x03, 71, 0, "envelopedData" }, /* 70 */
+ { 0x04, 72, 0, "signedAndEnvelopedData" }, /* 71 */
+ { 0x05, 73, 0, "digestedData" }, /* 72 */
+ { 0x06, 0, 0, "encryptedData" }, /* 73 */
+ { 0x09, 0, 1, "PKCS-9" }, /* 74 */
+ { 0x01, 76, 0, "E" }, /* 75 */
+ { 0x02, 77, 0, "unstructuredName" }, /* 76 */
+ { 0x03, 78, 0, "contentType" }, /* 77 */
+ { 0x04, 79, 0, "messageDigest" }, /* 78 */
+ { 0x05, 80, 0, "signingTime" }, /* 79 */
+ { 0x06, 81, 0, "counterSignature" }, /* 80 */
+ { 0x07, 82, 0, "challengePassword" }, /* 81 */
+ { 0x08, 83, 0, "unstructuredAddress" }, /* 82 */
+ { 0x0E, 0, 0, "extensionRequest" }, /* 83 */
+ { 0x02, 87, 1, "digestAlgorithm" }, /* 84 */
+ { 0x02, 86, 0, "md2" }, /* 85 */
+ { 0x05, 0, 0, "md5" }, /* 86 */
+ { 0x03, 0, 1, "encryptionAlgorithm" }, /* 87 */
+ { 0x07, 0, 0, "3des-ede-cbc" }, /* 88 */
+ {0x2B, 150, 1, "" }, /* 89 */
+ { 0x06, 137, 1, "dod" }, /* 90 */
+ { 0x01, 0, 1, "internet" }, /* 91 */
+ { 0x04, 106, 1, "private" }, /* 92 */
+ { 0x01, 0, 1, "enterprise" }, /* 93 */
+ { 0x82, 99, 1, "" }, /* 94 */
+ { 0x37, 0, 1, "Microsoft" }, /* 95 */
+ { 0x0A, 0, 1, "" }, /* 96 */
+ { 0x03, 0, 1, "" }, /* 97 */
+ { 0x03, 0, 0, "msSGC" }, /* 98 */
+ { 0x89, 0, 1, "" }, /* 99 */
+ { 0x31, 0, 1, "" }, /* 100 */
+ { 0x01, 0, 1, "" }, /* 101 */
+ { 0x01, 0, 1, "" }, /* 102 */
+ { 0x02, 0, 1, "" }, /* 103 */
+ { 0x02, 105, 0, "" }, /* 104 */
+ { 0x4B, 0, 0, "TCGID" }, /* 105 */
+ { 0x05, 0, 1, "security" }, /* 106 */
+ { 0x05, 0, 1, "mechanisms" }, /* 107 */
+ { 0x07, 0, 1, "id-pkix" }, /* 108 */
+ { 0x01, 111, 1, "id-pe" }, /* 109 */
+ { 0x01, 0, 0, "authorityInfoAccess" }, /* 110 */
+ { 0x03, 121, 1, "id-kp" }, /* 111 */
+ { 0x01, 113, 0, "serverAuth" }, /* 112 */
+ { 0x02, 114, 0, "clientAuth" }, /* 113 */
+ { 0x03, 115, 0, "codeSigning" }, /* 114 */
+ { 0x04, 116, 0, "emailProtection" }, /* 115 */
+ { 0x05, 117, 0, "ipsecEndSystem" }, /* 116 */
+ { 0x06, 118, 0, "ipsecTunnel" }, /* 117 */
+ { 0x07, 119, 0, "ipsecUser" }, /* 118 */
+ { 0x08, 120, 0, "timeStamping" }, /* 119 */
+ { 0x09, 0, 0, "ocspSigning" }, /* 120 */
+ { 0x08, 123, 1, "id-otherNames" }, /* 121 */
+ { 0x05, 0, 0, "xmppAddr" }, /* 122 */
+ { 0x0A, 128, 1, "id-aca" }, /* 123 */
+ { 0x01, 125, 0, "authenticationInfo" }, /* 124 */
+ { 0x02, 126, 0, "accessIdentity" }, /* 125 */
+ { 0x03, 127, 0, "chargingIdentity" }, /* 126 */
+ { 0x04, 0, 0, "group" }, /* 127 */
+ { 0x30, 0, 1, "id-ad" }, /* 128 */
+ { 0x01, 0, 1, "ocsp" }, /* 129 */
+ { 0x01, 131, 0, "basic" }, /* 130 */
+ { 0x02, 132, 0, "nonce" }, /* 131 */
+ { 0x03, 133, 0, "crl" }, /* 132 */
+ { 0x04, 134, 0, "response" }, /* 133 */
+ { 0x05, 135, 0, "noCheck" }, /* 134 */
+ { 0x06, 136, 0, "archiveCutoff" }, /* 135 */
+ { 0x07, 0, 0, "serviceLocator" }, /* 136 */
+ { 0x0E, 143, 1, "oiw" }, /* 137 */
+ { 0x03, 0, 1, "secsig" }, /* 138 */
+ { 0x02, 0, 1, "algorithms" }, /* 139 */
+ { 0x07, 141, 0, "des-cbc" }, /* 140 */
+ { 0x1A, 142, 0, "sha-1" }, /* 141 */
+ { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 142 */
+ { 0x24, 0, 1, "TeleTrusT" }, /* 143 */
+ { 0x03, 0, 1, "algorithm" }, /* 144 */
+ { 0x03, 0, 1, "signatureAlgorithm" }, /* 145 */
+ { 0x01, 0, 1, "rsaSignature" }, /* 146 */
+ { 0x02, 148, 0, "rsaSigWithripemd160" }, /* 147 */
+ { 0x03, 149, 0, "rsaSigWithripemd128" }, /* 148 */
+ { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 149 */
+ {0x60, 0, 1, "" }, /* 150 */
+ { 0x86, 0, 1, "" }, /* 151 */
+ { 0x48, 0, 1, "" }, /* 152 */
+ { 0x01, 0, 1, "organization" }, /* 153 */
+ { 0x65, 161, 1, "gov" }, /* 154 */
+ { 0x03, 0, 1, "csor" }, /* 155 */
+ { 0x04, 0, 1, "nistalgorithm" }, /* 156 */
+ { 0x02, 0, 1, "hashalgs" }, /* 157 */
+ { 0x01, 159, 0, "id-SHA-256" }, /* 158 */
+ { 0x02, 160, 0, "id-SHA-384" }, /* 159 */
+ { 0x03, 0, 0, "id-SHA-512" }, /* 160 */
+ { 0x86, 0, 1, "" }, /* 161 */
+ { 0xf8, 0, 1, "" }, /* 162 */
+ { 0x42, 175, 1, "netscape" }, /* 163 */
+ { 0x01, 170, 1, "" }, /* 164 */
+ { 0x01, 166, 0, "nsCertType" }, /* 165 */
+ { 0x03, 167, 0, "nsRevocationUrl" }, /* 166 */
+ { 0x04, 168, 0, "nsCaRevocationUrl" }, /* 167 */
+ { 0x08, 169, 0, "nsCaPolicyUrl" }, /* 168 */
+ { 0x0d, 0, 0, "nsComment" }, /* 169 */
+ { 0x03, 173, 1, "directory" }, /* 170 */
+ { 0x01, 0, 1, "" }, /* 171 */
+ { 0x03, 0, 0, "employeeNumber" }, /* 172 */
+ { 0x04, 0, 1, "policy" }, /* 173 */
+ { 0x01, 0, 0, "nsSGC" }, /* 174 */
+ { 0x45, 0, 1, "verisign" }, /* 175 */
+ { 0x01, 0, 1, "pki" }, /* 176 */
+ { 0x09, 0, 1, "attributes" }, /* 177 */
+ { 0x02, 179, 0, "messageType" }, /* 178 */
+ { 0x03, 180, 0, "pkiStatus" }, /* 179 */
+ { 0x04, 181, 0, "failInfo" }, /* 180 */
+ { 0x05, 182, 0, "senderNonce" }, /* 181 */
+ { 0x06, 183, 0, "recipientNonce" }, /* 182 */
+ { 0x07, 184, 0, "transID" }, /* 183 */
+ { 0x08, 0, 0, "extensionReq" } /* 184 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index f85997159..49260c9f4 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -22,59 +22,63 @@ extern const oid_t oid_names[];
#define OID_SUBJECT_KEY_ID 38
#define OID_SUBJECT_ALT_NAME 41
#define OID_BASIC_CONSTRAINTS 43
-#define OID_CRL_REASON_CODE 44
-#define OID_CRL_DISTRIBUTION_POINTS 45
-#define OID_AUTHORITY_KEY_ID 47
-#define OID_EXTENDED_KEY_USAGE 48
-#define OID_TARGET_INFORMATION 49
-#define OID_NO_REV_AVAIL 50
-#define OID_RSA_ENCRYPTION 59
-#define OID_MD2_WITH_RSA 60
-#define OID_MD5_WITH_RSA 61
-#define OID_SHA1_WITH_RSA 62
-#define OID_SHA256_WITH_RSA 63
-#define OID_SHA384_WITH_RSA 64
-#define OID_SHA512_WITH_RSA 65
-#define OID_PKCS7_DATA 67
-#define OID_PKCS7_SIGNED_DATA 68
-#define OID_PKCS7_ENVELOPED_DATA 69
-#define OID_PKCS7_SIGNED_ENVELOPED_DATA 70
-#define OID_PKCS7_DIGESTED_DATA 71
-#define OID_PKCS7_ENCRYPTED_DATA 72
-#define OID_PKCS9_EMAIL 74
-#define OID_PKCS9_CONTENT_TYPE 76
-#define OID_PKCS9_MESSAGE_DIGEST 77
-#define OID_PKCS9_SIGNING_TIME 78
-#define OID_MD2 84
-#define OID_MD5 85
-#define OID_3DES_EDE_CBC 87
-#define OID_AUTHORITY_INFO_ACCESS 109
-#define OID_OCSP_SIGNING 119
-#define OID_XMPP_ADDR 121
-#define OID_AUTHENTICATION_INFO 123
-#define OID_ACCESS_IDENTITY 124
-#define OID_CHARGING_IDENTITY 125
-#define OID_GROUP 126
-#define OID_OCSP 128
-#define OID_BASIC 129
-#define OID_NONCE 130
-#define OID_CRL 131
-#define OID_RESPONSE 132
-#define OID_NO_CHECK 133
-#define OID_ARCHIVE_CUTOFF 134
-#define OID_SERVICE_LOCATOR 135
-#define OID_DES_CBC 139
-#define OID_SHA1 140
-#define OID_SHA1_WITH_RSA_OIW 141
-#define OID_NS_REVOCATION_URL 165
-#define OID_NS_CA_REVOCATION_URL 166
-#define OID_NS_CA_POLICY_URL 167
-#define OID_NS_COMMENT 168
-#define OID_PKI_MESSAGE_TYPE 177
-#define OID_PKI_STATUS 178
-#define OID_PKI_FAIL_INFO 179
-#define OID_PKI_SENDER_NONCE 180
-#define OID_PKI_RECIPIENT_NONCE 181
-#define OID_PKI_TRANS_ID 182
+#define OID_CRL_NUMBER 44
+#define OID_CRL_REASON_CODE 45
+#define OID_CRL_DISTRIBUTION_POINTS 46
+#define OID_AUTHORITY_KEY_ID 48
+#define OID_EXTENDED_KEY_USAGE 49
+#define OID_TARGET_INFORMATION 50
+#define OID_NO_REV_AVAIL 51
+#define OID_RSA_ENCRYPTION 60
+#define OID_MD2_WITH_RSA 61
+#define OID_MD5_WITH_RSA 62
+#define OID_SHA1_WITH_RSA 63
+#define OID_SHA256_WITH_RSA 64
+#define OID_SHA384_WITH_RSA 65
+#define OID_SHA512_WITH_RSA 66
+#define OID_PKCS7_DATA 68
+#define OID_PKCS7_SIGNED_DATA 69
+#define OID_PKCS7_ENVELOPED_DATA 70
+#define OID_PKCS7_SIGNED_ENVELOPED_DATA 71
+#define OID_PKCS7_DIGESTED_DATA 72
+#define OID_PKCS7_ENCRYPTED_DATA 73
+#define OID_PKCS9_EMAIL 75
+#define OID_PKCS9_CONTENT_TYPE 77
+#define OID_PKCS9_MESSAGE_DIGEST 78
+#define OID_PKCS9_SIGNING_TIME 79
+#define OID_MD2 85
+#define OID_MD5 86
+#define OID_3DES_EDE_CBC 88
+#define OID_AUTHORITY_INFO_ACCESS 110
+#define OID_OCSP_SIGNING 120
+#define OID_XMPP_ADDR 122
+#define OID_AUTHENTICATION_INFO 124
+#define OID_ACCESS_IDENTITY 125
+#define OID_CHARGING_IDENTITY 126
+#define OID_GROUP 127
+#define OID_OCSP 129
+#define OID_BASIC 130
+#define OID_NONCE 131
+#define OID_CRL 132
+#define OID_RESPONSE 133
+#define OID_NO_CHECK 134
+#define OID_ARCHIVE_CUTOFF 135
+#define OID_SERVICE_LOCATOR 136
+#define OID_DES_CBC 140
+#define OID_SHA1 141
+#define OID_SHA1_WITH_RSA_OIW 142
+#define OID_SHA256 158
+#define OID_SHA384 159
+#define OID_SHA512 160
+#define OID_NS_REVOCATION_URL 166
+#define OID_NS_CA_REVOCATION_URL 167
+#define OID_NS_CA_POLICY_URL 168
+#define OID_NS_COMMENT 169
+#define OID_PKI_MESSAGE_TYPE 178
+#define OID_PKI_STATUS 179
+#define OID_PKI_FAIL_INFO 180
+#define OID_PKI_SENDER_NONCE 181
+#define OID_PKI_RECIPIENT_NONCE 182
+#define OID_PKI_TRANS_ID 183
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index eed46d59d..2b3c96ae3 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -42,6 +42,7 @@
0x11 "subjectAltName" OID_SUBJECT_ALT_NAME
0x12 "issuerAltName"
0x13 "basicConstraints" OID_BASIC_CONSTRAINTS
+ 0x14 "crlNumber" OID_CRL_NUMBER
0x15 "reasonCode" OID_CRL_REASON_CODE
0x1F "crlDistributionPoints" OID_CRL_DISTRIBUTION_POINTS
0x20 "certificatePolicies"
@@ -155,9 +156,9 @@
0x03 "csor"
0x04 "nistalgorithm"
0x02 "hashalgs"
- 0x01 "id-SHA-256"
- 0x02 "id-SHA-384"
- 0x03 "id-SHA-512"
+ 0x01 "id-SHA-256" OID_SHA256
+ 0x02 "id-SHA-384" OID_SHA384
+ 0x03 "id-SHA-512" OID_SHA512
0x86 ""
0xf8 ""
0x42 "netscape"
diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c
index cba823c22..d70e1723f 100644
--- a/src/libstrongswan/chunk.c
+++ b/src/libstrongswan/chunk.c
@@ -22,6 +22,7 @@
*/
#include <stdio.h>
+#include <sys/stat.h>
#include "chunk.h"
diff --git a/src/libstrongswan/credential_store.h b/src/libstrongswan/credential_store.h
index 5d51981ec..dcbe43f52 100755
--- a/src/libstrongswan/credential_store.h
+++ b/src/libstrongswan/credential_store.h
@@ -88,15 +88,6 @@ struct credential_store_t {
rsa_public_key_t* (*get_rsa_public_key) (credential_store_t *this, identification_t *id);
/**
- * @brief Returns the RSA public key of a specific ID if is trusted
- *
- * @param this calling object
- * @param id identification_t object identifiying the key.
- * @return public key, or NULL if not found or not trusted
- */
- rsa_public_key_t* (*get_trusted_public_key) (credential_store_t *this, identification_t *id);
-
- /**
* @brief Returns the RSA private key belonging to an RSA public key
*
* The returned rsa_private_key_t must be destroyed by the caller after usage.
@@ -151,16 +142,29 @@ struct credential_store_t {
* @param cert certificate for which issuer ca info is required
* @return ca info, or NULL if not found
*/
- ca_info_t* (*get_issuer) (credential_store_t *this, const x509_t* cert);
+ ca_info_t* (*get_issuer) (credential_store_t *this, x509_t* cert);
/**
+ * @brief Verify an RSA signature given the ID of the signer
+ *
+ * @param this calling object
+ * @param hash hash value to be verified.
+ * @param sig signature to be verified.
+ * @param id identification_t object identifiying the signer.
+ * @param issuer_p issuer of the signer's certificate (if not self-signed).
+ * @return status of the verification - SUCCESS if successful
+ */
+ status_t (*verify_signature) (credential_store_t *this, chunk_t hash, chunk_t sig, identification_t *id, ca_info_t **issuer_p);
+
+ /**
* @brief Verify an X.509 certificate up to trust anchor without any status checks
*
* @param this calling object
+ * @param label label characterizing the certificate to be verified
* @param cert certificate to be verified
* @return TRUE if trusted
*/
- bool (*is_trusted) (credential_store_t *this, x509_t *cert);
+ bool (*is_trusted) (credential_store_t *this, const char *label, x509_t *cert);
/**
* @brief Verify an X.509 certificate up to trust anchor including status checks
@@ -196,8 +200,9 @@ struct credential_store_t {
*
* @param this calling object
* @param ca_info ca info record to be added
+ * @return pointer to the added or already existing ca_info_t record
*/
- void (*add_ca_info) (credential_store_t *this, ca_info_t *ca_info);
+ ca_info_t* (*add_ca_info) (credential_store_t *this, ca_info_t *ca_info);
/**
* @brief Release a ca info record with a given name.
@@ -244,6 +249,24 @@ struct credential_store_t {
void (*load_ca_certificates) (credential_store_t *this);
/**
+ * @brief Loads authorization authority certificates from a default directory.
+ *
+ * Certificates in both DER and PEM format are accepted
+ *
+ * @param this calling object
+ */
+ void (*load_aa_certificates) (credential_store_t *this);
+
+ /**
+ * @brief Loads attribute certificates from a default directory.
+ *
+ * Certificates in both DER and PEM format are accepted
+ *
+ * @param this calling object
+ */
+ void (*load_attr_certificates) (credential_store_t *this);
+
+ /**
* @brief Loads ocsp certificates from a default directory.
*
* Certificates in both DER and PEM format are accepted
diff --git a/src/libstrongswan/crypto/ac.c b/src/libstrongswan/crypto/ac.c
new file mode 100644
index 000000000..47605e9e1
--- /dev/null
+++ b/src/libstrongswan/crypto/ac.c
@@ -0,0 +1,665 @@
+/**
+ * @file ac.c
+ *
+ * @brief Implementation of x509ac_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler
+ * Copyright (C) 2003 Martin Berner, Lukas Suter
+ * Copyright (C) 2007 Andreas Steffen, Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <library.h>
+#include <debug.h>
+
+#include <asn1/asn1.h>
+#include <utils/identification.h>
+#include <utils/linked_list.h>
+
+#include "ac.h"
+
+typedef struct private_x509ac_t private_x509ac_t;
+
+/**
+ * Private data of a x509ac_t object.
+ */
+struct private_x509ac_t {
+ /**
+ * Public interface for this attribute certificate.
+ */
+ x509ac_t public;
+
+ /**
+ * Time when attribute certificate was installed
+ */
+ time_t installed;
+
+ /**
+ * X.509 attribute certificate in DER format
+ */
+ chunk_t certificate;
+
+ /**
+ * X.509 attribute certificate body over which signature is computed
+ */
+ chunk_t certificateInfo;
+
+ /**
+ * Version of the X.509 attribute certificate
+ */
+ u_int version;
+
+ /**
+ * Serial number of the X.509 attribute certificate
+ */
+ chunk_t serialNumber;
+
+ /**
+ * ID representing the issuer of the holder certificate
+ */
+ identification_t *holderIssuer;
+
+ /**
+ * Serial number of the holder certificate
+ */
+ chunk_t holderSerial;
+
+ /**
+ * ID representing the holder
+ */
+ identification_t *entityName;
+
+ /**
+ * ID representing the attribute certificate issuer
+ */
+ identification_t *issuerName;
+
+ /**
+ * Signature algorithm
+ */
+ int sigAlg;
+
+ /**
+ * Start time of certificate validity
+ */
+ time_t notBefore;
+
+ /**
+ * End time of certificate validity
+ */
+ time_t notAfter;
+
+ /**
+ * List of charging attributes
+ */
+ linked_list_t *charging;
+
+ /**
+ * List of groub attributes
+ */
+ linked_list_t *groups;
+
+ /**
+ * Authority Key Identifier
+ */
+ chunk_t authKeyID;
+
+ /**
+ * Authority Key Serial Number
+ */
+ chunk_t authKeySerialNumber;
+
+ /**
+ * No revocation information available
+ */
+ bool noRevAvail;
+
+ /**
+ * Signature algorithm (must be identical to sigAlg)
+ */
+ int algorithm;
+
+ /**
+ * Signature
+ */
+ chunk_t signature;
+};
+
+/**
+ * definition of ietfAttribute kinds
+ */
+typedef enum {
+ IETF_ATTRIBUTE_OCTETS = 0,
+ IETF_ATTRIBUTE_OID = 1,
+ IETF_ATTRIBUTE_STRING = 2
+} ietfAttribute_t;
+
+/**
+ * access structure for an ietfAttribute
+ */
+typedef struct ietfAttr_t ietfAttr_t;
+
+struct ietfAttr_t {
+ /**
+ * IETF attribute kind
+ */
+ ietfAttribute_t kind;
+
+ /**
+ * IETF attribute valuse
+ */
+ chunk_t value;
+
+ /**
+ * Destroys the ietfAttr_t object.
+ *
+ * @param this ietfAttr_t to destroy
+ */
+ void (*destroy) (ietfAttr_t *this);
+};
+
+/**
+ * Destroys an ietfAttr_t object
+ */
+static void ietfAttr_destroy(ietfAttr_t *this)
+{
+ free(this->value.ptr);
+ free(this);
+}
+
+/**
+ * Creates an ietfAttr_t object.
+ */
+ietfAttr_t *ietfAttr_create(ietfAttribute_t kind, chunk_t value)
+{
+ ietfAttr_t *this = malloc_thing(ietfAttr_t);
+
+ /* initialize */
+ this->kind = kind;
+ this->value = chunk_clone(value);
+
+ /* function */
+ this->destroy = ietfAttr_destroy;
+
+ return this;
+}
+
+/**
+ * ASN.1 definition of ietfAttrSyntax
+ */
+static const asn1Object_t ietfAttrSyntaxObjects[] =
+{
+ { 0, "ietfAttrSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "policyAuthority", ASN1_CONTEXT_C_0, ASN1_OPT |
+ ASN1_BODY }, /* 1 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
+ { 1, "values", ASN1_SEQUENCE, ASN1_LOOP }, /* 3 */
+ { 2, "octets", ASN1_OCTET_STRING, ASN1_OPT |
+ ASN1_BODY }, /* 4 */
+ { 2, "end choice", ASN1_EOC, ASN1_END }, /* 5 */
+ { 2, "oid", ASN1_OID, ASN1_OPT |
+ ASN1_BODY }, /* 6 */
+ { 2, "end choice", ASN1_EOC, ASN1_END }, /* 7 */
+ { 2, "string", ASN1_UTF8STRING, ASN1_OPT |
+ ASN1_BODY }, /* 8 */
+ { 2, "end choice", ASN1_EOC, ASN1_END }, /* 9 */
+ { 1, "end loop", ASN1_EOC, ASN1_END } /* 10 */
+};
+
+#define IETF_ATTR_OCTETS 4
+#define IETF_ATTR_OID 6
+#define IETF_ATTR_STRING 8
+#define IETF_ATTR_ROOF 11
+
+/**
+ * ASN.1 definition of roleSyntax
+ */
+static const asn1Object_t roleSyntaxObjects[] =
+{
+ { 0, "roleSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "roleAuthority", ASN1_CONTEXT_C_0, ASN1_OPT |
+ ASN1_OBJ }, /* 1 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
+ { 1, "roleName", ASN1_CONTEXT_C_1, ASN1_OBJ } /* 3 */
+};
+
+#define ROLE_ROOF 4
+
+/**
+ * ASN.1 definition of an X509 attribute certificate
+ */
+static const asn1Object_t acObjects[] =
+{
+ { 0, "AttributeCertificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
+ { 1, "AttributeCertificateInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */
+ { 2, "version", ASN1_INTEGER, ASN1_DEF |
+ ASN1_BODY }, /* 2 */
+ { 2, "holder", ASN1_SEQUENCE, ASN1_NONE }, /* 3 */
+ { 3, "baseCertificateID", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 4 */
+ { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 5 */
+ { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 6 */
+ { 4, "issuerUID", ASN1_BIT_STRING, ASN1_OPT |
+ ASN1_BODY }, /* 7 */
+ { 4, "end opt", ASN1_EOC, ASN1_END }, /* 8 */
+ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 9 */
+ { 3, "entityName", ASN1_CONTEXT_C_1, ASN1_OPT |
+ ASN1_OBJ }, /* 10 */
+ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 11 */
+ { 3, "objectDigestInfo", ASN1_CONTEXT_C_2, ASN1_OPT }, /* 12 */
+ { 4, "digestedObjectType", ASN1_ENUMERATED, ASN1_BODY }, /* 13*/
+ { 4, "otherObjectTypeID", ASN1_OID, ASN1_OPT |
+ ASN1_BODY }, /* 14 */
+ { 4, "end opt", ASN1_EOC, ASN1_END }, /* 15*/
+ { 4, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 16 */
+ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 17 */
+ { 2, "v2Form", ASN1_CONTEXT_C_0, ASN1_NONE }, /* 18 */
+ { 3, "issuerName", ASN1_SEQUENCE, ASN1_OPT |
+ ASN1_OBJ }, /* 19 */
+ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 20 */
+ { 3, "baseCertificateID", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 21 */
+ { 4, "issuerSerial", ASN1_SEQUENCE, ASN1_NONE }, /* 22 */
+ { 5, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 23 */
+ { 5, "serial", ASN1_INTEGER, ASN1_BODY }, /* 24 */
+ { 5, "issuerUID", ASN1_BIT_STRING, ASN1_OPT |
+ ASN1_BODY }, /* 25 */
+ { 5, "end opt", ASN1_EOC, ASN1_END }, /* 26 */
+ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 27 */
+ { 3, "objectDigestInfo", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 28 */
+ { 4, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 29 */
+ { 5, "digestedObjectType", ASN1_ENUMERATED, ASN1_BODY }, /* 30 */
+ { 5, "otherObjectTypeID", ASN1_OID, ASN1_OPT |
+ ASN1_BODY }, /* 31 */
+ { 5, "end opt", ASN1_EOC, ASN1_END }, /* 32 */
+ { 5, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 33 */
+ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 34 */
+ { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 35 */
+ { 2, "serialNumber", ASN1_INTEGER, ASN1_BODY }, /* 36 */
+ { 2, "attrCertValidityPeriod", ASN1_SEQUENCE, ASN1_NONE }, /* 37 */
+ { 3, "notBeforeTime", ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 38 */
+ { 3, "notAfterTime", ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 39 */
+ { 2, "attributes", ASN1_SEQUENCE, ASN1_LOOP }, /* 40 */
+ { 3, "attribute", ASN1_SEQUENCE, ASN1_NONE }, /* 41 */
+ { 4, "type", ASN1_OID, ASN1_BODY }, /* 42 */
+ { 4, "values", ASN1_SET, ASN1_LOOP }, /* 43 */
+ { 5, "value", ASN1_EOC, ASN1_RAW }, /* 44 */
+ { 4, "end loop", ASN1_EOC, ASN1_END }, /* 45 */
+ { 2, "end loop", ASN1_EOC, ASN1_END }, /* 46 */
+ { 2, "extensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 47 */
+ { 3, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 48 */
+ { 4, "extnID", ASN1_OID, ASN1_BODY }, /* 49 */
+ { 4, "critical", ASN1_BOOLEAN, ASN1_DEF |
+ ASN1_BODY }, /* 50 */
+ { 4, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 51 */
+ { 2, "end loop", ASN1_EOC, ASN1_END }, /* 52 */
+ { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 53 */
+ { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 54 */
+};
+
+#define AC_OBJ_CERTIFICATE 0
+#define AC_OBJ_CERTIFICATE_INFO 1
+#define AC_OBJ_VERSION 2
+#define AC_OBJ_HOLDER_ISSUER 5
+#define AC_OBJ_HOLDER_SERIAL 6
+#define AC_OBJ_ENTITY_NAME 10
+#define AC_OBJ_ISSUER_NAME 19
+#define AC_OBJ_ISSUER 23
+#define AC_OBJ_SIG_ALG 35
+#define AC_OBJ_SERIAL_NUMBER 36
+#define AC_OBJ_NOT_BEFORE 38
+#define AC_OBJ_NOT_AFTER 39
+#define AC_OBJ_ATTRIBUTE_TYPE 42
+#define AC_OBJ_ATTRIBUTE_VALUE 44
+#define AC_OBJ_EXTN_ID 49
+#define AC_OBJ_CRITICAL 50
+#define AC_OBJ_EXTN_VALUE 51
+#define AC_OBJ_ALGORITHM 53
+#define AC_OBJ_SIGNATURE 54
+#define AC_OBJ_ROOF 55
+
+/**
+ * Implements x509ac_t.is_valid
+ */
+static err_t is_valid(const private_x509ac_t *this, time_t *until)
+{
+ time_t current_time = time(NULL);
+
+ DBG2(" not before : %T", &this->notBefore);
+ DBG2(" current time: %T", &current_time);
+ DBG2(" not after : %T", &this->notAfter);
+
+ if (until != NULL &&
+ (*until == UNDEFINED_TIME || this->notAfter < *until))
+ {
+ *until = this->notAfter;
+ }
+ if (current_time < this->notBefore)
+ {
+ return "is not valid yet";
+ }
+ if (current_time > this->notAfter)
+ {
+ return "has expired";
+ }
+ DBG2(" attribute certificate is valid");
+ return NULL;
+}
+
+/**
+ * parses a directoryName
+ */
+static bool parse_directoryName(chunk_t blob, int level, bool implicit, identification_t **name)
+{
+ bool has_directoryName;
+ linked_list_t *list = linked_list_create();
+
+ parse_generalNames(blob, level, implicit, list);
+ has_directoryName = list->get_count(list) > 0;
+
+ if (has_directoryName)
+ {
+ iterator_t *iterator = list->create_iterator(list, TRUE);
+ identification_t *directoryName;
+ bool first = TRUE;
+
+ while (iterator->iterate(iterator, (void**)&directoryName))
+ {
+ if (first)
+ {
+ *name = directoryName;
+ first = FALSE;
+ }
+ else
+ {
+ DBG1("more than one directory name - first selected");
+ directoryName->destroy(directoryName);
+ }
+ }
+ iterator->destroy(iterator);
+ }
+ else
+ {
+ DBG1("no directoryName found");
+ }
+
+ list->destroy(list);
+ return has_directoryName;
+}
+
+/**
+ * parses ietfAttrSyntax
+ */
+static void parse_ietfAttrSyntax(chunk_t blob, int level0, linked_list_t *list)
+{
+ asn1_ctx_t ctx;
+ chunk_t object;
+ u_int level;
+ int objectID = 0;
+
+ asn1_init(&ctx, blob, level0, FALSE, FALSE);
+
+ while (objectID < IETF_ATTR_ROOF)
+ {
+ if (!extract_object(ietfAttrSyntaxObjects, &objectID, &object, &level, &ctx))
+ {
+ return;
+ }
+
+ switch (objectID)
+ {
+ case IETF_ATTR_OCTETS:
+ case IETF_ATTR_OID:
+ case IETF_ATTR_STRING:
+ {
+ ietfAttribute_t kind = (objectID - IETF_ATTR_OCTETS) / 2;
+ ietfAttr_t *attr = ietfAttr_create(kind, object);
+ list->insert_last(list, (void *)attr);
+ }
+ break;
+ default:
+ break;
+ }
+ objectID++;
+ }
+}
+
+/**
+ * parses roleSyntax
+ */
+static void parse_roleSyntax(chunk_t blob, int level0)
+{
+ asn1_ctx_t ctx;
+ chunk_t object;
+ u_int level;
+ int objectID = 0;
+
+ asn1_init(&ctx, blob, level0, FALSE, FALSE);
+ while (objectID < ROLE_ROOF)
+ {
+ if (!extract_object(roleSyntaxObjects, &objectID, &object, &level, &ctx))
+ {
+ return;
+ }
+
+ switch (objectID)
+ {
+ default:
+ break;
+ }
+ objectID++;
+ }
+}
+
+/**
+ * Parses an X.509 attribute certificate
+ */
+static bool parse_certificate(chunk_t blob, private_x509ac_t *this)
+{
+ asn1_ctx_t ctx;
+ bool critical;
+ chunk_t object;
+ u_int level;
+ u_int type = OID_UNKNOWN;
+ u_int extn_oid = OID_UNKNOWN;
+ int objectID = 0;
+
+ asn1_init(&ctx, blob, 0, FALSE, FALSE);
+ while (objectID < AC_OBJ_ROOF)
+ {
+ if (!extract_object(acObjects, &objectID, &object, &level, &ctx))
+ {
+ return FALSE;
+ }
+
+ /* those objects which will parsed further need the next higher level */
+ level++;
+
+ switch (objectID)
+ {
+ case AC_OBJ_CERTIFICATE:
+ this->certificate = object;
+ break;
+ case AC_OBJ_CERTIFICATE_INFO:
+ this->certificateInfo = object;
+ break;
+ case AC_OBJ_VERSION:
+ this->version = (object.len) ? (1 + (u_int)*object.ptr) : 1;
+ DBG2(" v%d", this->version);
+ if (this->version != 2)
+ {
+ DBG1("v%d attribute certificates are not supported", this->version);
+ return FALSE;
+ }
+ break;
+ case AC_OBJ_HOLDER_ISSUER:
+ if (!parse_directoryName(object, level, FALSE, &this->holderIssuer))
+ {
+ return FALSE;
+ }
+ break;
+ case AC_OBJ_HOLDER_SERIAL:
+ this->holderSerial = object;
+ break;
+ case AC_OBJ_ENTITY_NAME:
+ if (!parse_directoryName(object, level, TRUE, &this->entityName))
+ {
+ return FALSE;
+ }
+ break;
+ case AC_OBJ_ISSUER_NAME:
+ if (!parse_directoryName(object, level, FALSE, &this->issuerName))
+ {
+ return FALSE;
+ }
+ break;
+ case AC_OBJ_SIG_ALG:
+ this->sigAlg = parse_algorithmIdentifier(object, level, NULL);
+ break;
+ case AC_OBJ_SERIAL_NUMBER:
+ this->serialNumber = object;
+ break;
+ case AC_OBJ_NOT_BEFORE:
+ this->notBefore = asn1totime(&object, ASN1_GENERALIZEDTIME);
+ break;
+ case AC_OBJ_NOT_AFTER:
+ this->notAfter = asn1totime(&object, ASN1_GENERALIZEDTIME);
+ break;
+ case AC_OBJ_ATTRIBUTE_TYPE:
+ type = known_oid(object);
+ break;
+ case AC_OBJ_ATTRIBUTE_VALUE:
+ {
+ switch (type)
+ {
+ case OID_AUTHENTICATION_INFO:
+ DBG2(" need to parse authenticationInfo");
+ break;
+ case OID_ACCESS_IDENTITY:
+ DBG2(" need to parse accessIdentity");
+ break;
+ case OID_CHARGING_IDENTITY:
+ parse_ietfAttrSyntax(object, level, this->charging);
+ break;
+ case OID_GROUP:
+ parse_ietfAttrSyntax(object, level, this->groups);
+ break;
+ case OID_ROLE:
+ parse_roleSyntax(object, level);
+ break;
+ default:
+ break;
+ }
+ }
+ break;
+ case AC_OBJ_EXTN_ID:
+ extn_oid = known_oid(object);
+ break;
+ case AC_OBJ_CRITICAL:
+ critical = object.len && *object.ptr;
+ DBG2(" %s",(critical)?"TRUE":"FALSE");
+ break;
+ case AC_OBJ_EXTN_VALUE:
+ {
+ switch (extn_oid)
+ {
+ case OID_CRL_DISTRIBUTION_POINTS:
+ DBG2(" need to parse crlDistributionPoints");
+ break;
+ case OID_AUTHORITY_KEY_ID:
+ parse_authorityKeyIdentifier(object, level,
+ &this->authKeyID, &this->authKeySerialNumber);
+ break;
+ case OID_TARGET_INFORMATION:
+ DBG2(" need to parse targetInformation");
+ break;
+ case OID_NO_REV_AVAIL:
+ this->noRevAvail = TRUE;
+ break;
+ default:
+ break;
+ }
+ }
+ break;
+ case AC_OBJ_ALGORITHM:
+ this->algorithm = parse_algorithmIdentifier(object, level, NULL);
+ break;
+ case AC_OBJ_SIGNATURE:
+ this->signature = object;
+ break;
+ default:
+ break;
+ }
+ objectID++;
+ }
+ this->installed = time(NULL);
+ return FALSE;
+}
+
+/**
+ * Implements x509ac_t.destroy
+ */
+static void destroy(private_x509ac_t *this)
+{
+ DESTROY_IF(this->holderIssuer);
+ DESTROY_IF(this->entityName);
+ DESTROY_IF(this->issuerName);
+ this->charging->destroy_offset(this->charging,
+ offsetof(ietfAttr_t, destroy));
+ this->groups->destroy_offset(this->groups,
+ offsetof(ietfAttr_t, destroy));
+ free(this->certificate.ptr);
+ free(this);
+}
+
+/**
+ * Described in header.
+ */
+x509ac_t *x509ac_create_from_chunk(chunk_t chunk)
+{
+ private_x509ac_t *this = malloc_thing(private_x509ac_t);
+
+ /* initialize */
+ this->holderIssuer = NULL;
+ this->entityName = NULL;
+ this->issuerName = NULL;
+ this->charging = linked_list_create();
+ this->groups = linked_list_create();
+
+ /* public functions */
+ this->public.is_valid = (err_t (*) (const x509ac_t*,time_t*))is_valid;
+ this->public.destroy = (void (*) (x509ac_t*))destroy;
+
+ if (!parse_certificate(chunk, this))
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+/**
+ * Described in header.
+ */
+x509ac_t *x509ac_create_from_file(const char *filename)
+{
+ bool pgp = FALSE;
+ chunk_t chunk = chunk_empty;
+
+ if (!pem_asn1_load_file(filename, NULL, "attribute certificate", &chunk, &pgp))
+ {
+ return NULL;
+ }
+ return x509ac_create_from_chunk(chunk);
+}
+
diff --git a/src/libstrongswan/crypto/ac.h b/src/libstrongswan/crypto/ac.h
new file mode 100644
index 000000000..b7fd26c94
--- /dev/null
+++ b/src/libstrongswan/crypto/ac.h
@@ -0,0 +1,81 @@
+/**
+ * @file ac.h
+ *
+ * @brief Interface of x509ac_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler
+ * Copyright (C) 2003 Martin Berner, Lukas Suter
+ * Copyright (C) 2007 Andreas Steffen
+ *
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef AC_H_
+#define AC_H_
+
+typedef struct x509ac_t x509ac_t;
+
+/**
+ * @brief X.509 attribute certificate.
+ *
+ * @b Constructors:
+ * - x509ac_create_from_chunk()
+ * - x509ac_create_from_file()
+ *
+ * @ingroup crypto
+ */
+struct x509ac_t {
+
+ /**
+ * @brief Checks the validity interval of the attribute certificate
+ *
+ * @param this certificate being examined
+ * @param until until = min(until, notAfter)
+ * @return NULL if the certificate is valid
+ */
+ err_t (*is_valid) (const x509ac_t *this, time_t *until);
+
+ /**
+ * @brief Destroys the attribute certificate.
+ *
+ * @param this certificate to destroy
+ */
+ void (*destroy) (x509ac_t *this);
+};
+
+/**
+ * @brief Read a x509 attribute certificate from a DER encoded blob.
+ *
+ * @param chunk chunk containing DER encoded data
+ * @return created x509ac_t certificate, or NULL if invalid.
+ *
+ * @ingroup crypto
+ */
+x509ac_t *x509ac_create_from_chunk(chunk_t chunk);
+
+/**
+ * @brief Read a x509 attribute certificate from a DER encoded file.
+ *
+ * @param filename file containing DER encoded data
+ * @return created x509ac_t certificate, or NULL if invalid.
+ *
+ * @ingroup crypto
+ */
+x509ac_t *x509ac_create_from_file(const char *filename);
+
+
+#endif /* AC_H_ */
+
diff --git a/src/libstrongswan/crypto/ca.c b/src/libstrongswan/crypto/ca.c
index 1f566a098..07413e805 100644
--- a/src/libstrongswan/crypto/ca.c
+++ b/src/libstrongswan/crypto/ca.c
@@ -29,6 +29,7 @@
#include "x509.h"
#include "crl.h"
#include "ca.h"
+#include "ac.h"
#include "certinfo.h"
#include "ocsp.h"
@@ -65,6 +66,11 @@ struct private_ca_info_t {
x509_t *cacert;
/**
+ * List of attribute certificates
+ */
+ linked_list_t *attrcerts;
+
+ /**
* List of crl URIs
*/
linked_list_t *crluris;
@@ -94,6 +100,7 @@ struct private_ca_info_t {
/**
* static options set by ca_info_set_options()
*/
+static strict_t strict_crl_policy = STRICT_NO;
static bool cache_crls = FALSE;
static u_int crl_check_interval = 0;
@@ -151,6 +158,31 @@ static bool is_crl_issuer(private_ca_info_t *this, const crl_t *crl)
}
/**
+ * Implements ca_info_t.is_ca
+ */
+static bool is_ca(private_ca_info_t *this)
+{
+ return this->cacert->is_ca(this->cacert);
+}
+
+/**
+ * Implements ca_info_t.is_strict
+ */
+static bool is_strict(private_ca_info_t *this)
+{
+ bool strict = strict_crl_policy != STRICT_NO;
+
+ if (strict_crl_policy == STRICT_IFURI)
+ {
+ pthread_mutex_lock(&(this->mutex));
+ strict = this->crluris->get_count(this->crluris) > 0 ||
+ this->ocspuris->get_count(this->ocspuris) > 0;
+ pthread_mutex_unlock(&(this->mutex));
+ }
+ return strict;
+}
+
+/**
* Implements ca_info_t.has_crl
*/
static bool has_crl(private_ca_info_t *this)
@@ -213,11 +245,9 @@ static void add_crl(private_ca_info_t *this, crl_t *crl)
*/
static void list_crl(private_ca_info_t *this, FILE *out, bool utc)
{
- pthread_mutex_lock(&(this->mutex));
-
- fprintf(out, "%#U\n", this->crl, utc);
-
- pthread_mutex_unlock(&(this->mutex));
+ pthread_mutex_lock(&this->mutex);
+ this->crl->list(this->crl, out, utc);
+ pthread_mutex_unlock(&this->mutex);
}
/**
@@ -225,26 +255,42 @@ static void list_crl(private_ca_info_t *this, FILE *out, bool utc)
*/
static void list_certinfos(private_ca_info_t *this, FILE *out, bool utc)
{
- pthread_mutex_lock(&(this->mutex));
+ iterator_t *iterator;
+ certinfo_t *certinfo;
+ chunk_t authkey;
+ pthread_mutex_lock(&this->mutex);
+
+ authkey = this->cacert->get_subjectKeyID(this->cacert);
fprintf(out," authname: '%D'\n", this->cacert->get_subject(this->cacert));
- {
- chunk_t authkey = this->cacert->get_subjectKeyID(this->cacert);
+ fprintf(out," authkey: %#B\n", &authkey);
- fprintf(out," authkey: %#B\n", &authkey);
- }
+ iterator = this->certinfos->create_iterator(this->certinfos, TRUE);
+ while (iterator->iterate(iterator, (void**)&certinfo))
{
- iterator_t *iterator = this->certinfos->create_iterator(this->certinfos, TRUE);
- certinfo_t *certinfo;
-
- while (iterator->iterate(iterator, (void**)&certinfo))
+ time_t nextUpdate, thisUpdate, now;
+ chunk_t serial;
+
+ now = time(NULL);
+ nextUpdate = certinfo->get_nextUpdate(certinfo);
+ thisUpdate = certinfo->get_thisUpdate(certinfo);
+ serial = certinfo->get_serialNumber(certinfo);
+
+ fprintf(out, "%#T, until %#T, ", &thisUpdate, utc, &nextUpdate, utc);
+ if (now > nextUpdate)
{
- fprintf(out, "%#Y\n", certinfo, utc);
+ fprintf(out, "expired (%V ago)\n", &now, &nextUpdate);
}
- iterator->destroy(iterator);
+ else
+ {
+ fprintf(out, "ok (expires in %V)\n", &now, &nextUpdate);
+ }
+ fprintf(out, " serial: %#B, %N\n", &serial,
+ cert_status_names, certinfo->get_status(certinfo));
}
+ iterator->destroy(iterator);
- pthread_mutex_unlock(&(this->mutex));
+ pthread_mutex_unlock(&this->mutex);
}
/**
@@ -644,6 +690,8 @@ static void purge_ocsp(private_ca_info_t *this)
*/
static void destroy(private_ca_info_t *this)
{
+ this->attrcerts->destroy_offset(this->attrcerts,
+ offsetof(x509ac_t, destroy));
this->crluris->destroy_offset(this->crluris,
offsetof(identification_t, destroy));
this->ocspuris->destroy_offset(this->ocspuris,
@@ -656,92 +704,59 @@ static void destroy(private_ca_info_t *this)
}
/**
- * output handler in printf()
+ * list the info of this CA
*/
-static int print(FILE *stream, const struct printf_info *info,
- const void *const *args)
+static void list(private_ca_info_t* this, FILE* out, bool utc)
{
- private_ca_info_t *this = *((private_ca_info_t**)(args[0]));
- bool utc = TRUE;
- int written = 0;
- const x509_t *cacert;
+ chunk_t chunk;
+ identification_t *uri;
+ iterator_t *iterator;
+ bool first;
- if (info->alt)
- {
- utc = *((bool*)args[1]);
- }
- if (this == NULL)
- {
- return fprintf(stream, "(null)");
- }
-
pthread_mutex_lock(&(this->mutex));
- written += fprintf(stream, "%#T", &this->installed, utc);
+ fprintf(out, "%#T", &this->installed, utc);
if (this->name)
{
- written += fprintf(stream, ", \"%s\"\n", this->name);
+ fprintf(out, ", \"%s\"\n", this->name);
}
else
{
- written += fprintf(stream, "\n");
+ fprintf(out, "\n");
}
- cacert = this->cacert;
- written += fprintf(stream, " authname: '%D'\n", cacert->get_subject(cacert));
- {
- chunk_t authkey = cacert->get_subjectKeyID(cacert);
-
- written += fprintf(stream, " authkey: %#B\n", &authkey);
- }
+ fprintf(out, " authname: '%D'\n", this->cacert->get_subject(this->cacert));
+ chunk = this->cacert->get_subjectKeyID(this->cacert);
+ fprintf(out, " authkey: %#B\n", &chunk);
+ chunk = this->cacert->get_keyid(this->cacert);
+ fprintf(out, " keyid: %#B\n", &chunk);
+
+ first = TRUE;
+ iterator = this->crluris->create_iterator(this->crluris, TRUE);
+ while (iterator->iterate(iterator, (void**)&uri))
{
- chunk_t keyid = cacert->get_keyid(cacert);
-
- written += fprintf(stream, " keyid: %#B\n", &keyid);
- }
- {
- identification_t *crluri;
- iterator_t *iterator = this->crluris->create_iterator(this->crluris, TRUE);
- bool first = TRUE;
-
- while (iterator->iterate(iterator, (void**)&crluri))
- {
- written += fprintf(stream, " %s '%D'\n",
- first? "crluris:":" ", crluri);
- first = FALSE;
- }
- iterator->destroy(iterator);
+ fprintf(out, " %s '%D'\n", first ? "crluris:":" ", uri);
+ first = FALSE;
}
+ iterator->destroy(iterator);
+
+ first = TRUE;
+ iterator = this->ocspuris->create_iterator(this->ocspuris, TRUE);
+ while (iterator->iterate(iterator, (void**)&uri))
{
- identification_t *ocspuri;
- iterator_t *iterator = this->ocspuris->create_iterator(this->ocspuris, TRUE);
- bool first = TRUE;
-
- while (iterator->iterate(iterator, (void**)&ocspuri))
- {
- written += fprintf(stream, " %s '%D'\n",
- first? "ocspuris:":" ", ocspuri);
- first = FALSE;
- }
- iterator->destroy(iterator);
+ fprintf(out, " %s '%D'\n", first ? "ocspuris:":" ", uri);
+ first = FALSE;
}
+ iterator->destroy(iterator);
pthread_mutex_unlock(&(this->mutex));
- return written;
-}
-
-/**
- * register printf() handlers
- */
-static void __attribute__ ((constructor))print_register()
-{
- register_printf_function(PRINTF_CAINFO, print, arginfo_ptr_alt_ptr_int);
}
/*
* Described in header.
*/
-void ca_info_set_options(bool cache, u_int interval)
+void ca_info_set_options(strict_t strict, bool cache, u_int interval)
{
+ strict_crl_policy = strict;
cache_crls = cache;
crl_check_interval = interval;
}
@@ -757,6 +772,7 @@ ca_info_t *ca_info_create(const char *name, x509_t *cacert)
this->installed = time(NULL);
this->name = (name == NULL)? NULL:strdup(name);
this->cacert = cacert;
+ this->attrcerts = linked_list_create();
this->crluris = linked_list_create();
this->ocspuris = linked_list_create();
this->certinfos = linked_list_create();
@@ -770,10 +786,13 @@ ca_info_t *ca_info_create(const char *name, x509_t *cacert)
this->public.equals_name_release_info = (bool (*) (ca_info_t*,const char*))equals_name_release_info;
this->public.is_cert_issuer = (bool (*) (ca_info_t*,const x509_t*))is_cert_issuer;
this->public.is_crl_issuer = (bool (*) (ca_info_t*,const crl_t*))is_crl_issuer;
+ this->public.is_ca = (bool (*) (ca_info_t*))is_ca;
+ this->public.is_strict = (bool (*) (ca_info_t*))is_strict;
this->public.add_info = (void (*) (ca_info_t*,const ca_info_t*))add_info;
this->public.add_crl = (void (*) (ca_info_t*,crl_t*))add_crl;
this->public.has_crl = (bool (*) (ca_info_t*))has_crl;
this->public.has_certinfos = (bool (*) (ca_info_t*))has_certinfos;
+ this->public.list = (void (*) (ca_info_t*,FILE*,bool))list;
this->public.list_crl = (void (*) (ca_info_t*,FILE*,bool))list_crl;
this->public.list_certinfos = (void (*) (ca_info_t*,FILE*,bool))list_certinfos;
this->public.add_crluri = (void (*) (ca_info_t*,chunk_t))add_crluri;
diff --git a/src/libstrongswan/crypto/ca.h b/src/libstrongswan/crypto/ca.h
index c494a4468..ff6271b15 100644
--- a/src/libstrongswan/crypto/ca.h
+++ b/src/libstrongswan/crypto/ca.h
@@ -26,13 +26,15 @@
typedef struct ca_info_t ca_info_t;
#include <library.h>
-#include <chunk.h>
-
-#include <credential_store.h>
#include "x509.h"
#include "crl.h"
+#define MAX_CA_PATH_LEN 7
+
+/*forward declaration */
+struct credential_store_t;
+
/**
* @brief X.509 certification authority information record
*
@@ -81,6 +83,22 @@ struct ca_info_t {
bool (*is_crl_issuer) (ca_info_t *this, const crl_t *crl);
/**
+ * @brief Checks if the ca certificate has the isCA flag set
+ *
+ * @param this ca info object
+ * @return TRUE if the isCA flag is set
+ */
+ bool (*is_ca) (ca_info_t *this);
+
+ /**
+ * @brief Checks if the ca enforces a strict crl policy
+ *
+ * @param this ca info object
+ * @return TRUE if the crl policy is strict
+ */
+ bool (*is_strict) (ca_info_t *this);
+
+ /**
* @brief Merges info from a secondary ca info object
*
* @param this primary ca info object
@@ -113,6 +131,16 @@ struct ca_info_t {
bool (*has_certinfos) (ca_info_t *this);
/**
+ * @brief Print the CA info onto the console
+ *
+ * @param this ca info object
+ * @param out output stream
+ * @param utc TRUE - utc
+ FALSE - local time
+ */
+ void (*list) (ca_info_t *this, FILE *out, bool utc);
+
+ /**
* @brief List the CRL onto the console
*
* @param this ca info object
@@ -174,7 +202,7 @@ struct ca_info_t {
* @param credentials credential store needed for trust path verification
* @return certificate status
*/
- cert_status_t (*verify_by_ocsp) (ca_info_t* this, certinfo_t* certinfo, credential_store_t* credentials);
+ cert_status_t (*verify_by_ocsp) (ca_info_t* this, certinfo_t* certinfo, struct credential_store_t* credentials);
/**
* @brief Purge the OCSP certinfos of a ca info record
@@ -199,7 +227,7 @@ struct ca_info_t {
*
* @ingroup crypto
*/
-void ca_info_set_options(bool cache, u_int interval);
+void ca_info_set_options(strict_t strict, bool cache, u_int interval);
/**
* @brief Create a ca info record
diff --git a/src/libstrongswan/crypto/certinfo.c b/src/libstrongswan/crypto/certinfo.c
index 654e4c2bd..8a125e247 100644
--- a/src/libstrongswan/crypto/certinfo.c
+++ b/src/libstrongswan/crypto/certinfo.c
@@ -221,54 +221,6 @@ static void destroy(private_certinfo_t *this)
free(this);
}
-/**
- * output handler in printf()
- */
-static int print(FILE *stream, const struct printf_info *info,
- const void *const *args)
-{
- private_certinfo_t *this = *((private_certinfo_t**)(args[0]));
- bool utc = TRUE;
- int written = 0;
- time_t now;
-
- if (info->alt)
- {
- utc = *((bool*)args[1]);
- }
-
- if (this == NULL)
- {
- return fprintf(stream, "(null)");
- }
-
- now = time(NULL);
-
- written += fprintf(stream, "%#T, until %#T, ",
- &this->thisUpdate, utc,
- &this->nextUpdate, utc);
- if (now > this->nextUpdate)
- {
- written += fprintf(stream, "expired (%V ago)\n", &now, &this->nextUpdate);
- }
- else
- {
- written += fprintf(stream, "ok (expires in %V)\n", &now, &this->nextUpdate);
- }
- written += fprintf(stream, " serial: %#B, %N",
- &this->serialNumber,
- cert_status_names, this->status);
- return written;
-}
-
-/**
- * register printf() handlers
- */
-static void __attribute__ ((constructor))print_register()
-{
- register_printf_function(PRINTF_CERTINFO, print, arginfo_ptr_alt_ptr_int);
-}
-
/*
* Described in header.
*/
diff --git a/src/libstrongswan/crypto/crl.c b/src/libstrongswan/crypto/crl.c
index 00d6a3ac3..b4ae37b2e 100755
--- a/src/libstrongswan/crypto/crl.c
+++ b/src/libstrongswan/crypto/crl.c
@@ -39,10 +39,6 @@
#define CRL_WARNING_INTERVAL 7 /* days */
-extern char* check_expiry(time_t expiration_date, int warning_interval, bool strict);
-extern time_t parse_time(chunk_t blob, int level0);
-extern void parse_authorityKeyIdentifier(chunk_t blob, int level0 , chunk_t *authKeyID, chunk_t *authKeySerialNumber);
-
/* access structure for a revoked certificate */
typedef struct revokedCert_t revokedCert_t;
@@ -100,6 +96,11 @@ struct private_crl_t {
identification_t *issuer;
/**
+ * CRL number
+ */
+ chunk_t crlNumber;
+
+ /**
* Time when the crl was generated
*/
time_t thisUpdate;
@@ -291,6 +292,14 @@ bool parse_x509crl(chunk_t blob, u_int level0, private_crl_t *crl)
{
parse_authorityKeyIdentifier(object, level, &crl->authKeyID, &crl->authKeySerialNumber);
}
+ else if (extn_oid == OID_CRL_NUMBER)
+ {
+ if (!parse_asn1_simple_object(&object, ASN1_INTEGER, level, "crlNumber"))
+ {
+ return FALSE;
+ }
+ crl->crlNumber = object;
+ }
}
break;
case CRL_OBJ_ALGORITHM:
@@ -416,66 +425,47 @@ static void destroy(private_crl_t *this)
}
/**
- * output handler in printf()
+ * Implementation of crl_t.list.
*/
-static int print(FILE *stream, const struct printf_info *info,
- const void *const *args)
+static void list(private_crl_t *this, FILE* out, bool utc)
{
- private_crl_t *this = *((private_crl_t**)(args[0]));
- bool utc = TRUE;
- int written = 0;
time_t now;
- if (info->alt)
- {
- utc = *((bool*)args[1]);
- }
-
- if (this == NULL)
- {
- return fprintf(stream, "(null)");
- }
-
now = time(NULL);
- written += fprintf(stream, "%#T, revoked certs: %d\n", &this->installed, utc,
+ fprintf(out, "%#T, revoked certs: %d\n", &this->installed, utc,
this->revokedCertificates->get_count(this->revokedCertificates));
- written += fprintf(stream, " issuer: '%D'\n", this->issuer);
- written += fprintf(stream, " updates: this %#T\n", &this->thisUpdate, utc);
- written += fprintf(stream, " next %#T ", &this->nextUpdate, utc);
+ fprintf(out, " issuer: '%D'\n", this->issuer);
+ if (this->crlNumber.ptr)
+ {
+ fprintf(out, " crlnumber: %#B\n", &this->crlNumber);
+ }
+ fprintf(out, " updates: this %#T\n", &this->thisUpdate, utc);
+ fprintf(out, " next %#T ", &this->nextUpdate, utc);
if (this->nextUpdate == UNDEFINED_TIME)
{
- written += fprintf(stream, "ok (expires never)");
+ fprintf(out, "ok (expires never)\n");
}
else if (now > this->nextUpdate)
{
- written += fprintf(stream, "expired (%V ago)", &now, &this->nextUpdate);
+ fprintf(out, "expired (%V ago)\n", &now, &this->nextUpdate);
}
else if (now > this->nextUpdate - CRL_WARNING_INTERVAL * 60 * 60 * 24)
{
- written += fprintf(stream, "ok (expires in %V)", &now, &this->nextUpdate);
+ fprintf(out, "ok (expires in %V)\n", &now, &this->nextUpdate);
}
else
{
- written += fprintf(stream, "ok");
+ fprintf(out, "ok\n");
}
if (this->authKeyID.ptr)
{
- written += fprintf(stream, "\n authkey: %#B", &this->authKeyID);
+ fprintf(out, " authkey: %#B\n", &this->authKeyID);
}
if (this->authKeySerialNumber.ptr)
{
- written += fprintf(stream, "\n aserial: %#B", &this->authKeySerialNumber);
+ fprintf(out, " aserial: %#B\n", &this->authKeySerialNumber);
}
- return written;
-}
-
-/**
- * register printf() handlers
- */
-static void __attribute__ ((constructor))print_register()
-{
- register_printf_function(PRINTF_CRL, print, arginfo_ptr_alt_ptr_int);
}
/*
@@ -489,6 +479,7 @@ crl_t *crl_create_from_chunk(chunk_t chunk)
this->crlDistributionPoints = linked_list_create();
this->tbsCertList = chunk_empty;
this->issuer = NULL;
+ this->crlNumber = chunk_empty;
this->revokedCertificates = linked_list_create();
this->authKeyID = chunk_empty;
this->authKeySerialNumber = chunk_empty;
@@ -502,6 +493,7 @@ crl_t *crl_create_from_chunk(chunk_t chunk)
this->public.verify = (bool (*) (const crl_t*,const rsa_public_key_t*))verify;
this->public.get_status = (void (*) (const crl_t*,certinfo_t*))get_status;
this->public.write_to_file = (bool (*) (const crl_t*,const char*,mode_t,bool))write_to_file;
+ this->public.list = (void(*)(crl_t*, FILE* out, bool utc))list;
this->public.destroy = (void (*) (crl_t*))destroy;
if (!parse_x509crl(chunk, 0, this))
@@ -520,14 +512,10 @@ crl_t *crl_create_from_file(const char *filename)
{
bool pgp = FALSE;
chunk_t chunk = chunk_empty;
- crl_t *crl = NULL;
if (!pem_asn1_load_file(filename, NULL, "crl", &chunk, &pgp))
+ {
return NULL;
-
- crl = crl_create_from_chunk(chunk);
-
- if (crl == NULL)
- free(chunk.ptr);
- return crl;
+ }
+ return crl_create_from_chunk(chunk);
}
diff --git a/src/libstrongswan/crypto/crl.h b/src/libstrongswan/crypto/crl.h
index 8a11fc390..a367c3aff 100755
--- a/src/libstrongswan/crypto/crl.h
+++ b/src/libstrongswan/crypto/crl.h
@@ -104,6 +104,15 @@ struct crl_t {
* @param certinfo certinfo is updated
*/
void (*get_status) (const crl_t *this, certinfo_t *certinfo);
+
+ /**
+ * @brief Log the info of this CRL to out.
+ *
+ * @param this calling object
+ * @param out stream to write to
+ * @param utc TRUE for UTC, FALSE for local time
+ */
+ void (*list)(crl_t *this, FILE* out, bool utc);
/**
* @brief Write a der-encoded crl to a file
diff --git a/src/libstrongswan/crypto/ocsp.c b/src/libstrongswan/crypto/ocsp.c
index 471996c8e..0d8093e4a 100644
--- a/src/libstrongswan/crypto/ocsp.c
+++ b/src/libstrongswan/crypto/ocsp.c
@@ -770,7 +770,7 @@ static void ocsp_process_response(private_ocsp_t *this, response_t *res, credent
if (res->responder_cert->is_ocsp_signer(res->responder_cert))
{
DBG2("received certificate is ocsp signer");
- if (credentials->is_trusted(credentials, res->responder_cert))
+ if (credentials->is_trusted(credentials, "OCSP signing", res->responder_cert))
{
DBG1("received ocsp signer certificate is trusted");
ocsp_cert = credentials->add_auth_certificate(credentials,
diff --git a/src/libstrongswan/crypto/x509.c b/src/libstrongswan/crypto/x509.c
index 58fcff16d..5bf3f26d7 100755
--- a/src/libstrongswan/crypto/x509.c
+++ b/src/libstrongswan/crypto/x509.c
@@ -6,7 +6,12 @@
*/
/*
- * Copyright (C) 2006 Martin Willi
+ * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann
+ * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss
+ * Copyright (C) 2002 Mario Strasser
+ * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
+ * Copyright (C) 2006 Martin Willi, Andreas Steffen
+ *
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -117,6 +122,11 @@ struct private_x509_t {
identification_t *issuer;
/**
+ * link to the info recored of the certificate issuer
+ */
+ ca_info_t *ca_info;
+
+ /**
* Start time of certificate validity
*/
time_t notBefore;
@@ -172,6 +182,11 @@ struct private_x509_t {
chunk_t authKeySerialNumber;
/**
+ * Indicates if the certificate is self-signed
+ */
+ bool isSelfSigned;
+
+ /**
* CA basic constraints flag
*/
bool isCA;
@@ -249,19 +264,6 @@ static const asn1Object_t basicConstraintsObjects[] = {
#define BASIC_CONSTRAINTS_CA 1
#define BASIC_CONSTRAINTS_ROOF 4
-/**
- * ASN.1 definition of time
- */
-static const asn1Object_t timeObjects[] = {
- { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */
- { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */
- { 0, "generalizeTime",ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */
- { 0, "end opt", ASN1_EOC, ASN1_END } /* 3 */
-};
-#define TIME_UTC 0
-#define TIME_GENERALIZED 2
-#define TIME_ROOF 4
-
/**
* ASN.1 definition of a keyIdentifier
*/
@@ -545,7 +547,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
/**
* extracts one or several GNs and puts them into a chained list
*/
-static void parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list)
+void parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list)
{
asn1_ctx_t ctx;
chunk_t object;
@@ -572,33 +574,6 @@ static void parse_generalNames(chunk_t blob, int level0, bool implicit, linked_l
}
/**
- * extracts and converts a UTCTIME or GENERALIZEDTIME object
- */
-time_t parse_time(chunk_t blob, int level0)
-{
- asn1_ctx_t ctx;
- chunk_t object;
- u_int level;
- int objectID = 0;
-
- asn1_init(&ctx, blob, level0, FALSE, FALSE);
-
- while (objectID < TIME_ROOF)
- {
- if (!extract_object(timeObjects, &objectID, &object, &level, &ctx))
- return 0;
-
- if (objectID == TIME_UTC || objectID == TIME_GENERALIZED)
- {
- return asn1totime(&object, (objectID == TIME_UTC)
- ? ASN1_UTCTIME : ASN1_GENERALIZEDTIME);
- }
- objectID++;
- }
- return 0;
-}
-
-/**
* extracts a keyIdentifier
*/
static chunk_t parse_keyIdentifier(chunk_t blob, int level0, bool implicit)
@@ -624,7 +599,11 @@ void parse_authorityKeyIdentifier(chunk_t blob, int level0 , chunk_t *authKeyID,
u_int level;
int objectID = 0;
+ *authKeyID = chunk_empty;
+ *authKeySerialNumber = chunk_empty;
+
asn1_init(&ctx, blob, level0, FALSE, FALSE);
+
while (objectID < AUTH_KEY_ID_ROOF)
{
if (!extract_object(authorityKeyIdentifierObjects, &objectID, &object, &level, &ctx))
@@ -763,7 +742,7 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0, linked_list_t
/**
* Parses an X.509v3 certificate
*/
-static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *cert)
+static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *this)
{
asn1_ctx_t ctx;
bool critical;
@@ -779,38 +758,41 @@ static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *cert)
{
return FALSE;
}
+
/* those objects which will parsed further need the next higher level */
level++;
- switch (objectID) {
+
+ switch (objectID)
+ {
case X509_OBJ_CERTIFICATE:
- cert->certificate = object;
+ this->certificate = object;
break;
case X509_OBJ_TBS_CERTIFICATE:
- cert->tbsCertificate = object;
+ this->tbsCertificate = object;
break;
case X509_OBJ_VERSION:
- cert->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
- DBG2(" v%d", cert->version);
+ this->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
+ DBG2(" v%d", this->version);
break;
case X509_OBJ_SERIAL_NUMBER:
- cert->serialNumber = object;
+ this->serialNumber = object;
break;
case X509_OBJ_SIG_ALG:
- cert->sigAlg = parse_algorithmIdentifier(object, level, NULL);
+ this->sigAlg = parse_algorithmIdentifier(object, level, NULL);
break;
case X509_OBJ_ISSUER:
- cert->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(" '%D'", cert->issuer);
+ this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
+ DBG2(" '%D'", this->issuer);
break;
case X509_OBJ_NOT_BEFORE:
- cert->notBefore = parse_time(object, level);
+ this->notBefore = parse_time(object, level);
break;
case X509_OBJ_NOT_AFTER:
- cert->notAfter = parse_time(object, level);
+ this->notAfter = parse_time(object, level);
break;
case X509_OBJ_SUBJECT:
- cert->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(" '%D'", cert->subject);
+ this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
+ DBG2(" '%D'", this->subject);
break;
case X509_OBJ_SUBJECT_PUBLIC_KEY_ALGORITHM:
if (parse_algorithmIdentifier(object, level, NULL) != OID_RSA_ENCRYPTION)
@@ -832,7 +814,7 @@ static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *cert)
}
break;
case X509_OBJ_RSA_PUBLIC_KEY:
- cert->subjectPublicKey = object;
+ this->subjectPublicKey = object;
break;
case X509_OBJ_EXTN_ID:
extn_oid = known_oid(object);
@@ -843,27 +825,28 @@ static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *cert)
break;
case X509_OBJ_EXTN_VALUE:
{
- switch (extn_oid) {
+ switch (extn_oid)
+ {
case OID_SUBJECT_KEY_ID:
- cert->subjectKeyID = chunk_clone(parse_keyIdentifier(object, level, FALSE));
+ this->subjectKeyID = chunk_clone(parse_keyIdentifier(object, level, FALSE));
break;
case OID_SUBJECT_ALT_NAME:
- parse_generalNames(object, level, FALSE, cert->subjectAltNames);
+ parse_generalNames(object, level, FALSE, this->subjectAltNames);
break;
case OID_BASIC_CONSTRAINTS:
- cert->isCA = parse_basicConstraints(object, level);
+ this->isCA = parse_basicConstraints(object, level);
break;
case OID_CRL_DISTRIBUTION_POINTS:
- parse_crlDistributionPoints(object, level, cert->crlDistributionPoints);
+ parse_crlDistributionPoints(object, level, this->crlDistributionPoints);
break;
case OID_AUTHORITY_KEY_ID:
- parse_authorityKeyIdentifier(object, level , &cert->authKeyID, &cert->authKeySerialNumber);
+ parse_authorityKeyIdentifier(object, level , &this->authKeyID, &this->authKeySerialNumber);
break;
case OID_AUTHORITY_INFO_ACCESS:
- parse_authorityInfoAccess(object, level, cert->ocspAccessLocations);
+ parse_authorityInfoAccess(object, level, this->ocspAccessLocations);
break;
case OID_EXTENDED_KEY_USAGE:
- cert->isOcspSigner = parse_extendedKeyUsage(object, level);
+ this->isOcspSigner = parse_extendedKeyUsage(object, level);
break;
case OID_NS_REVOCATION_URL:
case OID_NS_CA_REVOCATION_URL:
@@ -878,10 +861,10 @@ static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *cert)
break;
}
case X509_OBJ_ALGORITHM:
- cert->algorithm = parse_algorithmIdentifier(object, level, NULL);
+ this->algorithm = parse_algorithmIdentifier(object, level, NULL);
break;
case X509_OBJ_SIGNATURE:
- cert->signature = object;
+ this->signature = object;
break;
default:
break;
@@ -889,15 +872,16 @@ static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *cert)
objectID++;
}
- if (cert->subjectKeyID.ptr == NULL)
+ /* generate the subjectKeyID if it is missing in the certificate */
+ if (this->subjectKeyID.ptr == NULL)
{
hasher_t *hasher = hasher_create(HASH_SHA1);
- hasher->allocate_hash(hasher, cert->subjectPublicKey, &cert->subjectKeyID);
+ hasher->allocate_hash(hasher, this->subjectPublicKey, &this->subjectKeyID);
hasher->destroy(hasher);
}
- time(&cert->installed);
+ this->installed = time(NULL);
return TRUE;
}
@@ -950,7 +934,7 @@ static bool is_ocsp_signer(const private_x509_t *this)
*/
static bool is_self_signed(const private_x509_t *this)
{
- return this->subject->equals(this->subject, this->issuer);
+ return this->isSelfSigned;
}
/**
@@ -1043,6 +1027,22 @@ static identification_t *get_subject(const private_x509_t *this)
}
/**
+ * Implements x509_t.set_ca_info
+ */
+static void set_ca_info(private_x509_t *this, ca_info_t *ca_info)
+{
+ this->ca_info = ca_info;
+}
+
+/**
+ * Implements x509_t.get_ca_info
+ */
+static ca_info_t *get_ca_info(const private_x509_t *this)
+{
+ return this->ca_info;
+}
+
+/**
* Implements x509_t.set_until
*/
static void set_until(private_x509_t *this, time_t until)
@@ -1121,39 +1121,23 @@ static bool verify(const private_x509_t *this, const rsa_public_key_t *signer)
{
return signer->verify_emsa_pkcs1_signature(signer, this->tbsCertificate, this->signature) == SUCCESS;
}
-
+
/**
- * output handler in printf()
+ * Implementation of x509_t.list.
*/
-static int print(FILE *stream, const struct printf_info *info,
- const void *const *args)
+static void list(private_x509_t *this, FILE *out, bool utc)
{
- private_x509_t *this = *((private_x509_t**)(args[0]));
iterator_t *iterator;
- bool utc = TRUE;
- int written = 0;
-
- if (info->alt)
- {
- utc = *((bool*)(args[1]));
- }
-
- if (this == NULL)
- {
- return fprintf(stream, "(null)");
- }
-
- /* determine the current time */
time_t now = time(NULL);
- written += fprintf(stream, "%#T\n", &this->installed, utc);
+ fprintf(out, "%#T\n", &this->installed, utc);
if (this->subjectAltNames->get_count(this->subjectAltNames))
{
identification_t *subjectAltName;
bool first = TRUE;
- written += fprintf(stream, " altNames: ");
+ fprintf(out, " altNames: ");
iterator = this->subjectAltNames->create_iterator(this->subjectAltNames, TRUE);
while (iterator->iterate(iterator, (void**)&subjectAltName))
{
@@ -1163,71 +1147,71 @@ static int print(FILE *stream, const struct printf_info *info,
}
else
{
- written += fprintf(stream, ", ");
+ fprintf(out, ", ");
}
- written += fprintf(stream, "'%D'", subjectAltName);
+ fprintf(out, "'%D'", subjectAltName);
}
iterator->destroy(iterator);
- written += fprintf(stream, "\n");
+ fprintf(out, "\n");
}
- written += fprintf(stream, " subject: '%D'\n", this->subject);
- written += fprintf(stream, " issuer: '%D'\n", this->issuer);
- written += fprintf(stream, " serial: %#B\n", &this->serialNumber);
- written += fprintf(stream, " validity: not before %#T, ", &this->notBefore, utc);
+ fprintf(out, " subject: '%D'\n", this->subject);
+ fprintf(out, " issuer: '%D'\n", this->issuer);
+ fprintf(out, " serial: %#B\n", &this->serialNumber);
+ fprintf(out, " validity: not before %#T, ", &this->notBefore, utc);
if (now < this->notBefore)
{
- written += fprintf(stream, "not valid yet (valid in %V)\n", &now, &this->notBefore);
+ fprintf(out, "not valid yet (valid in %V)\n", &now, &this->notBefore);
}
else
{
- written += fprintf(stream, "ok\n");
+ fprintf(out, "ok\n");
}
- written += fprintf(stream, " not after %#T, ", &this->notAfter, utc);
+ fprintf(out, " not after %#T, ", &this->notAfter, utc);
if (now > this->notAfter)
{
- written += fprintf(stream, "expired (%V ago)\n", &now, &this->notAfter);
+ fprintf(out, "expired (%V ago)\n", &now, &this->notAfter);
}
else
{
- written += fprintf(stream, "ok");
+ fprintf(out, "ok");
if (now > this->notAfter - CERT_WARNING_INTERVAL * 60 * 60 * 24)
{
- written += fprintf(stream, " (expires in %V)", &now, &this->notAfter);
+ fprintf(out, " (expires in %V)", &now, &this->notAfter);
}
- written += fprintf(stream, " \n");
+ fprintf(out, " \n");
}
{
chunk_t keyid = this->public_key->get_keyid(this->public_key);
- written += fprintf(stream, " keyid: %#B\n", &keyid);
+ fprintf(out, " keyid: %#B\n", &keyid);
}
if (this->subjectKeyID.ptr)
{
- written += fprintf(stream, " subjkey: %#B\n", &this->subjectKeyID);
+ fprintf(out, " subjkey: %#B\n", &this->subjectKeyID);
}
if (this->authKeyID.ptr)
{
- written += fprintf(stream, " authkey: %#B\n", &this->authKeyID);
+ fprintf(out, " authkey: %#B\n", &this->authKeyID);
}
if (this->authKeySerialNumber.ptr)
{
- written += fprintf(stream, " aserial: %#B\n", &this->authKeySerialNumber);
+ fprintf(out, " aserial: %#B\n", &this->authKeySerialNumber);
}
- written += fprintf(stream, " pubkey: RSA %d bits", BITS_PER_BYTE *
- this->public_key->get_keysize(this->public_key));
- written += fprintf(stream, ", status %N",
- cert_status_names, this->status);
+ fprintf(out, " pubkey: RSA %d bits", BITS_PER_BYTE *
+ this->public_key->get_keysize(this->public_key));
+ fprintf(out, ", status %N",
+ cert_status_names, this->status);
switch (this->status)
{
case CERT_GOOD:
- written += fprintf(stream, " until %#T", &this->until, utc);
+ fprintf(out, " until %#T", &this->until, utc);
break;
case CERT_REVOKED:
- written += fprintf(stream, " on %#T", &this->until, utc);
+ fprintf(out, " on %#T", &this->until, utc);
break;
case CERT_UNKNOWN:
case CERT_UNDEFINED:
@@ -1235,15 +1219,6 @@ static int print(FILE *stream, const struct printf_info *info,
default:
break;
}
- return written;
-}
-
-/**
- * register printf() handlers
- */
-static void __attribute__ ((constructor))print_register()
-{
- register_printf_function(PRINTF_X509, print, arginfo_ptr_alt_ptr_int);
}
/**
@@ -1277,6 +1252,7 @@ x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
this->public_key = NULL;
this->subject = NULL;
this->issuer = NULL;
+ this->ca_info = NULL;
this->subjectAltNames = linked_list_create();
this->crlDistributionPoints = linked_list_create();
this->ocspAccessLocations = linked_list_create();
@@ -1284,6 +1260,8 @@ x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
this->authKeyID = chunk_empty;
this->authKeySerialNumber = chunk_empty;
this->authority_flags = AUTH_NONE;
+ this->isCA = FALSE;
+ this->isOcspSigner = FALSE;
/* public functions */
this->public.equals = (bool (*) (const x509_t*,const x509_t*))equals;
@@ -1300,6 +1278,8 @@ x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
this->public.get_keyid = (chunk_t (*) (const x509_t*))get_keyid;
this->public.get_issuer = (identification_t* (*) (const x509_t*))get_issuer;
this->public.get_subject = (identification_t* (*) (const x509_t*))get_subject;
+ this->public.set_ca_info = (void (*) (x509_t*,ca_info_t*))set_ca_info;
+ this->public.get_ca_info = (ca_info_t* (*) (const x509_t*))get_ca_info;
this->public.set_until = (void (*) (x509_t*,time_t))set_until;
this->public.get_until = (time_t (*) (const x509_t*))get_until;
this->public.set_status = (void (*) (x509_t*,cert_status_t))set_status;
@@ -1310,6 +1290,7 @@ x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
this->public.create_crluri_iterator = (iterator_t* (*) (const x509_t*))create_crluri_iterator;
this->public.create_ocspuri_iterator = (iterator_t* (*) (const x509_t*))create_ocspuri_iterator;
this->public.verify = (bool (*) (const x509_t*,const rsa_public_key_t*))verify;
+ this->public.list = (void(*)(x509_t*, FILE *out, bool utc))list;
this->public.destroy = (void (*) (x509_t*))destroy;
if (!parse_certificate(chunk, level, this))
@@ -1325,9 +1306,27 @@ x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
destroy(this);
return NULL;
}
+
/* set trusted lifetime of public key to notAfter */
- this->status = is_self_signed(this)? CERT_GOOD:CERT_UNDEFINED;
this->until = this->notAfter;
+
+ /* check if the certificate is self-signed */
+ this->isSelfSigned = FALSE;
+ if (this->subject->equals(this->subject, this->issuer))
+ {
+ this->isSelfSigned = this->public_key->verify_emsa_pkcs1_signature(this->public_key,
+ this->tbsCertificate, this->signature) == SUCCESS;
+ }
+ if (this->isSelfSigned)
+ {
+ DBG2(" certificate is self-signed");
+ this->status = CERT_GOOD;
+ }
+ else
+ {
+ this->status = CERT_UNDEFINED;
+ }
+
return &this->public;
}
@@ -1338,17 +1337,13 @@ x509_t *x509_create_from_file(const char *filename, const char *label)
{
bool pgp = FALSE;
chunk_t chunk = chunk_empty;
- x509_t *cert = NULL;
char cert_label[BUF_LEN];
snprintf(cert_label, BUF_LEN, "%s certificate", label);
if (!pem_asn1_load_file(filename, NULL, cert_label, &chunk, &pgp))
+ {
return NULL;
-
- cert = x509_create_from_chunk(chunk, 0);
-
- if (cert == NULL)
- free(chunk.ptr);
- return cert;
+ }
+ return x509_create_from_chunk(chunk, 0);
}
diff --git a/src/libstrongswan/crypto/x509.h b/src/libstrongswan/crypto/x509.h
index a949d99d2..c6fe148d4 100755
--- a/src/libstrongswan/crypto/x509.h
+++ b/src/libstrongswan/crypto/x509.h
@@ -6,7 +6,12 @@
*/
/*
+ * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann
+ * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss
+ * Copyright (C) 2002 Mario Strasser
+ * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
* Copyright (C) 2006 Martin Willi, Andreas Steffen
+ *
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -28,8 +33,10 @@ typedef struct x509_t x509_t;
#include <library.h>
#include <crypto/rsa/rsa_public_key.h>
#include <crypto/certinfo.h>
+#include <crypto/ca.h>
#include <utils/identification.h>
#include <utils/iterator.h>
+#include <utils/linked_list.h>
/* authority flags */
@@ -44,12 +51,8 @@ typedef struct x509_t x509_t;
* @b Constructors:
* - x509_create_from_chunk()
* - x509_create_from_file()
- *
- * @todo more code cleanup needed!
- * @todo fix unimplemented functions...
- * @todo handle memory management
*
- * @ingroup transforms
+ * @ingroup crypto
*/
struct x509_t {
@@ -151,7 +154,7 @@ struct x509_t {
chunk_t (*get_keyid) (const x509_t *this);
/**
- * @brief Get the certificate issuer's ID.
+ * @brief Get the issuerDistinguishedName
*
* The resulting ID is always a identification_t
* of type ID_DER_ASN1_DN.
@@ -162,7 +165,7 @@ struct x509_t {
identification_t *(*get_issuer) (const x509_t *this);
/**
- * @brief Get the subjectDistinguisheName.
+ * @brief Get the subjectDistinguishedName.
*
* The resulting ID is always a identification_t
* of type ID_DER_ASN1_DN.
@@ -173,6 +176,26 @@ struct x509_t {
identification_t *(*get_subject) (const x509_t *this);
/**
+ * @brief Set a link ca info
+ *
+ * @param this calling object
+ * @param ca_info link to the info record of the issuing ca
+ */
+ void (*set_ca_info) (x509_t *this, ca_info_t *ca_info);
+
+ /**
+ * @brief Get the .
+ *
+ * The resulting ID is always a identification_t
+ * of type ID_DER_ASN1_DN.
+ *
+ * @param this calling object
+ * @return link to the info record of the issuing ca
+ * or NULL if it does not [yet] exist
+ */
+ ca_info_t *(*get_ca_info) (const x509_t *this);
+
+ /**
* @brief Create an iterator for the crlDistributionPoints.
*
* @param this calling object
@@ -257,7 +280,16 @@ struct x509_t {
* @return TRUE if self-signed
*/
bool (*is_self_signed) (const x509_t *this);
-
+
+ /**
+ * @brief Log the certificate info to out.
+ *
+ * @param this calling object
+ * @param out stream to write to
+ * @param utc TRUE for UTC times, FALSE for local time
+ */
+ void (*list)(x509_t *this, FILE *out, bool utc);
+
/**
* @brief Destroys the certificate.
*
@@ -272,7 +304,7 @@ struct x509_t {
* @param chunk chunk containing DER encoded data
* @return created x509_t certificate, or NULL if invlid.
*
- * @ingroup transforms
+ * @ingroup crypto
*/
x509_t *x509_create_from_chunk(chunk_t chunk, u_int level);
@@ -283,8 +315,32 @@ x509_t *x509_create_from_chunk(chunk_t chunk, u_int level);
* @param label label describing kind of certificate
* @return created x509_t certificate, or NULL if invalid.
*
- * @ingroup transforms
+ * @ingroup crypto
*/
x509_t *x509_create_from_file(const char *filename, const char *label);
+/**
+ * @brief Parses a DER encoded authorityKeyIdentifier
+ *
+ * @param blob blob containing DER encoded data
+ * @param level0 indicates the current parsing level
+ * @param authKeyID assigns the authorityKeyIdentifier
+ * @param authKeySerialNumber assigns the authKeySerialNumber
+ *
+ * @ingroup crypto
+ */
+void parse_authorityKeyIdentifier(chunk_t blob, int level0, chunk_t *authKeyID, chunk_t *authKeySerialNumber);
+
+/**
+ * @brief Parses DER encoded generalNames
+ *
+ * @param blob blob containing DER encoded data
+ * @param level0 indicates the current parsing level
+ * @param implicit implicit coding is used
+ * @param list linked list of decoded generalNames
+ *
+ * @ingroup crypto
+ */
+void parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list);
+
#endif /* X509_H_ */
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index 7c7f087f0..67a05f118 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -234,6 +234,15 @@ enum status_t {
};
/**
+ * used by strict_crl_policy
+ */
+typedef enum {
+ STRICT_NO,
+ STRICT_YES,
+ STRICT_IFURI
+} strict_t;
+
+/**
* enum_names for type status_t.
*/
extern enum_name_t *status_names;
diff --git a/src/libstrongswan/printf_hook.h b/src/libstrongswan/printf_hook.h
index 45184a8f0..03bcf447d 100644
--- a/src/libstrongswan/printf_hook.h
+++ b/src/libstrongswan/printf_hook.h
@@ -38,30 +38,14 @@
#define PRINTF_IDENTIFICATION 'D'
/** 1 argumnet: host_t *host; use #-modifier to include port number */
#define PRINTF_HOST 'H'
-/** 1 argument: ike_sa_id_t *id */
-#define PRINTF_IKE_SA_ID 'J'
/** 1 argument: ike_sa_t *ike_sa */
-#define PRINTF_IKE_SA 'K'
-/** 1 argument: message_t *message */
-#define PRINTF_MESSAGE 'M'
-/** 2 arguments: enum_name_t *name, long value */
#define PRINTF_ENUM 'N'
/** 1 argument: child_sa_t *child_sa */
-#define PRINTF_CHILD_SA 'P'
-/** 1 argument: traffic_selector_t *ts */
#define PRINTF_TRAFFIC_SELECTOR 'R'
/** 1 argument: time_t *time; with #-modifier 2 arguments: time_t *time, bool utc */
#define PRINTF_TIME 'T'
-/** 1 argument: x509_t *cert; with #-modifier 2 arguments: x509_t *cert, bool utc */
-#define PRINTF_X509 'Q'
-/** 1 argument: crl_t *crl; with #-modifier 2 arguments: crl_t *crl, bool utc */
-#define PRINTF_CRL 'U'
/** 2 arguments: time_t *begin, time_t *end */
#define PRINTF_TIME_DELTA 'V'
-/** 1 argument: ca_info_t *ca_info; with #-modifier 2 arguments: ca_info_t *ca_info, bool utc */
-#define PRINTF_CAINFO 'W'
-/** 1 argument: certinfo_t *certinfo; with #-modifier 2 arguments: certinfo_t *certinfo, bool utc */
-#define PRINTF_CERTINFO 'Y'
/**
* Generic arginfo handlers for printf() hooks
diff --git a/src/libstrongswan/utils/fetcher.c b/src/libstrongswan/utils/fetcher.c
index 6165cc1e1..7a06999aa 100644
--- a/src/libstrongswan/utils/fetcher.c
+++ b/src/libstrongswan/utils/fetcher.c
@@ -25,6 +25,9 @@
#endif /* LIBCURL */
#ifdef LIBLDAP
+#ifndef LDAP_DEPRECATED
+#define LDAP_DEPRECATED 1
+#endif
#include <ldap.h>
#endif /* LIBLDAP */
diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c
index 8cbfd6ab8..68e9c9500 100644
--- a/src/libstrongswan/utils/host.c
+++ b/src/libstrongswan/utils/host.c
@@ -325,7 +325,7 @@ static bool equals(private_host_t *this, private_host_t *other)
{
if (!ip_equals(this, other))
{
- return FAILED;
+ return FALSE;
}
switch (this->address.sa_family)
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index 341af39c0..673cbb828 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -738,8 +738,15 @@ static bool contains_wildcards(private_identification_t *this)
*/
static bool equals_binary(private_identification_t *this, private_identification_t *other)
{
- return this->type == other->type &&
- chunk_equals(this->encoded, other->encoded);
+ if (this->type == other->type)
+ {
+ if (this->type == ID_ANY)
+ {
+ return TRUE;
+ }
+ return chunk_equals(this->encoded, other->encoded);
+ }
+ return FALSE;
}
/**
@@ -956,7 +963,10 @@ static identification_t *clone_(private_identification_t *this)
private_identification_t *clone = identification_create();
clone->type = this->type;
- clone->encoded = chunk_clone(this->encoded);
+ if (this->encoded.len)
+ {
+ clone->encoded = chunk_clone(this->encoded);
+ }
clone->public.equals = this->public.equals;
clone->public.matches = this->public.matches;
diff --git a/src/openac/Makefile.in b/src/openac/Makefile.in
index 8a2bee51f..67396085c 100644
--- a/src/openac/Makefile.in
+++ b/src/openac/Makefile.in
@@ -127,6 +127,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -139,6 +140,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -149,8 +151,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -172,6 +178,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -181,6 +188,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -194,9 +203,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -211,6 +224,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
openac_SOURCES = openac.c build.c build.h loglite.c
INCLUDES = \
-I$(top_srcdir)/src/libfreeswan \
diff --git a/src/openac/build.c b/src/openac/build.c
index bd3df6fee..0c6a2be3b 100644
--- a/src/openac/build.c
+++ b/src/openac/build.c
@@ -31,212 +31,201 @@
#include "build.h"
static u_char ASN1_group_oid_str[] = {
- 0x06, 0x08,
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a ,0x04
+ 0x06, 0x08,
+ 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a ,0x04
};
static const chunk_t ASN1_group_oid = strchunk(ASN1_group_oid_str);
static u_char ASN1_authorityKeyIdentifier_oid_str[] = {
- 0x06, 0x03,
- 0x55, 0x1d, 0x23
+ 0x06, 0x03,
+ 0x55, 0x1d, 0x23
};
static const chunk_t ASN1_authorityKeyIdentifier_oid
= strchunk(ASN1_authorityKeyIdentifier_oid_str);
static u_char ASN1_noRevAvail_ext_str[] = {
- 0x30, 0x09,
- 0x06, 0x03,
- 0x55, 0x1d, 0x38,
- 0x04, 0x02,
- 0x05, 0x00
+ 0x30, 0x09,
+ 0x06, 0x03,
+ 0x55, 0x1d, 0x38,
+ 0x04, 0x02,
+ 0x05, 0x00
};
static const chunk_t ASN1_noRevAvail_ext = strchunk(ASN1_noRevAvail_ext_str);
-/*
+/**
* build directoryName
*/
-static chunk_t
-build_directoryName(asn1_t tag, chunk_t name)
+static chunk_t build_directoryName(asn1_t tag, chunk_t name)
{
- return asn1_wrap(tag, "m"
- , asn1_simple_object(ASN1_CONTEXT_C_4, name));
+ return asn1_wrap(tag, "m",
+ asn1_simple_object(ASN1_CONTEXT_C_4, name));
}
-/*
+/**
* build holder
*/
-static chunk_t
-build_holder(void)
+static chunk_t build_holder(void)
{
- return asn1_wrap(ASN1_SEQUENCE, "mm"
- , asn1_wrap(ASN1_CONTEXT_C_0, "mm"
- , build_directoryName(ASN1_SEQUENCE, user->issuer)
- , asn1_simple_object(ASN1_INTEGER, user->serialNumber)
- )
- , build_directoryName(ASN1_CONTEXT_C_1, user->subject));
+ return asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_wrap(ASN1_CONTEXT_C_0, "mm",
+ build_directoryName(ASN1_SEQUENCE, user->issuer),
+ asn1_simple_object(ASN1_INTEGER, user->serialNumber)
+ ),
+ build_directoryName(ASN1_CONTEXT_C_1, user->subject));
}
-/*
+/**
* build v2Form
*/
-static chunk_t
-build_v2_form(void)
+static chunk_t build_v2_form(void)
{
- return asn1_wrap(ASN1_CONTEXT_C_0, "m"
- , build_directoryName(ASN1_SEQUENCE, signer->subject));
+ return asn1_wrap(ASN1_CONTEXT_C_0, "m",
+ build_directoryName(ASN1_SEQUENCE, signer->subject));
}
-/*
+/**
* build attrCertValidityPeriod
*/
-static chunk_t
-build_attr_cert_validity(void)
+static chunk_t build_attr_cert_validity(void)
{
- return asn1_wrap(ASN1_SEQUENCE, "mm"
- , timetoasn1(&notBefore, ASN1_GENERALIZEDTIME)
- , timetoasn1(&notAfter, ASN1_GENERALIZEDTIME));
+ return asn1_wrap(ASN1_SEQUENCE, "mm",
+ timetoasn1(&notBefore, ASN1_GENERALIZEDTIME),
+ timetoasn1(&notAfter, ASN1_GENERALIZEDTIME));
}
-/*
+/**
* build attributes
*/
-static chunk_t
-build_ietfAttributes(ietfAttrList_t *list)
+static chunk_t build_ietfAttributes(ietfAttrList_t *list)
{
- chunk_t ietfAttributes;
- ietfAttrList_t *item = list;
- size_t size = 0;
- u_char *pos;
-
- /* precalculate the total size of all values */
- while (item != NULL)
- {
- size_t len = item->attr->value.len;
-
- size += 1 + (len > 0) + (len >= 128) + (len >= 256) + (len >= 65536) + len;
- item = item->next;
- }
- pos = build_asn1_object(&ietfAttributes, ASN1_SEQUENCE, size);
-
- while (list != NULL)
- {
- ietfAttr_t *attr = list->attr;
- asn1_t type = ASN1_NULL;
-
- switch (attr->kind)
+ chunk_t ietfAttributes;
+ ietfAttrList_t *item = list;
+ size_t size = 0;
+ u_char *pos;
+
+ /* precalculate the total size of all values */
+ while (item != NULL)
{
- case IETF_ATTRIBUTE_OCTETS:
- type = ASN1_OCTET_STRING;
- break;
- case IETF_ATTRIBUTE_STRING:
- type = ASN1_UTF8STRING;
- break;
- case IETF_ATTRIBUTE_OID:
- type = ASN1_OID;
- break;
+ size_t len = item->attr->value.len;
+
+ size += 1 + (len > 0) + (len >= 128) + (len >= 256) + (len >= 65536) + len;
+ item = item->next;
}
- mv_chunk(&pos, asn1_simple_object(type, attr->value));
+ pos = build_asn1_object(&ietfAttributes, ASN1_SEQUENCE, size);
- list = list->next;
- }
+ while (list != NULL)
+ {
+ ietfAttr_t *attr = list->attr;
+ asn1_t type = ASN1_NULL;
+
+ switch (attr->kind)
+ {
+ case IETF_ATTRIBUTE_OCTETS:
+ type = ASN1_OCTET_STRING;
+ break;
+ case IETF_ATTRIBUTE_STRING:
+ type = ASN1_UTF8STRING;
+ break;
+ case IETF_ATTRIBUTE_OID:
+ type = ASN1_OID;
+ break;
+ }
+ mv_chunk(&pos, asn1_simple_object(type, attr->value));
+
+ list = list->next;
+ }
- return asn1_wrap(ASN1_SEQUENCE, "m", ietfAttributes);
+ return asn1_wrap(ASN1_SEQUENCE, "m", ietfAttributes);
}
-/*
+/**
* build attribute type
*/
-static chunk_t
-build_attribute_type(const chunk_t type, chunk_t content)
+static chunk_t build_attribute_type(const chunk_t type, chunk_t content)
{
- return asn1_wrap(ASN1_SEQUENCE, "cm"
- , type
- , asn1_wrap(ASN1_SET, "m", content));
+ return asn1_wrap(ASN1_SEQUENCE, "cm",
+ type,
+ asn1_wrap(ASN1_SET, "m", content));
}
-/*
+/**
* build attributes
*/
-static chunk_t
-build_attributes(void)
+static chunk_t build_attributes(void)
{
- return asn1_wrap(ASN1_SEQUENCE, "m"
- , build_attribute_type(ASN1_group_oid
- , build_ietfAttributes(groups)));
+ return asn1_wrap(ASN1_SEQUENCE, "m",
+ build_attribute_type(ASN1_group_oid,
+ build_ietfAttributes(groups)));
}
-/*
+/**
* build authorityKeyIdentifier
*/
-static chunk_t
-build_authorityKeyID(x509cert_t *signer)
+static chunk_t build_authorityKeyID(x509cert_t *signer)
{
- chunk_t keyIdentifier = (signer->subjectKeyID.ptr == NULL)
- ? empty_chunk
- : asn1_simple_object(ASN1_CONTEXT_S_0
- , signer->subjectKeyID);
-
- chunk_t authorityCertIssuer = build_directoryName(ASN1_CONTEXT_C_1
- , signer->issuer);
-
- chunk_t authorityCertSerialNumber = asn1_simple_object(ASN1_CONTEXT_S_2
- , signer->serialNumber);
-
- return asn1_wrap(ASN1_SEQUENCE, "cm"
- , ASN1_authorityKeyIdentifier_oid
- , asn1_wrap(ASN1_OCTET_STRING, "m"
- , asn1_wrap(ASN1_SEQUENCE, "mmm"
- , keyIdentifier
- , authorityCertIssuer
- , authorityCertSerialNumber
- )
- )
- );
+ chunk_t keyIdentifier = (signer->subjectKeyID.ptr == NULL)
+ ? empty_chunk
+ : asn1_simple_object(ASN1_CONTEXT_S_0,
+ signer->subjectKeyID);
+
+ chunk_t authorityCertIssuer = build_directoryName(ASN1_CONTEXT_C_1,
+ signer->issuer);
+
+ chunk_t authorityCertSerialNumber = asn1_simple_object(ASN1_CONTEXT_S_2,
+ signer->serialNumber);
+
+ return asn1_wrap(ASN1_SEQUENCE, "cm",
+ ASN1_authorityKeyIdentifier_oid,
+ asn1_wrap(ASN1_OCTET_STRING, "m",
+ asn1_wrap(ASN1_SEQUENCE, "mmm",
+ keyIdentifier,
+ authorityCertIssuer,
+ authorityCertSerialNumber
+ )
+ )
+ );
}
-/*
+/**
* build extensions
*/
-static chunk_t
-build_extensions(void)
+static chunk_t build_extensions(void)
{
- return asn1_wrap(ASN1_SEQUENCE, "mc"
- , build_authorityKeyID(signer)
- , ASN1_noRevAvail_ext);
+ return asn1_wrap(ASN1_SEQUENCE, "mc",
+ build_authorityKeyID(signer),
+ ASN1_noRevAvail_ext);
}
-/*
+/**
* build attributeCertificateInfo
*/
-static chunk_t
-build_attr_cert_info(void)
+static chunk_t build_attr_cert_info(void)
{
- return asn1_wrap(ASN1_SEQUENCE, "cmmcmmmm"
- , ASN1_INTEGER_1
- , build_holder()
- , build_v2_form()
- , ASN1_sha1WithRSA_id
- , asn1_simple_object(ASN1_INTEGER, serial)
- , build_attr_cert_validity()
- , build_attributes()
- , build_extensions());
+ return asn1_wrap(ASN1_SEQUENCE, "cmmcmmmm",
+ ASN1_INTEGER_1,
+ build_holder(),
+ build_v2_form(),
+ ASN1_sha1WithRSA_id,
+ asn1_simple_object(ASN1_INTEGER, serial),
+ build_attr_cert_validity(),
+ build_attributes(),
+ build_extensions());
}
-/*
+/**
* build an X.509 attribute certificate
*/
-chunk_t
-build_attr_cert(void)
+chunk_t build_attr_cert(void)
{
- chunk_t attributeCertificateInfo = build_attr_cert_info();
- chunk_t signatureValue = pkcs1_build_signature(attributeCertificateInfo
- , OID_SHA1, signerkey, TRUE);
-
- return asn1_wrap(ASN1_SEQUENCE, "mcm"
- , attributeCertificateInfo
- , ASN1_sha1WithRSA_id
- , signatureValue);
+ chunk_t attributeCertificateInfo = build_attr_cert_info();
+ chunk_t signatureValue = pkcs1_build_signature(attributeCertificateInfo,
+ OID_SHA1, signerkey, TRUE);
+
+ return asn1_wrap(ASN1_SEQUENCE, "mcm",
+ attributeCertificateInfo,
+ ASN1_sha1WithRSA_id,
+ signatureValue);
}
diff --git a/src/openac/openac.c b/src/openac/openac.c
index 00f287b3a..e3f92fbd2 100755
--- a/src/openac/openac.c
+++ b/src/openac/openac.c
@@ -57,107 +57,113 @@ bool pkcs11_keep_state = FALSE;
static void
usage(const char *mess)
{
- if (mess != NULL && *mess != '\0')
- fprintf(stderr, "%s\n", mess);
- fprintf(stderr
- , "Usage: openac"
- " [--help]"
- " [--version]"
- " [--optionsfrom <filename>]"
- " [--quiet]"
+ if (mess != NULL && *mess != '\0')
+ {
+ fprintf(stderr, "%s\n", mess);
+ }
+ fprintf(stderr, "Usage: openac"
+ " [--help]"
+ " [--version]"
+ " [--optionsfrom <filename>]"
+ " [--quiet]"
#ifdef DEBUG
- " \\\n\t"
- " [--debug-all]"
- " [--debug-parsing]"
- " [--debug-raw]"
- " [--debug-private]"
+ " \\\n\t"
+ " [--debug-all]"
+ " [--debug-parsing]"
+ " [--debug-raw]"
+ " [--debug-private]"
#endif
- " \\\n\t"
- " [--days <days>]"
- " [--hours <hours>]"
- " \\\n\t"
- " [--startdate <YYYYMMDDHHMMSSZ>]"
- " [--enddate <YYYYMMDDHHMMSSZ>]"
- " \\\n\t"
- " --cert <certfile>"
- " --key <keyfile>"
- " [--password <password>]"
- " \\\n\t"
- " --usercert <certfile>"
- " --groups <attr1,attr2,..>"
- " --out <filename>"
- "\n"
- );
- exit(mess == NULL? 0 : 1);
+ " \\\n\t"
+ " [--days <days>]"
+ " [--hours <hours>]"
+ " \\\n\t"
+ " [--startdate <YYYYMMDDHHMMSSZ>]"
+ " [--enddate <YYYYMMDDHHMMSSZ>]"
+ " \\\n\t"
+ " --cert <certfile>"
+ " --key <keyfile>"
+ " [--password <password>]"
+ " \\\n\t"
+ " --usercert <certfile>"
+ " --groups <attr1,attr2,..>"
+ " --out <filename>"
+ "\n"
+ );
+ exit(mess == NULL? 0 : 1);
}
-/*
+/**
* read the last serial number from file
*/
-static chunk_t
-read_serial(void)
+static chunk_t read_serial(void)
{
- MP_INT number;
+ MP_INT number;
- char buf[BUF_LEN];
- char bytes[BUF_LEN];
+ char buf[BUF_LEN];
+ char bytes[BUF_LEN];
- FILE *fd = fopen(OPENAC_SERIAL, "r");
+ FILE *fd = fopen(OPENAC_SERIAL, "r");
- /* serial number defaults to 0 */
- size_t len = 1;
- bytes[0] = 0x00;
+ /* serial number defaults to 0 */
+ size_t len = 1;
+ bytes[0] = 0x00;
- if (fd)
- {
- if (fscanf(fd, "%s", buf))
+ if (fd)
{
- err_t ugh = ttodata(buf, 0, 16, bytes, BUF_LEN, &len);
-
- if (ugh != NULL)
- plog(" error reading serial number from %s: %s"
- , OPENAC_SERIAL, ugh);
+ if (fscanf(fd, "%s", buf))
+ {
+ err_t ugh = ttodata(buf, 0, 16, bytes, BUF_LEN, &len);
+
+ if (ugh != NULL)
+ {
+ plog(" error reading serial number from %s: %s"
+ , OPENAC_SERIAL, ugh);
+ }
+ }
+ fclose(fd);
}
- fclose(fd);
- }
- else
- plog(" file '%s' does not exist yet - serial number set to 01"
+ else
+ {
+ plog(" file '%s' does not exist yet - serial number set to 01"
, OPENAC_SERIAL);
+ }
- /* conversion of read serial number to a multiprecision integer
- * and incrementing it by one
- * and representing it as a two's complement octet string
- */
- n_to_mpz(&number, bytes, len);
- mpz_add_ui(&number, &number, 0x01);
- serial = mpz_to_n(&number, 1 + mpz_sizeinbase(&number, 2)/BITS_PER_BYTE);
- mpz_clear(&number);
-
- return serial;
+ /**
+ * conversion of read serial number to a multiprecision integer
+ * and incrementing it by one
+ * and representing it as a two's complement octet string
+ */
+ n_to_mpz(&number, bytes, len);
+ mpz_add_ui(&number, &number, 0x01);
+ serial = mpz_to_n(&number, 1 + mpz_sizeinbase(&number, 2)/BITS_PER_BYTE);
+ mpz_clear(&number);
+
+ return serial;
}
-/*
+/**
* write back the last serial number to file
*/
-static void
-write_serial(chunk_t serial)
+static void write_serial(chunk_t serial)
{
- char buf[BUF_LEN];
-
- FILE *fd = fopen(OPENAC_SERIAL, "w");
-
- if (fd)
- {
- datatot(serial.ptr, serial.len, 16, buf, BUF_LEN);
- plog(" serial number is %s", buf);
- fprintf(fd, "%s\n", buf);
- fclose(fd);
- }
- else
- plog(" could not open file '%s' for writing", OPENAC_SERIAL);
+ char buf[BUF_LEN];
+
+ FILE *fd = fopen(OPENAC_SERIAL, "w");
+
+ if (fd)
+ {
+ datatot(serial.ptr, serial.len, 16, buf, BUF_LEN);
+ plog(" serial number is %s", buf);
+ fprintf(fd, "%s\n", buf);
+ fclose(fd);
+ }
+ else
+ {
+ plog(" could not open file '%s' for writing", OPENAC_SERIAL);
+ }
}
-/*
+/**
* global variables accessible by both main() and build.c
*/
x509cert_t *user = NULL;
@@ -171,268 +177,264 @@ time_t notAfter = 0;
chunk_t serial;
-
-int
-main(int argc, char **argv)
+int main(int argc, char **argv)
{
- char *keyfile = NULL;
- char *certfile = NULL;
- char *usercertfile = NULL;
- char *outfile = NULL;
+ char *keyfile = NULL;
+ char *certfile = NULL;
+ char *usercertfile = NULL;
+ char *outfile = NULL;
- cert_t signercert = empty_cert;
- cert_t usercert = empty_cert;
+ cert_t signercert = empty_cert;
+ cert_t usercert = empty_cert;
- chunk_t attr_cert = empty_chunk;
- x509acert_t *ac = NULL;
+ chunk_t attr_cert = empty_chunk;
+ x509acert_t *ac = NULL;
- const time_t default_validity = 24*3600; /* 24 hours */
- time_t validity = 0;
+ const time_t default_validity = 24*3600; /* 24 hours */
+ time_t validity = 0;
- prompt_pass_t pass;
+ prompt_pass_t pass;
- pass.secret[0] = '\0';
- pass.prompt = TRUE;
- pass.fd = STDIN_FILENO;
+ pass.secret[0] = '\0';
+ pass.prompt = TRUE;
+ pass.fd = STDIN_FILENO;
- log_to_stderr = TRUE;
+ log_to_stderr = TRUE;
- /* handle arguments */
- for (;;)
- {
+ /* handle arguments */
+ for (;;)
+ {
# define DBG_OFFSET 256
- static const struct option long_opts[] = {
- /* name, has_arg, flag, val */
- { "help", no_argument, NULL, 'h' },
- { "version", no_argument, NULL, 'v' },
- { "optionsfrom", required_argument, NULL, '+' },
- { "quiet", no_argument, NULL, 'q' },
- { "cert", required_argument, NULL, 'c' },
- { "key", required_argument, NULL, 'k' },
- { "password", required_argument, NULL, 'p' },
- { "usercert", required_argument, NULL, 'u' },
- { "groups", required_argument, NULL, 'g' },
- { "days", required_argument, NULL, 'D' },
- { "hours", required_argument, NULL, 'H' },
- { "startdate", required_argument, NULL, 'S' },
- { "enddate", required_argument, NULL, 'E' },
- { "out", required_argument, NULL, 'o' },
+ static const struct option long_opts[] = {
+ /* name, has_arg, flag, val */
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, 'v' },
+ { "optionsfrom", required_argument, NULL, '+' },
+ { "quiet", no_argument, NULL, 'q' },
+ { "cert", required_argument, NULL, 'c' },
+ { "key", required_argument, NULL, 'k' },
+ { "password", required_argument, NULL, 'p' },
+ { "usercert", required_argument, NULL, 'u' },
+ { "groups", required_argument, NULL, 'g' },
+ { "days", required_argument, NULL, 'D' },
+ { "hours", required_argument, NULL, 'H' },
+ { "startdate", required_argument, NULL, 'S' },
+ { "enddate", required_argument, NULL, 'E' },
+ { "out", required_argument, NULL, 'o' },
#ifdef DEBUG
- { "debug-all", no_argument, NULL, 'A' },
- { "debug-raw", no_argument, NULL, DBG_RAW + DBG_OFFSET },
- { "debug-parsing", no_argument, NULL, DBG_PARSING + DBG_OFFSET },
- { "debug-private", no_argument, NULL, DBG_PRIVATE + DBG_OFFSET },
+ { "debug-all", no_argument, NULL, 'A' },
+ { "debug-raw", no_argument, NULL, DBG_RAW + DBG_OFFSET },
+ { "debug-parsing", no_argument, NULL, DBG_PARSING + DBG_OFFSET },
+ { "debug-private", no_argument, NULL, DBG_PRIVATE + DBG_OFFSET },
#endif
- { 0,0,0,0 }
- };
+ { 0,0,0,0 }
+ };
- int c = getopt_long(argc, argv, "hv+:qc:k:p;u:g:D:H:S:E:o:", long_opts, NULL);
-
- /* Note: "breaking" from case terminates loop */
- switch (c)
- {
- case EOF: /* end of flags */
- break;
-
- case 0: /* long option already handled */
- continue;
-
- case ':': /* diagnostic already printed by getopt_long */
- case '?': /* diagnostic already printed by getopt_long */
- usage(NULL);
- break; /* not actually reached */
-
- case 'h': /* --help */
- usage(NULL);
- break; /* not actually reached */
-
- case 'v': /* --version */
- printf("%s\n", openac_version);
- exit(0);
- break; /* not actually reached */
-
- case '+': /* --optionsfrom <filename> */
- {
- char path[BUF_LEN];
-
- if (*optarg == '/') /* absolute pathname */
- strncpy(path, optarg, BUF_LEN);
- else /* relative pathname */
- snprintf(path, BUF_LEN, "%s/%s", OPENAC_PATH, optarg);
- optionsfrom(path, &argc, &argv, optind, stderr);
- /* does not return on error */
- }
- continue;
-
- case 'q': /* --quiet */
- log_to_stderr = TRUE;
- continue;
-
- case 'c': /* --cert */
- certfile = optarg;
- continue;
-
- case 'k': /* --key */
- keyfile = optarg;
- continue;
-
- case 'p': /* --key */
- pass.prompt = FALSE;
- strncpy(pass.secret, optarg, sizeof(pass.secret));
- continue;
-
- case 'u': /* --usercert */
- usercertfile = optarg;
- continue;
-
- case 'g': /* --groups */
- decode_groups(optarg, &groups);
- continue;
-
- case 'D': /* --days */
- if (optarg == NULL || !isdigit(optarg[0]))
- usage("missing number of days");
- {
- char *endptr;
- long days = strtol(optarg, &endptr, 0);
-
- if (*endptr != '\0' || endptr == optarg
- || days <= 0)
- usage("<days> must be a positive number");
- validity += 24*3600*days;
- }
- continue;
-
- case 'H': /* --hours */
- if (optarg == NULL || !isdigit(optarg[0]))
- usage("missing number of hours");
- {
- char *endptr;
- long hours = strtol(optarg, &endptr, 0);
-
- if (*endptr != '\0' || endptr == optarg
- || hours <= 0)
- usage("<hours> must be a positive number");
- validity += 3600*hours;
- }
- continue;
-
- case 'S': /* --startdate */
- if (optarg == NULL || strlen(optarg) != 15 || optarg[14] != 'Z')
- usage("date format must be YYYYMMDDHHMMSSZ");
- {
- chunk_t date = { optarg, 15 };
- notBefore = asn1totime(&date, ASN1_GENERALIZEDTIME);
- }
- continue;
-
- case 'E': /* --enddate */
- if (optarg == NULL || strlen(optarg) != 15 || optarg[14] != 'Z')
- usage("date format must be YYYYMMDDHHMMSSZ");
- {
- chunk_t date = { optarg, 15 };
- notAfter = asn1totime(&date, ASN1_GENERALIZEDTIME);
- }
- continue;
-
- case 'o': /* --outt */
- outfile = optarg;
- continue ;
+ int c = getopt_long(argc, argv, "hv+:qc:k:p;u:g:D:H:S:E:o:", long_opts, NULL);
+
+ /* Note: "breaking" from case terminates loop */
+ switch (c)
+ {
+ case EOF: /* end of flags */
+ break;
+
+ case 0: /* long option already handled */
+ continue;
+
+ case ':': /* diagnostic already printed by getopt_long */
+ case '?': /* diagnostic already printed by getopt_long */
+ usage(NULL);
+ break; /* not actually reached */
+
+ case 'h': /* --help */
+ usage(NULL);
+ break; /* not actually reached */
+
+ case 'v': /* --version */
+ printf("%s\n", openac_version);
+ exit(0);
+ break; /* not actually reached */
+
+ case '+': /* --optionsfrom <filename> */
+ {
+ char path[BUF_LEN];
+
+ if (*optarg == '/') /* absolute pathname */
+ strncpy(path, optarg, BUF_LEN);
+ else /* relative pathname */
+ snprintf(path, BUF_LEN, "%s/%s", OPENAC_PATH, optarg);
+ optionsfrom(path, &argc, &argv, optind, stderr);
+ /* does not return on error */
+ }
+ continue;
+
+ case 'q': /* --quiet */
+ log_to_stderr = TRUE;
+ continue;
+
+ case 'c': /* --cert */
+ certfile = optarg;
+ continue;
+
+ case 'k': /* --key */
+ keyfile = optarg;
+ continue;
+
+ case 'p': /* --key */
+ pass.prompt = FALSE;
+ strncpy(pass.secret, optarg, sizeof(pass.secret));
+ continue;
+
+ case 'u': /* --usercert */
+ usercertfile = optarg;
+ continue;
+
+ case 'g': /* --groups */
+ decode_groups(optarg, &groups);
+ continue;
+
+ case 'D': /* --days */
+ if (optarg == NULL || !isdigit(optarg[0]))
+ usage("missing number of days");
+ {
+ char *endptr;
+ long days = strtol(optarg, &endptr, 0);
+
+ if (*endptr != '\0' || endptr == optarg || days <= 0)
+ usage("<days> must be a positive number");
+ validity += 24*3600*days;
+ }
+ continue;
+
+ case 'H': /* --hours */
+ if (optarg == NULL || !isdigit(optarg[0]))
+ usage("missing number of hours");
+ {
+ char *endptr;
+ long hours = strtol(optarg, &endptr, 0);
+
+ if (*endptr != '\0' || endptr == optarg || hours <= 0)
+ usage("<hours> must be a positive number");
+ validity += 3600*hours;
+ }
+ continue;
+
+ case 'S': /* --startdate */
+ if (optarg == NULL || strlen(optarg) != 15 || optarg[14] != 'Z')
+ usage("date format must be YYYYMMDDHHMMSSZ");
+ {
+ chunk_t date = { optarg, 15 };
+ notBefore = asn1totime(&date, ASN1_GENERALIZEDTIME);
+ }
+ continue;
+
+ case 'E': /* --enddate */
+ if (optarg == NULL || strlen(optarg) != 15 || optarg[14] != 'Z')
+ usage("date format must be YYYYMMDDHHMMSSZ");
+ {
+ chunk_t date = { optarg, 15 };
+ notAfter = asn1totime(&date, ASN1_GENERALIZEDTIME);
+ }
+ continue;
+
+ case 'o': /* --outt */
+ outfile = optarg;
+ continue;
#ifdef DEBUG
- case 'A': /* --debug-all */
- base_debugging = DBG_ALL;
- continue;
+ case 'A': /* --debug-all */
+ base_debugging = DBG_ALL;
+ continue;
#endif
- default:
+ default:
#ifdef DEBUG
- if (c >= DBG_OFFSET)
- {
- base_debugging |= c - DBG_OFFSET;
- continue;
- }
+ if (c >= DBG_OFFSET)
+ {
+ base_debugging |= c - DBG_OFFSET;
+ continue;
+ }
#undef DBG_OFFSET
#endif
- bad_case(c);
+ bad_case(c);
+ }
+ break;
}
- break;
- }
- init_log("openac");
- cur_debugging = base_debugging;
+ init_log("openac");
+ cur_debugging = base_debugging;
- if (optind != argc)
- usage("unexpected argument");
+ if (optind != argc)
+ usage("unexpected argument");
- /* load the signer's RSA private key */
- if (keyfile != NULL)
- {
- err_t ugh = NULL;
+ /* load the signer's RSA private key */
+ if (keyfile != NULL)
+ {
+ err_t ugh = NULL;
+
+ signerkey = alloc_thing(RSA_private_key_t, "RSA private key");
+ ugh = load_rsa_private_key(keyfile, &pass, signerkey);
+
+ if (ugh != NULL)
+ {
+ free_RSA_private_content(signerkey);
+ pfree(signerkey);
+ plog("%s", ugh);
+ exit(1);
+ }
+ }
- signerkey = alloc_thing(RSA_private_key_t, "RSA private key");
- ugh = load_rsa_private_key(keyfile, &pass, signerkey);
+ /* load the signer's X.509 certificate */
+ if (certfile != NULL)
+ {
+ if (!load_cert(certfile, "signer cert", &signercert))
+ exit(1);
+ signer = signercert.u.x509;
+ }
- if (ugh != NULL)
+ /* load the users's X.509 certificate */
+ if (usercertfile != NULL)
{
- free_RSA_private_content(signerkey);
- pfree(signerkey);
- plog("%s", ugh);
- exit(1);
+ if (!load_cert(usercertfile, "user cert", &usercert))
+ exit(1);
+ user = usercert.u.x509;
}
- }
-
- /* load the signer's X.509 certificate */
- if (certfile != NULL)
- {
- if (!load_cert(certfile, "signer cert", &signercert))
- exit(1);
- signer = signercert.u.x509;
- }
-
- /* load the users's X.509 certificate */
- if (usercertfile != NULL)
- {
- if (!load_cert(usercertfile, "user cert", &usercert))
- exit(1);
- user = usercert.u.x509;
- }
-
- /* compute validity interval */
- validity = (validity)? validity : default_validity;
- notBefore = (notBefore) ? notBefore : time(NULL);
- notAfter = (notAfter) ? notAfter : notBefore + validity;
-
- /* build and parse attribute certificate */
- if (user != NULL && signer != NULL && signerkey != NULL)
- {
- /* read the serial number and increment it by one */
- serial = read_serial();
-
- attr_cert = build_attr_cert();
- ac = alloc_thing(x509acert_t, "x509acert");
- *ac = empty_ac;
- parse_ac(attr_cert, ac);
+
+ /* compute validity interval */
+ validity = (validity)? validity : default_validity;
+ notBefore = (notBefore) ? notBefore : time(NULL);
+ notAfter = (notAfter) ? notAfter : notBefore + validity;
+
+ /* build and parse attribute certificate */
+ if (user != NULL && signer != NULL && signerkey != NULL)
+ {
+ /* read the serial number and increment it by one */
+ serial = read_serial();
+
+ attr_cert = build_attr_cert();
+ ac = alloc_thing(x509acert_t, "x509acert");
+ *ac = empty_ac;
+ parse_ac(attr_cert, ac);
- /* write the attribute certificate to file */
- if (write_chunk(outfile, "attribute cert", attr_cert, 0022, TRUE))
- write_serial(serial);
- }
-
- /* delete all dynamic objects */
- if (signerkey != NULL)
- {
- free_RSA_private_content(signerkey);
- pfree(signerkey);
- }
- free_x509cert(signercert.u.x509);
- free_x509cert(usercert.u.x509);
- free_ietfAttrList(groups);
- free_acert(ac);
- pfree(serial.ptr);
+ /* write the attribute certificate to file */
+ if (write_chunk(outfile, "attribute cert", attr_cert, 0022, TRUE))
+ write_serial(serial);
+ }
+
+ /* delete all dynamic objects */
+ if (signerkey != NULL)
+ {
+ free_RSA_private_content(signerkey);
+ pfree(signerkey);
+ }
+ free_x509cert(signercert.u.x509);
+ free_x509cert(usercert.u.x509);
+ free_ietfAttrList(groups);
+ free_acert(ac);
+ pfree(serial.ptr);
#ifdef LEAK_DETECTIVE
- report_leaks();
+ report_leaks();
#endif /* LEAK_DETECTIVE */
- close_log();
- exit(0);
+ close_log();
+ exit(0);
}
diff --git a/src/pluto/Makefile.am b/src/pluto/Makefile.am
index b1b848c76..7dd5f422b 100644
--- a/src/pluto/Makefile.am
+++ b/src/pluto/Makefile.am
@@ -64,12 +64,12 @@ xauth.c xauth.h \
x509.c x509.h \
alg/ike_alg_aes.c alg/ike_alg_blowfish.c alg/ike_alg_twofish.c \
alg/ike_alg_serpent.c alg/ike_alg_sha2.c alg/ike_alginit.c \
-linux26/netlink.h linux26/rtnetlink.h linux26/xfrm.h \
rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h
_pluto_adns_SOURCES = adns.c adns.h
INCLUDES = \
+-I${linuxdir} \
-I$(top_srcdir)/src/libfreeswan \
-I$(top_srcdir)/src/libcrypto \
-I$(top_srcdir)/src/whack
@@ -137,4 +137,5 @@ install-exec-local :
mkdir -p -m 755 $(confdir)/ipsec.d/crls
mkdir -p -m 755 $(confdir)/ipsec.d/reqs
mkdir -p -m 700 $(confdir)/ipsec.d/private
+ chown -R $(ipsecuid):$(ipsecgid) $(confdir)/ipsec.d
diff --git a/src/pluto/Makefile.in b/src/pluto/Makefile.in
index 1f996a065..e164717a9 100644
--- a/src/pluto/Makefile.in
+++ b/src/pluto/Makefile.in
@@ -164,6 +164,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -176,6 +177,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -186,8 +188,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -209,6 +215,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -218,6 +225,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -231,9 +240,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -248,6 +261,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
pluto_SOURCES = \
ac.c ac.h \
alg_info.c alg_info.h \
@@ -308,11 +323,11 @@ xauth.c xauth.h \
x509.c x509.h \
alg/ike_alg_aes.c alg/ike_alg_blowfish.c alg/ike_alg_twofish.c \
alg/ike_alg_serpent.c alg/ike_alg_sha2.c alg/ike_alginit.c \
-linux26/netlink.h linux26/rtnetlink.h linux26/xfrm.h \
rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h
_pluto_adns_SOURCES = adns.c adns.h
INCLUDES = \
+-I${linuxdir} \
-I$(top_srcdir)/src/libfreeswan \
-I$(top_srcdir)/src/libcrypto \
-I$(top_srcdir)/src/whack
@@ -873,6 +888,7 @@ install-exec-local :
mkdir -p -m 755 $(confdir)/ipsec.d/crls
mkdir -p -m 755 $(confdir)/ipsec.d/reqs
mkdir -p -m 700 $(confdir)/ipsec.d/private
+ chown -R $(ipsecuid):$(ipsecgid) $(confdir)/ipsec.d
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff --git a/src/pluto/crl.c b/src/pluto/crl.c
index 05e8d1402..dc8932769 100644
--- a/src/pluto/crl.c
+++ b/src/pluto/crl.c
@@ -121,6 +121,7 @@ const x509crl_t empty_x509crl = {
/* extnValue */
{ NULL, 0 } , /* authKeyID */
{ NULL, 0 } , /* authKeySerialNumber */
+ { NULL, 0 } , /* crlNumber */
OID_UNKNOWN , /* algorithm */
{ NULL, 0 } /* signature */
};
@@ -491,6 +492,12 @@ parse_x509crl(chunk_t blob, u_int level0, x509crl_t *crl)
parse_authorityKeyIdentifier(object, level
, &crl->authKeyID, &crl->authKeySerialNumber);
}
+ else if (extn_oid == OID_CRL_NUMBER)
+ {
+ if (!parse_asn1_simple_object(&object, ASN1_INTEGER, level, "crlNumber"))
+ return FALSE;
+ crl->crlNumber = object;
+ }
}
break;
case CRL_OBJ_ALGORITHM:
@@ -735,7 +742,12 @@ list_crls(bool utc, bool strict)
timetoa(&crl->installed, utc), revoked);
dntoa(buf, BUF_LEN, crl->issuer);
whack_log(RC_COMMENT, " issuer: '%s'", buf);
-
+ if (crl->crlNumber.ptr != NULL)
+ {
+ datatot(crl->crlNumber.ptr, crl->crlNumber.len, ':'
+ , buf, BUF_LEN);
+ whack_log(RC_COMMENT, " crlnumber: %s", buf);
+ }
list_distribution_points(crl->distributionPoints);
whack_log(RC_COMMENT, " updates: this %s",
diff --git a/src/pluto/crl.h b/src/pluto/crl.h
index 9f985b6cd..328539770 100644
--- a/src/pluto/crl.h
+++ b/src/pluto/crl.h
@@ -52,6 +52,7 @@ struct x509crl {
/* extnValue */
chunk_t authKeyID;
chunk_t authKeySerialNumber;
+ chunk_t crlNumber;
/* signatureAlgorithm */
int algorithm;
diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c
index e3e56d3a8..8f48152f6 100644
--- a/src/pluto/fetch.c
+++ b/src/pluto/fetch.c
@@ -32,6 +32,9 @@
#include <freeswan.h>
#ifdef LIBLDAP
+#ifndef LDAP_DEPRECATED
+#define LDAP_DEPRECATED 1
+#endif
#include <ldap.h>
#endif
diff --git a/src/pluto/kernel_netlink.c b/src/pluto/kernel_netlink.c
index 1947ddbac..9b9d7b9ed 100644
--- a/src/pluto/kernel_netlink.c
+++ b/src/pluto/kernel_netlink.c
@@ -24,10 +24,10 @@
#include <sys/types.h>
#include <sys/queue.h>
#include <unistd.h>
+#include <linux/xfrm.h>
+#include <linux/rtnetlink.h>
#include "kameipsec.h"
-#include "linux26/rtnetlink.h"
-#include "linux26/xfrm.h"
#include <freeswan.h>
#include <pfkeyv2.h>
diff --git a/src/pluto/keys.c b/src/pluto/keys.c
index eed81230f..1efe85228 100644
--- a/src/pluto/keys.c
+++ b/src/pluto/keys.c
@@ -647,7 +647,7 @@ xauth_get_secret(xauth_t *xauth_secret)
* find a matching secret
*/
static bool
-xauth_verify_secret(const xauth_t *xauth_secret)
+xauth_verify_secret(const char *conn_name, const xauth_t *xauth_secret)
{
bool found = FALSE;
secret_t *s;
diff --git a/src/pluto/linux26/netlink.h b/src/pluto/linux26/netlink.h
deleted file mode 100644
index 6b0896da6..000000000
--- a/src/pluto/linux26/netlink.h
+++ /dev/null
@@ -1,90 +0,0 @@
-#ifndef __LINUX_NETLINK_H
-#define __LINUX_NETLINK_H
-
-#include <stdint.h>
-#include <sys/socket.h> /* for sa_family_t */
-
-#define NETLINK_ROUTE 0 /* Routing/device hook */
-#define NETLINK_SKIP 1 /* Reserved for ENskip */
-#define NETLINK_USERSOCK 2 /* Reserved for user mode socket protocols */
-#define NETLINK_FIREWALL 3 /* Firewalling hook */
-#define NETLINK_TCPDIAG 4 /* TCP socket monitoring */
-#define NETLINK_NFLOG 5 /* netfilter/iptables ULOG */
-#define NETLINK_XFRM 6 /* ipsec */
-#define NETLINK_ARPD 8
-#define NETLINK_ROUTE6 11 /* af_inet6 route comm channel */
-#define NETLINK_IP6_FW 13
-#define NETLINK_DNRTMSG 14 /* DECnet routing messages */
-#define NETLINK_TAPBASE 16 /* 16 to 31 are ethertap */
-
-#define MAX_LINKS 32
-
-struct sockaddr_nl
-{
- sa_family_t nl_family; /* AF_NETLINK */
- unsigned short nl_pad; /* zero */
- uint32_t nl_pid; /* process pid */
- uint32_t nl_groups; /* multicast groups mask */
-};
-
-struct nlmsghdr
-{
- uint32_t nlmsg_len; /* Length of message including header */
- uint16_t nlmsg_type; /* Message content */
- uint16_t nlmsg_flags; /* Additional flags */
- uint32_t nlmsg_seq; /* Sequence number */
- uint32_t nlmsg_pid; /* Sending process PID */
-};
-
-/* Flags values */
-
-#define NLM_F_REQUEST 1 /* It is request message. */
-#define NLM_F_MULTI 2 /* Multipart message, terminated by NLMSG_DONE */
-#define NLM_F_ACK 4 /* Reply with ack, with zero or error code */
-#define NLM_F_ECHO 8 /* Echo this request */
-
-/* Modifiers to GET request */
-#define NLM_F_ROOT 0x100 /* specify tree root */
-#define NLM_F_MATCH 0x200 /* return all matching */
-#define NLM_F_ATOMIC 0x400 /* atomic GET */
-#define NLM_F_DUMP (NLM_F_ROOT|NLM_F_MATCH)
-
-/* Modifiers to NEW request */
-#define NLM_F_REPLACE 0x100 /* Override existing */
-#define NLM_F_EXCL 0x200 /* Do not touch, if it exists */
-#define NLM_F_CREATE 0x400 /* Create, if it does not exist */
-#define NLM_F_APPEND 0x800 /* Add to end of list */
-
-/*
- 4.4BSD ADD NLM_F_CREATE|NLM_F_EXCL
- 4.4BSD CHANGE NLM_F_REPLACE
-
- True CHANGE NLM_F_CREATE|NLM_F_REPLACE
- Append NLM_F_CREATE
- Check NLM_F_EXCL
- */
-
-#define NLMSG_ALIGNTO 4
-#define NLMSG_ALIGN(len) ( ((len)+NLMSG_ALIGNTO-1) & ~(NLMSG_ALIGNTO-1) )
-#define NLMSG_LENGTH(len) ((len)+NLMSG_ALIGN(sizeof(struct nlmsghdr)))
-#define NLMSG_SPACE(len) NLMSG_ALIGN(NLMSG_LENGTH(len))
-#define NLMSG_DATA(nlh) ((void*)(((char*)nlh) + NLMSG_LENGTH(0)))
-#define NLMSG_NEXT(nlh,len) ((len) -= NLMSG_ALIGN((nlh)->nlmsg_len), \
- (struct nlmsghdr*)(((char*)(nlh)) + NLMSG_ALIGN((nlh)->nlmsg_len)))
-#define NLMSG_OK(nlh,len) ((len) > 0 && (nlh)->nlmsg_len >= sizeof(struct nlmsghdr) && \
- (nlh)->nlmsg_len <= (len))
-#define NLMSG_PAYLOAD(nlh,len) ((nlh)->nlmsg_len - NLMSG_SPACE((len)))
-
-#define NLMSG_NOOP 0x1 /* Nothing. */
-#define NLMSG_ERROR 0x2 /* Error */
-#define NLMSG_DONE 0x3 /* End of a dump */
-#define NLMSG_OVERRUN 0x4 /* Data lost */
-
-struct nlmsgerr
-{
- int error;
- struct nlmsghdr msg;
-};
-
-#define NET_MAJOR 36 /* Major 36 is reserved for networking */
-#endif /* __LINUX_NETLINK_H */
diff --git a/src/pluto/linux26/rtnetlink.h b/src/pluto/linux26/rtnetlink.h
deleted file mode 100644
index 341bc1f86..000000000
--- a/src/pluto/linux26/rtnetlink.h
+++ /dev/null
@@ -1,562 +0,0 @@
-#ifndef __LINUX_RTNETLINK_H
-#define __LINUX_RTNETLINK_H
-
-#include "netlink.h"
-#include <stdint.h>
-
-#define RTNL_DEBUG 1
-
-
-/****
- * Routing/neighbour discovery messages.
- ****/
-
-/* Types of messages */
-
-#define RTM_BASE 0x10
-
-#define RTM_NEWLINK (RTM_BASE+0)
-#define RTM_DELLINK (RTM_BASE+1)
-#define RTM_GETLINK (RTM_BASE+2)
-#define RTM_SETLINK (RTM_BASE+3)
-
-#define RTM_NEWADDR (RTM_BASE+4)
-#define RTM_DELADDR (RTM_BASE+5)
-#define RTM_GETADDR (RTM_BASE+6)
-
-#define RTM_NEWROUTE (RTM_BASE+8)
-#define RTM_DELROUTE (RTM_BASE+9)
-#define RTM_GETROUTE (RTM_BASE+10)
-
-#define RTM_NEWNEIGH (RTM_BASE+12)
-#define RTM_DELNEIGH (RTM_BASE+13)
-#define RTM_GETNEIGH (RTM_BASE+14)
-
-#define RTM_NEWRULE (RTM_BASE+16)
-#define RTM_DELRULE (RTM_BASE+17)
-#define RTM_GETRULE (RTM_BASE+18)
-
-#define RTM_NEWQDISC (RTM_BASE+20)
-#define RTM_DELQDISC (RTM_BASE+21)
-#define RTM_GETQDISC (RTM_BASE+22)
-
-#define RTM_NEWTCLASS (RTM_BASE+24)
-#define RTM_DELTCLASS (RTM_BASE+25)
-#define RTM_GETTCLASS (RTM_BASE+26)
-
-#define RTM_NEWTFILTER (RTM_BASE+28)
-#define RTM_DELTFILTER (RTM_BASE+29)
-#define RTM_GETTFILTER (RTM_BASE+30)
-
-#define RTM_MAX (RTM_BASE+31)
-
-/*
- Generic structure for encapsulation optional route information.
- It is reminiscent of sockaddr, but with sa_family replaced
- with attribute type.
- */
-
-struct rtattr
-{
- unsigned short rta_len;
- unsigned short rta_type;
-};
-
-/* Macros to handle rtattributes */
-
-#define RTA_ALIGNTO 4
-#define RTA_ALIGN(len) ( ((len)+RTA_ALIGNTO-1) & ~(RTA_ALIGNTO-1) )
-#define RTA_OK(rta,len) ((len) > 0 && (rta)->rta_len >= sizeof(struct rtattr) && \
- (rta)->rta_len <= (len))
-#define RTA_NEXT(rta,attrlen) ((attrlen) -= RTA_ALIGN((rta)->rta_len), \
- (struct rtattr*)(((char*)(rta)) + RTA_ALIGN((rta)->rta_len)))
-#define RTA_LENGTH(len) (RTA_ALIGN(sizeof(struct rtattr)) + (len))
-#define RTA_SPACE(len) RTA_ALIGN(RTA_LENGTH(len))
-#define RTA_DATA(rta) ((void*)(((char*)(rta)) + RTA_LENGTH(0)))
-#define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0))
-
-
-
-
-/******************************************************************************
- * Definitions used in routing table administation.
- ****/
-
-struct rtmsg
-{
- unsigned char rtm_family;
- unsigned char rtm_dst_len;
- unsigned char rtm_src_len;
- unsigned char rtm_tos;
-
- unsigned char rtm_table; /* Routing table id */
- unsigned char rtm_protocol; /* Routing protocol; see below */
- unsigned char rtm_scope; /* See below */
- unsigned char rtm_type; /* See below */
-
- unsigned rtm_flags;
-};
-
-/* rtm_type */
-
-enum
-{
- RTN_UNSPEC,
- RTN_UNICAST, /* Gateway or direct route */
- RTN_LOCAL, /* Accept locally */
- RTN_BROADCAST, /* Accept locally as broadcast,
- send as broadcast */
- RTN_ANYCAST, /* Accept locally as broadcast,
- but send as unicast */
- RTN_MULTICAST, /* Multicast route */
- RTN_BLACKHOLE, /* Drop */
- RTN_UNREACHABLE, /* Destination is unreachable */
- RTN_PROHIBIT, /* Administratively prohibited */
- RTN_THROW, /* Not in this table */
- RTN_NAT, /* Translate this address */
- RTN_XRESOLVE, /* Use external resolver */
-};
-
-#define RTN_MAX RTN_XRESOLVE
-
-
-/* rtm_protocol */
-
-#define RTPROT_UNSPEC 0
-#define RTPROT_REDIRECT 1 /* Route installed by ICMP redirects;
- not used by current IPv4 */
-#define RTPROT_KERNEL 2 /* Route installed by kernel */
-#define RTPROT_BOOT 3 /* Route installed during boot */
-#define RTPROT_STATIC 4 /* Route installed by administrator */
-
-/* Values of protocol >= RTPROT_STATIC are not interpreted by kernel;
- they just passed from user and back as is.
- It will be used by hypothetical multiple routing daemons.
- Note that protocol values should be standardized in order to
- avoid conflicts.
- */
-
-#define RTPROT_GATED 8 /* Apparently, GateD */
-#define RTPROT_RA 9 /* RDISC/ND router advertisments */
-#define RTPROT_MRT 10 /* Merit MRT */
-#define RTPROT_ZEBRA 11 /* Zebra */
-#define RTPROT_BIRD 12 /* BIRD */
-#define RTPROT_DNROUTED 13 /* DECnet routing daemon */
-
-/* rtm_scope
-
- Really it is not scope, but sort of distance to the destination.
- NOWHERE are reserved for not existing destinations, HOST is our
- local addresses, LINK are destinations, located on directly attached
- link and UNIVERSE is everywhere in the Universe.
-
- Intermediate values are also possible f.e. interior routes
- could be assigned a value between UNIVERSE and LINK.
-*/
-
-enum rt_scope_t
-{
- RT_SCOPE_UNIVERSE=0,
-/* User defined values */
- RT_SCOPE_SITE=200,
- RT_SCOPE_LINK=253,
- RT_SCOPE_HOST=254,
- RT_SCOPE_NOWHERE=255
-};
-
-/* rtm_flags */
-
-#define RTM_F_NOTIFY 0x100 /* Notify user of route change */
-#define RTM_F_CLONED 0x200 /* This route is cloned */
-#define RTM_F_EQUALIZE 0x400 /* Multipath equalizer: NI */
-
-/* Reserved table identifiers */
-
-enum rt_class_t
-{
- RT_TABLE_UNSPEC=0,
-/* User defined values */
- RT_TABLE_DEFAULT=253,
- RT_TABLE_MAIN=254,
- RT_TABLE_LOCAL=255
-};
-#define RT_TABLE_MAX RT_TABLE_LOCAL
-
-
-
-/* Routing message attributes */
-
-enum rtattr_type_t
-{
- RTA_UNSPEC,
- RTA_DST,
- RTA_SRC,
- RTA_IIF,
- RTA_OIF,
- RTA_GATEWAY,
- RTA_PRIORITY,
- RTA_PREFSRC,
- RTA_METRICS,
- RTA_MULTIPATH,
- RTA_PROTOINFO,
- RTA_FLOW,
- RTA_CACHEINFO,
- RTA_SESSION,
-};
-
-#define RTA_MAX RTA_SESSION
-
-#define RTM_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct rtmsg))))
-#define RTM_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct rtmsg))
-
-/* RTM_MULTIPATH --- array of struct rtnexthop.
- *
- * "struct rtnexthop" describres all necessary nexthop information,
- * i.e. parameters of path to a destination via this nextop.
- *
- * At the moment it is impossible to set different prefsrc, mtu, window
- * and rtt for different paths from multipath.
- */
-
-struct rtnexthop
-{
- unsigned short rtnh_len;
- unsigned char rtnh_flags;
- unsigned char rtnh_hops;
- int rtnh_ifindex;
-};
-
-/* rtnh_flags */
-
-#define RTNH_F_DEAD 1 /* Nexthop is dead (used by multipath) */
-#define RTNH_F_PERVASIVE 2 /* Do recursive gateway lookup */
-#define RTNH_F_ONLINK 4 /* Gateway is forced on link */
-
-/* Macros to handle hexthops */
-
-#define RTNH_ALIGNTO 4
-#define RTNH_ALIGN(len) ( ((len)+RTNH_ALIGNTO-1) & ~(RTNH_ALIGNTO-1) )
-#define RTNH_OK(rtnh,len) ((rtnh)->rtnh_len >= sizeof(struct rtnexthop) && \
- ((int)(rtnh)->rtnh_len) <= (len))
-#define RTNH_NEXT(rtnh) ((struct rtnexthop*)(((char*)(rtnh)) + RTNH_ALIGN((rtnh)->rtnh_len)))
-#define RTNH_LENGTH(len) (RTNH_ALIGN(sizeof(struct rtnexthop)) + (len))
-#define RTNH_SPACE(len) RTNH_ALIGN(RTNH_LENGTH(len))
-#define RTNH_DATA(rtnh) ((struct rtattr*)(((char*)(rtnh)) + RTNH_LENGTH(0)))
-
-/* RTM_CACHEINFO */
-
-struct rta_cacheinfo
-{
- uint32_t rta_clntref;
- uint32_t rta_lastuse;
- int32_t rta_expires;
- uint32_t rta_error;
- uint32_t rta_used;
-
-#define RTNETLINK_HAVE_PEERINFO 1
- uint32_t rta_id;
- uint32_t rta_ts;
- uint32_t rta_tsage;
-};
-
-/* RTM_METRICS --- array of struct rtattr with types of RTAX_* */
-
-enum
-{
- RTAX_UNSPEC,
-#define RTAX_UNSPEC RTAX_UNSPEC
- RTAX_LOCK,
-#define RTAX_LOCK RTAX_LOCK
- RTAX_MTU,
-#define RTAX_MTU RTAX_MTU
- RTAX_WINDOW,
-#define RTAX_WINDOW RTAX_WINDOW
- RTAX_RTT,
-#define RTAX_RTT RTAX_RTT
- RTAX_RTTVAR,
-#define RTAX_RTTVAR RTAX_RTTVAR
- RTAX_SSTHRESH,
-#define RTAX_SSTHRESH RTAX_SSTHRESH
- RTAX_CWND,
-#define RTAX_CWND RTAX_CWND
- RTAX_ADVMSS,
-#define RTAX_ADVMSS RTAX_ADVMSS
- RTAX_REORDERING,
-#define RTAX_REORDERING RTAX_REORDERING
-};
-
-#define RTAX_MAX RTAX_REORDERING
-
-struct rta_session
-{
- uint8_t proto;
-
- union {
- struct {
- uint16_t sport;
- uint16_t dport;
- } ports;
-
- struct {
- uint8_t type;
- uint8_t code;
- uint16_t ident;
- } icmpt;
-
- uint32_t spi;
- } u;
-};
-
-
-/*********************************************************
- * Interface address.
- ****/
-
-struct ifaddrmsg
-{
- unsigned char ifa_family;
- unsigned char ifa_prefixlen; /* The prefix length */
- unsigned char ifa_flags; /* Flags */
- unsigned char ifa_scope; /* See above */
- int ifa_index; /* Link index */
-};
-
-enum
-{
- IFA_UNSPEC,
- IFA_ADDRESS,
- IFA_LOCAL,
- IFA_LABEL,
- IFA_BROADCAST,
- IFA_ANYCAST,
- IFA_CACHEINFO
-};
-
-#define IFA_MAX IFA_CACHEINFO
-
-/* ifa_flags */
-
-#define IFA_F_SECONDARY 0x01
-#define IFA_F_TEMPORARY IFA_F_SECONDARY
-
-#define IFA_F_DEPRECATED 0x20
-#define IFA_F_TENTATIVE 0x40
-#define IFA_F_PERMANENT 0x80
-
-struct ifa_cacheinfo
-{
- int32_t ifa_prefered;
- int32_t ifa_valid;
-};
-
-
-#define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
-#define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
-
-/*
- Important comment:
- IFA_ADDRESS is prefix address, rather than local interface address.
- It makes no difference for normally configured broadcast interfaces,
- but for point-to-point IFA_ADDRESS is DESTINATION address,
- local address is supplied in IFA_LOCAL attribute.
- */
-
-/**************************************************************
- * Neighbour discovery.
- ****/
-
-struct ndmsg
-{
- unsigned char ndm_family;
- unsigned char ndm_pad1;
- unsigned short ndm_pad2;
- int ndm_ifindex; /* Link index */
- uint16_t ndm_state;
- uint8_t ndm_flags;
- uint8_t ndm_type;
-};
-
-enum
-{
- NDA_UNSPEC,
- NDA_DST,
- NDA_LLADDR,
- NDA_CACHEINFO
-};
-
-#define NDA_MAX NDA_CACHEINFO
-
-#define NDA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndmsg))))
-#define NDA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndmsg))
-
-/*
- * Neighbor Cache Entry Flags
- */
-
-#define NTF_PROXY 0x08 /* == ATF_PUBL */
-#define NTF_ROUTER 0x80
-
-/*
- * Neighbor Cache Entry States.
- */
-
-#define NUD_INCOMPLETE 0x01
-#define NUD_REACHABLE 0x02
-#define NUD_STALE 0x04
-#define NUD_DELAY 0x08
-#define NUD_PROBE 0x10
-#define NUD_FAILED 0x20
-
-/* Dummy states */
-#define NUD_NOARP 0x40
-#define NUD_PERMANENT 0x80
-#define NUD_NONE 0x00
-
-
-struct nda_cacheinfo
-{
- uint32_t ndm_confirmed;
- uint32_t ndm_used;
- uint32_t ndm_updated;
- uint32_t ndm_refcnt;
-};
-
-/****
- * General form of address family dependent message.
- ****/
-
-struct rtgenmsg
-{
- unsigned char rtgen_family;
-};
-
-/*****************************************************************
- * Link layer specific messages.
- ****/
-
-/* struct ifinfomsg
- * passes link level specific information, not dependent
- * on network protocol.
- */
-
-struct ifinfomsg
-{
- unsigned char ifi_family;
- unsigned char __ifi_pad;
- unsigned short ifi_type; /* ARPHRD_* */
- int ifi_index; /* Link index */
- unsigned ifi_flags; /* IFF_* flags */
- unsigned ifi_change; /* IFF_* change mask */
-};
-
-enum
-{
- IFLA_UNSPEC,
- IFLA_ADDRESS,
- IFLA_BROADCAST,
- IFLA_IFNAME,
- IFLA_MTU,
- IFLA_LINK,
- IFLA_QDISC,
- IFLA_STATS,
- IFLA_COST,
-#define IFLA_COST IFLA_COST
- IFLA_PRIORITY,
-#define IFLA_PRIORITY IFLA_PRIORITY
- IFLA_MASTER,
-#define IFLA_MASTER IFLA_MASTER
- IFLA_WIRELESS, /* Wireless Extension event - see wireless.h */
-#define IFLA_WIRELESS IFLA_WIRELESS
-};
-
-
-#define IFLA_MAX IFLA_WIRELESS
-
-#define IFLA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
-#define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg))
-
-/* ifi_flags.
-
- IFF_* flags.
-
- The only change is:
- IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are
- more not changeable by user. They describe link media
- characteristics and set by device driver.
-
- Comments:
- - Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid
- - If neiher of these three flags are set;
- the interface is NBMA.
-
- - IFF_MULTICAST does not mean anything special:
- multicasts can be used on all not-NBMA links.
- IFF_MULTICAST means that this media uses special encapsulation
- for multicast frames. Apparently, all IFF_POINTOPOINT and
- IFF_BROADCAST devices are able to use multicasts too.
- */
-
-/* IFLA_LINK.
- For usual devices it is equal ifi_index.
- If it is a "virtual interface" (f.e. tunnel), ifi_link
- can point to real physical interface (f.e. for bandwidth calculations),
- or maybe 0, what means, that real media is unknown (usual
- for IPIP tunnels, when route to endpoint is allowed to change)
- */
-
-/*****************************************************************
- * Traffic control messages.
- ****/
-
-struct tcmsg
-{
- unsigned char tcm_family;
- unsigned char tcm__pad1;
- unsigned short tcm__pad2;
- int tcm_ifindex;
- uint32_t tcm_handle;
- uint32_t tcm_parent;
- uint32_t tcm_info;
-};
-
-enum
-{
- TCA_UNSPEC,
- TCA_KIND,
- TCA_OPTIONS,
- TCA_STATS,
- TCA_XSTATS,
- TCA_RATE,
-};
-
-#define TCA_MAX TCA_RATE
-
-#define TCA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct tcmsg))))
-#define TCA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct tcmsg))
-
-
-/* SUMMARY: maximal rtattr understood by kernel */
-
-#define RTATTR_MAX RTA_MAX
-
-/* RTnetlink multicast groups */
-
-#define RTMGRP_LINK 1
-#define RTMGRP_NOTIFY 2
-#define RTMGRP_NEIGH 4
-#define RTMGRP_TC 8
-
-#define RTMGRP_IPV4_IFADDR 0x10
-#define RTMGRP_IPV4_MROUTE 0x20
-#define RTMGRP_IPV4_ROUTE 0x40
-
-#define RTMGRP_IPV6_IFADDR 0x100
-#define RTMGRP_IPV6_MROUTE 0x200
-#define RTMGRP_IPV6_ROUTE 0x400
-
-#define RTMGRP_DECnet_IFADDR 0x1000
-#define RTMGRP_DECnet_ROUTE 0x4000
-
-/* End of information exported to user level */
-
-#endif /* __LINUX_RTNETLINK_H */
diff --git a/src/pluto/linux26/xfrm.h b/src/pluto/linux26/xfrm.h
deleted file mode 100644
index 4269ae29b..000000000
--- a/src/pluto/linux26/xfrm.h
+++ /dev/null
@@ -1,233 +0,0 @@
-#ifndef _LINUX_XFRM_H
-#define _LINUX_XFRM_H
-
-#include <stdint.h>
-
-/* All of the structures in this file may not change size as they are
- * passed into the kernel from userspace via netlink sockets.
- */
-
-/* Structure to encapsulate addresses. I do not want to use
- * "standard" structure. My apologies.
- */
-typedef union
-{
- uint32_t a4;
- uint32_t a6[4];
-} xfrm_address_t;
-
-/* Ident of a specific xfrm_state. It is used on input to lookup
- * the state by (spi,daddr,ah/esp) or to store information about
- * spi, protocol and tunnel address on output.
- */
-struct xfrm_id
-{
- xfrm_address_t daddr;
- uint32_t spi;
- uint8_t proto;
-};
-
-/* Selector, used as selector both on policy rules (SPD) and SAs. */
-
-struct xfrm_selector
-{
- xfrm_address_t daddr;
- xfrm_address_t saddr;
- uint16_t dport;
- uint16_t dport_mask;
- uint16_t sport;
- uint16_t sport_mask;
- uint16_t family;
- uint8_t prefixlen_d;
- uint8_t prefixlen_s;
- uint8_t proto;
- int ifindex;
- uid_t user;
-};
-
-#define XFRM_INF (~(uint64_t)0)
-
-struct xfrm_lifetime_cfg
-{
- uint64_t soft_byte_limit;
- uint64_t hard_byte_limit;
- uint64_t soft_packet_limit;
- uint64_t hard_packet_limit;
- uint64_t soft_add_expires_seconds;
- uint64_t hard_add_expires_seconds;
- uint64_t soft_use_expires_seconds;
- uint64_t hard_use_expires_seconds;
-};
-
-struct xfrm_lifetime_cur
-{
- uint64_t bytes;
- uint64_t packets;
- uint64_t add_time;
- uint64_t use_time;
-};
-
-struct xfrm_replay_state
-{
- uint32_t oseq;
- uint32_t seq;
- uint32_t bitmap;
-};
-
-struct xfrm_algo {
- char alg_name[64];
- int alg_key_len; /* in bits */
- char alg_key[0];
-};
-
-struct xfrm_stats {
- uint32_t replay_window;
- uint32_t replay;
- uint32_t integrity_failed;
-};
-
-enum
-{
- XFRM_POLICY_IN = 0,
- XFRM_POLICY_OUT = 1,
- XFRM_POLICY_FWD = 2,
- XFRM_POLICY_MAX = 3
-};
-
-enum
-{
- XFRM_SHARE_ANY, /* No limitations */
- XFRM_SHARE_SESSION, /* For this session only */
- XFRM_SHARE_USER, /* For this user only */
- XFRM_SHARE_UNIQUE /* Use once */
-};
-
-/* Netlink configuration messages. */
-#define XFRM_MSG_BASE 0x10
-
-#define XFRM_MSG_NEWSA (XFRM_MSG_BASE + 0)
-#define XFRM_MSG_DELSA (XFRM_MSG_BASE + 1)
-#define XFRM_MSG_GETSA (XFRM_MSG_BASE + 2)
-
-#define XFRM_MSG_NEWPOLICY (XFRM_MSG_BASE + 3)
-#define XFRM_MSG_DELPOLICY (XFRM_MSG_BASE + 4)
-#define XFRM_MSG_GETPOLICY (XFRM_MSG_BASE + 5)
-
-#define XFRM_MSG_ALLOCSPI (XFRM_MSG_BASE + 6)
-#define XFRM_MSG_ACQUIRE (XFRM_MSG_BASE + 7)
-#define XFRM_MSG_EXPIRE (XFRM_MSG_BASE + 8)
-
-#define XFRM_MSG_UPDPOLICY (XFRM_MSG_BASE + 9)
-#define XFRM_MSG_UPDSA (XFRM_MSG_BASE + 10)
-
-#define XFRM_MSG_POLEXPIRE (XFRM_MSG_BASE + 11)
-
-#define XFRM_MSG_MAX (XFRM_MSG_POLEXPIRE+1)
-
-struct xfrm_user_tmpl {
- struct xfrm_id id;
- uint16_t family;
- xfrm_address_t saddr;
- uint32_t reqid;
- uint8_t mode;
- uint8_t share;
- uint8_t optional;
- uint32_t aalgos;
- uint32_t ealgos;
- uint32_t calgos;
-};
-
-struct xfrm_encap_tmpl {
- uint16_t encap_type;
- uint16_t encap_sport;
- uint16_t encap_dport;
- xfrm_address_t encap_oa;
-};
-
-/* Netlink message attributes. */
-enum xfrm_attr_type_t {
- XFRMA_UNSPEC,
- XFRMA_ALG_AUTH, /* struct xfrm_algo */
- XFRMA_ALG_CRYPT, /* struct xfrm_algo */
- XFRMA_ALG_COMP, /* struct xfrm_algo */
- XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */
- XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */
-
-#define XFRMA_MAX XFRMA_TMPL
-};
-
-struct xfrm_usersa_info {
- struct xfrm_selector sel;
- struct xfrm_id id;
- xfrm_address_t saddr;
- struct xfrm_lifetime_cfg lft;
- struct xfrm_lifetime_cur curlft;
- struct xfrm_stats stats;
- uint32_t seq;
- uint32_t reqid;
- uint16_t family;
- uint8_t mode; /* 0=transport,1=tunnel */
- uint8_t replay_window;
- uint8_t flags;
-#define XFRM_STATE_NOECN 1
-};
-
-struct xfrm_usersa_id {
- xfrm_address_t daddr;
- uint32_t spi;
- uint16_t family;
- uint8_t proto;
-};
-
-struct xfrm_userspi_info {
- struct xfrm_usersa_info info;
- uint32_t min;
- uint32_t max;
-};
-
-struct xfrm_userpolicy_info {
- struct xfrm_selector sel;
- struct xfrm_lifetime_cfg lft;
- struct xfrm_lifetime_cur curlft;
- uint32_t priority;
- uint32_t index;
- uint8_t dir;
- uint8_t action;
-#define XFRM_POLICY_ALLOW 0
-#define XFRM_POLICY_BLOCK 1
- uint8_t flags;
-#define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */
- uint8_t share;
-};
-
-struct xfrm_userpolicy_id {
- struct xfrm_selector sel;
- uint32_t index;
- uint8_t dir;
-};
-
-struct xfrm_user_acquire {
- struct xfrm_id id;
- xfrm_address_t saddr;
- struct xfrm_selector sel;
- struct xfrm_userpolicy_info policy;
- uint32_t aalgos;
- uint32_t ealgos;
- uint32_t calgos;
- uint32_t seq;
-};
-
-struct xfrm_user_expire {
- struct xfrm_usersa_info state;
- uint8_t hard;
-};
-
-struct xfrm_user_polexpire {
- struct xfrm_userpolicy_info pol;
- uint8_t hard;
-};
-
-#define XFRMGRP_ACQUIRE 1
-#define XFRMGRP_EXPIRE 2
-
-#endif /* _LINUX_XFRM_H */
diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c
index ab44a113e..cda6007c7 100644
--- a/src/pluto/modecfg.c
+++ b/src/pluto/modecfg.c
@@ -978,7 +978,8 @@ xauth_inR1(struct msg_digest *md)
, ia.xauth_secret.user_password.ptr)
)
/* verify the user credentials using a plugn function */
- st->st_xauth.status = xauth_module.verify_secret(&ia.xauth_secret);
+ st->st_xauth.status = xauth_module.verify_secret(st->st_connection->name
+ , &ia.xauth_secret);
plog("extended authentication %s", st->st_xauth.status? "was successful":"failed");
}
diff --git a/src/pluto/oid.c b/src/pluto/oid.c
index 4b0632de2..48df1b7c4 100644
--- a/src/pluto/oid.c
+++ b/src/pluto/oid.c
@@ -28,7 +28,7 @@ const oid_t oid_names[] = {
{ 0x01, 0, 1, "pilotAttributeType" }, /* 15 */
{ 0x01, 17, 0, "UID" }, /* 16 */
{ 0x19, 0, 0, "DC" }, /* 17 */
- {0x55, 51, 1, "X.500" }, /* 18 */
+ {0x55, 52, 1, "X.500" }, /* 18 */
{ 0x04, 36, 1, "X.509" }, /* 19 */
{ 0x03, 21, 0, "CN" }, /* 20 */
{ 0x04, 22, 0, "S" }, /* 21 */
@@ -54,144 +54,145 @@ const oid_t oid_names[] = {
{ 0x11, 42, 0, "subjectAltName" }, /* 41 */
{ 0x12, 43, 0, "issuerAltName" }, /* 42 */
{ 0x13, 44, 0, "basicConstraints" }, /* 43 */
- { 0x15, 45, 0, "reasonCode" }, /* 44 */
- { 0x1F, 46, 0, "crlDistributionPoints" }, /* 45 */
- { 0x20, 47, 0, "certificatePolicies" }, /* 46 */
- { 0x23, 48, 0, "authorityKeyIdentifier" }, /* 47 */
- { 0x25, 49, 0, "extendedKeyUsage" }, /* 48 */
- { 0x37, 50, 0, "targetInformation" }, /* 49 */
- { 0x38, 0, 0, "noRevAvail" }, /* 50 */
- {0x2A, 88, 1, "" }, /* 51 */
- { 0x86, 0, 1, "" }, /* 52 */
- { 0x48, 0, 1, "" }, /* 53 */
- { 0x86, 0, 1, "" }, /* 54 */
- { 0xF7, 0, 1, "" }, /* 55 */
- { 0x0D, 0, 1, "RSADSI" }, /* 56 */
- { 0x01, 83, 1, "PKCS" }, /* 57 */
- { 0x01, 66, 1, "PKCS-1" }, /* 58 */
- { 0x01, 60, 0, "rsaEncryption" }, /* 59 */
- { 0x02, 61, 0, "md2WithRSAEncryption" }, /* 60 */
- { 0x04, 62, 0, "md5WithRSAEncryption" }, /* 61 */
- { 0x05, 63, 0, "sha-1WithRSAEncryption" }, /* 62 */
- { 0x0B, 64, 0, "sha256WithRSAEncryption"}, /* 63 */
- { 0x0C, 65, 0, "sha384WithRSAEncryption"}, /* 64 */
- { 0x0D, 0, 0, "sha512WithRSAEncryption"}, /* 65 */
- { 0x07, 73, 1, "PKCS-7" }, /* 66 */
- { 0x01, 68, 0, "data" }, /* 67 */
- { 0x02, 69, 0, "signedData" }, /* 68 */
- { 0x03, 70, 0, "envelopedData" }, /* 69 */
- { 0x04, 71, 0, "signedAndEnvelopedData" }, /* 70 */
- { 0x05, 72, 0, "digestedData" }, /* 71 */
- { 0x06, 0, 0, "encryptedData" }, /* 72 */
- { 0x09, 0, 1, "PKCS-9" }, /* 73 */
- { 0x01, 75, 0, "E" }, /* 74 */
- { 0x02, 76, 0, "unstructuredName" }, /* 75 */
- { 0x03, 77, 0, "contentType" }, /* 76 */
- { 0x04, 78, 0, "messageDigest" }, /* 77 */
- { 0x05, 79, 0, "signingTime" }, /* 78 */
- { 0x06, 80, 0, "counterSignature" }, /* 79 */
- { 0x07, 81, 0, "challengePassword" }, /* 80 */
- { 0x08, 82, 0, "unstructuredAddress" }, /* 81 */
- { 0x0E, 0, 0, "extensionRequest" }, /* 82 */
- { 0x02, 86, 1, "digestAlgorithm" }, /* 83 */
- { 0x02, 85, 0, "md2" }, /* 84 */
- { 0x05, 0, 0, "md5" }, /* 85 */
- { 0x03, 0, 1, "encryptionAlgorithm" }, /* 86 */
- { 0x07, 0, 0, "3des-ede-cbc" }, /* 87 */
- {0x2B, 149, 1, "" }, /* 88 */
- { 0x06, 136, 1, "dod" }, /* 89 */
- { 0x01, 0, 1, "internet" }, /* 90 */
- { 0x04, 105, 1, "private" }, /* 91 */
- { 0x01, 0, 1, "enterprise" }, /* 92 */
- { 0x82, 98, 1, "" }, /* 93 */
- { 0x37, 0, 1, "Microsoft" }, /* 94 */
- { 0x0A, 0, 1, "" }, /* 95 */
- { 0x03, 0, 1, "" }, /* 96 */
- { 0x03, 0, 0, "msSGC" }, /* 97 */
- { 0x89, 0, 1, "" }, /* 98 */
- { 0x31, 0, 1, "" }, /* 99 */
- { 0x01, 0, 1, "" }, /* 100 */
- { 0x01, 0, 1, "" }, /* 101 */
- { 0x02, 0, 1, "" }, /* 102 */
- { 0x02, 104, 0, "" }, /* 103 */
- { 0x4B, 0, 0, "TCGID" }, /* 104 */
- { 0x05, 0, 1, "security" }, /* 105 */
- { 0x05, 0, 1, "mechanisms" }, /* 106 */
- { 0x07, 0, 1, "id-pkix" }, /* 107 */
- { 0x01, 110, 1, "id-pe" }, /* 108 */
- { 0x01, 0, 0, "authorityInfoAccess" }, /* 109 */
- { 0x03, 120, 1, "id-kp" }, /* 110 */
- { 0x01, 112, 0, "serverAuth" }, /* 111 */
- { 0x02, 113, 0, "clientAuth" }, /* 112 */
- { 0x03, 114, 0, "codeSigning" }, /* 113 */
- { 0x04, 115, 0, "emailProtection" }, /* 114 */
- { 0x05, 116, 0, "ipsecEndSystem" }, /* 115 */
- { 0x06, 117, 0, "ipsecTunnel" }, /* 116 */
- { 0x07, 118, 0, "ipsecUser" }, /* 117 */
- { 0x08, 119, 0, "timeStamping" }, /* 118 */
- { 0x09, 0, 0, "ocspSigning" }, /* 119 */
- { 0x08, 122, 1, "id-otherNames" }, /* 120 */
- { 0x05, 0, 0, "xmppAddr" }, /* 121 */
- { 0x0A, 127, 1, "id-aca" }, /* 122 */
- { 0x01, 124, 0, "authenticationInfo" }, /* 123 */
- { 0x02, 125, 0, "accessIdentity" }, /* 124 */
- { 0x03, 126, 0, "chargingIdentity" }, /* 125 */
- { 0x04, 0, 0, "group" }, /* 126 */
- { 0x30, 0, 1, "id-ad" }, /* 127 */
- { 0x01, 0, 1, "ocsp" }, /* 128 */
- { 0x01, 130, 0, "basic" }, /* 129 */
- { 0x02, 131, 0, "nonce" }, /* 130 */
- { 0x03, 132, 0, "crl" }, /* 131 */
- { 0x04, 133, 0, "response" }, /* 132 */
- { 0x05, 134, 0, "noCheck" }, /* 133 */
- { 0x06, 135, 0, "archiveCutoff" }, /* 134 */
- { 0x07, 0, 0, "serviceLocator" }, /* 135 */
- { 0x0E, 142, 1, "oiw" }, /* 136 */
- { 0x03, 0, 1, "secsig" }, /* 137 */
- { 0x02, 0, 1, "algorithms" }, /* 138 */
- { 0x07, 140, 0, "des-cbc" }, /* 139 */
- { 0x1A, 141, 0, "sha-1" }, /* 140 */
- { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 141 */
- { 0x24, 0, 1, "TeleTrusT" }, /* 142 */
- { 0x03, 0, 1, "algorithm" }, /* 143 */
- { 0x03, 0, 1, "signatureAlgorithm" }, /* 144 */
- { 0x01, 0, 1, "rsaSignature" }, /* 145 */
- { 0x02, 147, 0, "rsaSigWithripemd160" }, /* 146 */
- { 0x03, 148, 0, "rsaSigWithripemd128" }, /* 147 */
- { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 148 */
- {0x60, 0, 1, "" }, /* 149 */
- { 0x86, 0, 1, "" }, /* 150 */
- { 0x48, 0, 1, "" }, /* 151 */
- { 0x01, 0, 1, "organization" }, /* 152 */
- { 0x65, 160, 1, "gov" }, /* 153 */
- { 0x03, 0, 1, "csor" }, /* 154 */
- { 0x04, 0, 1, "nistalgorithm" }, /* 155 */
- { 0x02, 0, 1, "hashalgs" }, /* 156 */
- { 0x01, 158, 0, "id-SHA-256" }, /* 157 */
- { 0x02, 159, 0, "id-SHA-384" }, /* 158 */
- { 0x03, 0, 0, "id-SHA-512" }, /* 159 */
- { 0x86, 0, 1, "" }, /* 160 */
- { 0xf8, 0, 1, "" }, /* 161 */
- { 0x42, 174, 1, "netscape" }, /* 162 */
- { 0x01, 169, 1, "" }, /* 163 */
- { 0x01, 165, 0, "nsCertType" }, /* 164 */
- { 0x03, 166, 0, "nsRevocationUrl" }, /* 165 */
- { 0x04, 167, 0, "nsCaRevocationUrl" }, /* 166 */
- { 0x08, 168, 0, "nsCaPolicyUrl" }, /* 167 */
- { 0x0d, 0, 0, "nsComment" }, /* 168 */
- { 0x03, 172, 1, "directory" }, /* 169 */
- { 0x01, 0, 1, "" }, /* 170 */
- { 0x03, 0, 0, "employeeNumber" }, /* 171 */
- { 0x04, 0, 1, "policy" }, /* 172 */
- { 0x01, 0, 0, "nsSGC" }, /* 173 */
- { 0x45, 0, 1, "verisign" }, /* 174 */
- { 0x01, 0, 1, "pki" }, /* 175 */
- { 0x09, 0, 1, "attributes" }, /* 176 */
- { 0x02, 178, 0, "messageType" }, /* 177 */
- { 0x03, 179, 0, "pkiStatus" }, /* 178 */
- { 0x04, 180, 0, "failInfo" }, /* 179 */
- { 0x05, 181, 0, "senderNonce" }, /* 180 */
- { 0x06, 182, 0, "recipientNonce" }, /* 181 */
- { 0x07, 183, 0, "transID" }, /* 182 */
- { 0x08, 0, 0, "extensionReq" } /* 183 */
+ { 0x14, 45, 0, "crlNumber" }, /* 44 */
+ { 0x15, 46, 0, "reasonCode" }, /* 45 */
+ { 0x1F, 47, 0, "crlDistributionPoints" }, /* 46 */
+ { 0x20, 48, 0, "certificatePolicies" }, /* 47 */
+ { 0x23, 49, 0, "authorityKeyIdentifier" }, /* 48 */
+ { 0x25, 50, 0, "extendedKeyUsage" }, /* 49 */
+ { 0x37, 51, 0, "targetInformation" }, /* 50 */
+ { 0x38, 0, 0, "noRevAvail" }, /* 51 */
+ {0x2A, 89, 1, "" }, /* 52 */
+ { 0x86, 0, 1, "" }, /* 53 */
+ { 0x48, 0, 1, "" }, /* 54 */
+ { 0x86, 0, 1, "" }, /* 55 */
+ { 0xF7, 0, 1, "" }, /* 56 */
+ { 0x0D, 0, 1, "RSADSI" }, /* 57 */
+ { 0x01, 84, 1, "PKCS" }, /* 58 */
+ { 0x01, 67, 1, "PKCS-1" }, /* 59 */
+ { 0x01, 61, 0, "rsaEncryption" }, /* 60 */
+ { 0x02, 62, 0, "md2WithRSAEncryption" }, /* 61 */
+ { 0x04, 63, 0, "md5WithRSAEncryption" }, /* 62 */
+ { 0x05, 64, 0, "sha-1WithRSAEncryption" }, /* 63 */
+ { 0x0B, 65, 0, "sha256WithRSAEncryption"}, /* 64 */
+ { 0x0C, 66, 0, "sha384WithRSAEncryption"}, /* 65 */
+ { 0x0D, 0, 0, "sha512WithRSAEncryption"}, /* 66 */
+ { 0x07, 74, 1, "PKCS-7" }, /* 67 */
+ { 0x01, 69, 0, "data" }, /* 68 */
+ { 0x02, 70, 0, "signedData" }, /* 69 */
+ { 0x03, 71, 0, "envelopedData" }, /* 70 */
+ { 0x04, 72, 0, "signedAndEnvelopedData" }, /* 71 */
+ { 0x05, 73, 0, "digestedData" }, /* 72 */
+ { 0x06, 0, 0, "encryptedData" }, /* 73 */
+ { 0x09, 0, 1, "PKCS-9" }, /* 74 */
+ { 0x01, 76, 0, "E" }, /* 75 */
+ { 0x02, 77, 0, "unstructuredName" }, /* 76 */
+ { 0x03, 78, 0, "contentType" }, /* 77 */
+ { 0x04, 79, 0, "messageDigest" }, /* 78 */
+ { 0x05, 80, 0, "signingTime" }, /* 79 */
+ { 0x06, 81, 0, "counterSignature" }, /* 80 */
+ { 0x07, 82, 0, "challengePassword" }, /* 81 */
+ { 0x08, 83, 0, "unstructuredAddress" }, /* 82 */
+ { 0x0E, 0, 0, "extensionRequest" }, /* 83 */
+ { 0x02, 87, 1, "digestAlgorithm" }, /* 84 */
+ { 0x02, 86, 0, "md2" }, /* 85 */
+ { 0x05, 0, 0, "md5" }, /* 86 */
+ { 0x03, 0, 1, "encryptionAlgorithm" }, /* 87 */
+ { 0x07, 0, 0, "3des-ede-cbc" }, /* 88 */
+ {0x2B, 150, 1, "" }, /* 89 */
+ { 0x06, 137, 1, "dod" }, /* 90 */
+ { 0x01, 0, 1, "internet" }, /* 91 */
+ { 0x04, 106, 1, "private" }, /* 92 */
+ { 0x01, 0, 1, "enterprise" }, /* 93 */
+ { 0x82, 99, 1, "" }, /* 94 */
+ { 0x37, 0, 1, "Microsoft" }, /* 95 */
+ { 0x0A, 0, 1, "" }, /* 96 */
+ { 0x03, 0, 1, "" }, /* 97 */
+ { 0x03, 0, 0, "msSGC" }, /* 98 */
+ { 0x89, 0, 1, "" }, /* 99 */
+ { 0x31, 0, 1, "" }, /* 100 */
+ { 0x01, 0, 1, "" }, /* 101 */
+ { 0x01, 0, 1, "" }, /* 102 */
+ { 0x02, 0, 1, "" }, /* 103 */
+ { 0x02, 105, 0, "" }, /* 104 */
+ { 0x4B, 0, 0, "TCGID" }, /* 105 */
+ { 0x05, 0, 1, "security" }, /* 106 */
+ { 0x05, 0, 1, "mechanisms" }, /* 107 */
+ { 0x07, 0, 1, "id-pkix" }, /* 108 */
+ { 0x01, 111, 1, "id-pe" }, /* 109 */
+ { 0x01, 0, 0, "authorityInfoAccess" }, /* 110 */
+ { 0x03, 121, 1, "id-kp" }, /* 111 */
+ { 0x01, 113, 0, "serverAuth" }, /* 112 */
+ { 0x02, 114, 0, "clientAuth" }, /* 113 */
+ { 0x03, 115, 0, "codeSigning" }, /* 114 */
+ { 0x04, 116, 0, "emailProtection" }, /* 115 */
+ { 0x05, 117, 0, "ipsecEndSystem" }, /* 116 */
+ { 0x06, 118, 0, "ipsecTunnel" }, /* 117 */
+ { 0x07, 119, 0, "ipsecUser" }, /* 118 */
+ { 0x08, 120, 0, "timeStamping" }, /* 119 */
+ { 0x09, 0, 0, "ocspSigning" }, /* 120 */
+ { 0x08, 123, 1, "id-otherNames" }, /* 121 */
+ { 0x05, 0, 0, "xmppAddr" }, /* 122 */
+ { 0x0A, 128, 1, "id-aca" }, /* 123 */
+ { 0x01, 125, 0, "authenticationInfo" }, /* 124 */
+ { 0x02, 126, 0, "accessIdentity" }, /* 125 */
+ { 0x03, 127, 0, "chargingIdentity" }, /* 126 */
+ { 0x04, 0, 0, "group" }, /* 127 */
+ { 0x30, 0, 1, "id-ad" }, /* 128 */
+ { 0x01, 0, 1, "ocsp" }, /* 129 */
+ { 0x01, 131, 0, "basic" }, /* 130 */
+ { 0x02, 132, 0, "nonce" }, /* 131 */
+ { 0x03, 133, 0, "crl" }, /* 132 */
+ { 0x04, 134, 0, "response" }, /* 133 */
+ { 0x05, 135, 0, "noCheck" }, /* 134 */
+ { 0x06, 136, 0, "archiveCutoff" }, /* 135 */
+ { 0x07, 0, 0, "serviceLocator" }, /* 136 */
+ { 0x0E, 143, 1, "oiw" }, /* 137 */
+ { 0x03, 0, 1, "secsig" }, /* 138 */
+ { 0x02, 0, 1, "algorithms" }, /* 139 */
+ { 0x07, 141, 0, "des-cbc" }, /* 140 */
+ { 0x1A, 142, 0, "sha-1" }, /* 141 */
+ { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 142 */
+ { 0x24, 0, 1, "TeleTrusT" }, /* 143 */
+ { 0x03, 0, 1, "algorithm" }, /* 144 */
+ { 0x03, 0, 1, "signatureAlgorithm" }, /* 145 */
+ { 0x01, 0, 1, "rsaSignature" }, /* 146 */
+ { 0x02, 148, 0, "rsaSigWithripemd160" }, /* 147 */
+ { 0x03, 149, 0, "rsaSigWithripemd128" }, /* 148 */
+ { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 149 */
+ {0x60, 0, 1, "" }, /* 150 */
+ { 0x86, 0, 1, "" }, /* 151 */
+ { 0x48, 0, 1, "" }, /* 152 */
+ { 0x01, 0, 1, "organization" }, /* 153 */
+ { 0x65, 161, 1, "gov" }, /* 154 */
+ { 0x03, 0, 1, "csor" }, /* 155 */
+ { 0x04, 0, 1, "nistalgorithm" }, /* 156 */
+ { 0x02, 0, 1, "hashalgs" }, /* 157 */
+ { 0x01, 159, 0, "id-SHA-256" }, /* 158 */
+ { 0x02, 160, 0, "id-SHA-384" }, /* 159 */
+ { 0x03, 0, 0, "id-SHA-512" }, /* 160 */
+ { 0x86, 0, 1, "" }, /* 161 */
+ { 0xf8, 0, 1, "" }, /* 162 */
+ { 0x42, 175, 1, "netscape" }, /* 163 */
+ { 0x01, 170, 1, "" }, /* 164 */
+ { 0x01, 166, 0, "nsCertType" }, /* 165 */
+ { 0x03, 167, 0, "nsRevocationUrl" }, /* 166 */
+ { 0x04, 168, 0, "nsCaRevocationUrl" }, /* 167 */
+ { 0x08, 169, 0, "nsCaPolicyUrl" }, /* 168 */
+ { 0x0d, 0, 0, "nsComment" }, /* 169 */
+ { 0x03, 173, 1, "directory" }, /* 170 */
+ { 0x01, 0, 1, "" }, /* 171 */
+ { 0x03, 0, 0, "employeeNumber" }, /* 172 */
+ { 0x04, 0, 1, "policy" }, /* 173 */
+ { 0x01, 0, 0, "nsSGC" }, /* 174 */
+ { 0x45, 0, 1, "verisign" }, /* 175 */
+ { 0x01, 0, 1, "pki" }, /* 176 */
+ { 0x09, 0, 1, "attributes" }, /* 177 */
+ { 0x02, 179, 0, "messageType" }, /* 178 */
+ { 0x03, 180, 0, "pkiStatus" }, /* 179 */
+ { 0x04, 181, 0, "failInfo" }, /* 180 */
+ { 0x05, 182, 0, "senderNonce" }, /* 181 */
+ { 0x06, 183, 0, "recipientNonce" }, /* 182 */
+ { 0x07, 184, 0, "transID" }, /* 183 */
+ { 0x08, 0, 0, "extensionReq" } /* 184 */
};
diff --git a/src/pluto/oid.h b/src/pluto/oid.h
index ccdfb2954..869a87eb0 100644
--- a/src/pluto/oid.h
+++ b/src/pluto/oid.h
@@ -19,60 +19,61 @@ extern const oid_t oid_names[];
#define OID_SUBJECT_KEY_ID 38
#define OID_SUBJECT_ALT_NAME 41
#define OID_BASIC_CONSTRAINTS 43
-#define OID_CRL_REASON_CODE 44
-#define OID_CRL_DISTRIBUTION_POINTS 45
-#define OID_AUTHORITY_KEY_ID 47
-#define OID_EXTENDED_KEY_USAGE 48
-#define OID_TARGET_INFORMATION 49
-#define OID_NO_REV_AVAIL 50
-#define OID_RSA_ENCRYPTION 59
-#define OID_MD2_WITH_RSA 60
-#define OID_MD5_WITH_RSA 61
-#define OID_SHA1_WITH_RSA 62
-#define OID_SHA256_WITH_RSA 63
-#define OID_SHA384_WITH_RSA 64
-#define OID_SHA512_WITH_RSA 65
-#define OID_PKCS7_DATA 67
-#define OID_PKCS7_SIGNED_DATA 68
-#define OID_PKCS7_ENVELOPED_DATA 69
-#define OID_PKCS7_SIGNED_ENVELOPED_DATA 70
-#define OID_PKCS7_DIGESTED_DATA 71
-#define OID_PKCS7_ENCRYPTED_DATA 72
-#define OID_PKCS9_EMAIL 74
-#define OID_PKCS9_CONTENT_TYPE 76
-#define OID_PKCS9_MESSAGE_DIGEST 77
-#define OID_PKCS9_SIGNING_TIME 78
-#define OID_MD2 84
-#define OID_MD5 85
-#define OID_3DES_EDE_CBC 87
-#define OID_AUTHORITY_INFO_ACCESS 109
-#define OID_OCSP_SIGNING 119
-#define OID_XMPP_ADDR 121
-#define OID_AUTHENTICATION_INFO 123
-#define OID_ACCESS_IDENTITY 124
-#define OID_CHARGING_IDENTITY 125
-#define OID_GROUP 126
-#define OID_OCSP 128
-#define OID_BASIC 129
-#define OID_NONCE 130
-#define OID_CRL 131
-#define OID_RESPONSE 132
-#define OID_NO_CHECK 133
-#define OID_ARCHIVE_CUTOFF 134
-#define OID_SERVICE_LOCATOR 135
-#define OID_DES_CBC 139
-#define OID_SHA1 140
-#define OID_SHA1_WITH_RSA_OIW 141
-#define OID_SHA256 157
-#define OID_SHA384 158
-#define OID_SHA512 159
-#define OID_NS_REVOCATION_URL 165
-#define OID_NS_CA_REVOCATION_URL 166
-#define OID_NS_CA_POLICY_URL 167
-#define OID_NS_COMMENT 168
-#define OID_PKI_MESSAGE_TYPE 177
-#define OID_PKI_STATUS 178
-#define OID_PKI_FAIL_INFO 179
-#define OID_PKI_SENDER_NONCE 180
-#define OID_PKI_RECIPIENT_NONCE 181
-#define OID_PKI_TRANS_ID 182
+#define OID_CRL_NUMBER 44
+#define OID_CRL_REASON_CODE 45
+#define OID_CRL_DISTRIBUTION_POINTS 46
+#define OID_AUTHORITY_KEY_ID 48
+#define OID_EXTENDED_KEY_USAGE 49
+#define OID_TARGET_INFORMATION 50
+#define OID_NO_REV_AVAIL 51
+#define OID_RSA_ENCRYPTION 60
+#define OID_MD2_WITH_RSA 61
+#define OID_MD5_WITH_RSA 62
+#define OID_SHA1_WITH_RSA 63
+#define OID_SHA256_WITH_RSA 64
+#define OID_SHA384_WITH_RSA 65
+#define OID_SHA512_WITH_RSA 66
+#define OID_PKCS7_DATA 68
+#define OID_PKCS7_SIGNED_DATA 69
+#define OID_PKCS7_ENVELOPED_DATA 70
+#define OID_PKCS7_SIGNED_ENVELOPED_DATA 71
+#define OID_PKCS7_DIGESTED_DATA 72
+#define OID_PKCS7_ENCRYPTED_DATA 73
+#define OID_PKCS9_EMAIL 75
+#define OID_PKCS9_CONTENT_TYPE 77
+#define OID_PKCS9_MESSAGE_DIGEST 78
+#define OID_PKCS9_SIGNING_TIME 79
+#define OID_MD2 85
+#define OID_MD5 86
+#define OID_3DES_EDE_CBC 88
+#define OID_AUTHORITY_INFO_ACCESS 110
+#define OID_OCSP_SIGNING 120
+#define OID_XMPP_ADDR 122
+#define OID_AUTHENTICATION_INFO 124
+#define OID_ACCESS_IDENTITY 125
+#define OID_CHARGING_IDENTITY 126
+#define OID_GROUP 127
+#define OID_OCSP 129
+#define OID_BASIC 130
+#define OID_NONCE 131
+#define OID_CRL 132
+#define OID_RESPONSE 133
+#define OID_NO_CHECK 134
+#define OID_ARCHIVE_CUTOFF 135
+#define OID_SERVICE_LOCATOR 136
+#define OID_DES_CBC 140
+#define OID_SHA1 141
+#define OID_SHA1_WITH_RSA_OIW 142
+#define OID_SHA256 158
+#define OID_SHA384 159
+#define OID_SHA512 160
+#define OID_NS_REVOCATION_URL 166
+#define OID_NS_CA_REVOCATION_URL 167
+#define OID_NS_CA_POLICY_URL 168
+#define OID_NS_COMMENT 169
+#define OID_PKI_MESSAGE_TYPE 178
+#define OID_PKI_STATUS 179
+#define OID_PKI_FAIL_INFO 180
+#define OID_PKI_SENDER_NONCE 181
+#define OID_PKI_RECIPIENT_NONCE 182
+#define OID_PKI_TRANS_ID 183
diff --git a/src/pluto/oid.txt b/src/pluto/oid.txt
index e8750024e..2b3c96ae3 100644
--- a/src/pluto/oid.txt
+++ b/src/pluto/oid.txt
@@ -42,6 +42,7 @@
0x11 "subjectAltName" OID_SUBJECT_ALT_NAME
0x12 "issuerAltName"
0x13 "basicConstraints" OID_BASIC_CONSTRAINTS
+ 0x14 "crlNumber" OID_CRL_NUMBER
0x15 "reasonCode" OID_CRL_REASON_CODE
0x1F "crlDistributionPoints" OID_CRL_DISTRIBUTION_POINTS
0x20 "certificatePolicies"
diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c
index e235ff765..d9b2167c8 100644
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@@ -29,6 +29,8 @@
#include <resolv.h>
#include <arpa/nameser.h> /* missing from <resolv.h> on old systems */
#include <sys/queue.h>
+#include <linux/capability.h>
+#include <sys/prctl.h>
#include <freeswan.h>
@@ -64,6 +66,11 @@
#include "nat_traversal.h"
#include "virtual.h"
+/* on some distros, a capset() definition is missing */
+#ifdef NO_CAPSET_DEFINED
+extern int capset(cap_user_header_t hdrp, const cap_user_data_t datap);
+#endif /* NO_CAPSET_DEFINED */
+
static void
usage(const char *mess)
{
@@ -221,6 +228,8 @@ main(int argc, char **argv)
bool force_keepalive = FALSE;
char *virtual_private = NULL;
int lockfd;
+ struct __user_cap_header_struct hdr;
+ struct __user_cap_data_struct data;
/* handle arguments */
for (;;)
@@ -596,6 +605,26 @@ main(int argc, char **argv)
init_id();
init_fetch();
+ /* drop unneeded capabilities and change UID/GID */
+ hdr.version = _LINUX_CAPABILITY_VERSION;
+ hdr.pid = 0;
+ data.effective = data.permitted = 1<<CAP_NET_ADMIN | 1<<CAP_NET_BIND_SERVICE;
+ data.inheritable = 0;
+
+ prctl(PR_SET_KEEPCAPS, 1);
+
+# if IPSEC_GID
+ setgid(IPSEC_GID);
+# endif
+# if IPSEC_UID
+ setuid(IPSEC_UID);
+# endif
+ if (capset(&hdr, &data))
+ {
+ plog("unable to drop root privileges");
+ abort();
+ }
+
/* loading X.509 CA certificates */
load_authcerts("CA cert", CA_CERT_PATH, AUTH_CA);
/* loading X.509 AA certificates */
diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c
index e888d5e16..c2ea2b5a0 100644
--- a/src/pluto/vendor.c
+++ b/src/pluto/vendor.c
@@ -205,7 +205,9 @@ static struct vid_struct _vid_tab[] = {
/*
* strongSwan
*/
- DEC_MD5_VID(STRONGSWAN, "strongSwan 4.1.1")
+ DEC_MD5_VID(STRONGSWAN, "strongSwan 4.1.3")
+ DEC_MD5_VID(STRONGSWAN_4_1_2, "strongSwan 4.1.2")
+ DEC_MD5_VID(STRONGSWAN_4_1_1, "strongSwan 4.1.1")
DEC_MD5_VID(STRONGSWAN_4_1_0, "strongSwan 4.1.0")
DEC_MD5_VID(STRONGSWAN_4_0_7, "strongSwan 4.0.7")
DEC_MD5_VID(STRONGSWAN_4_0_6, "strongSwan 4.0.6")
diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h
index 8e0444f4d..5ba65ea37 100644
--- a/src/pluto/vendor.h
+++ b/src/pluto/vendor.h
@@ -99,6 +99,8 @@ enum known_vendorid {
VID_STRONGSWAN_4_0_6 = 76,
VID_STRONGSWAN_4_0_7 = 77,
VID_STRONGSWAN_4_1_0 = 78,
+ VID_STRONGSWAN_4_1_1 = 79,
+ VID_STRONGSWAN_4_1_2 = 80,
/* 101 - 200 : NAT-Traversal */
VID_NATT_STENBERG_01 =101,
diff --git a/src/pluto/xauth.c b/src/pluto/xauth.c
index 3d30ad227..77ac8dee7 100644
--- a/src/pluto/xauth.c
+++ b/src/pluto/xauth.c
@@ -44,7 +44,7 @@ xauth_init(void)
DBG_log("xauth module: found get_secret() function");
}
)
- xauth_module.verify_secret = (bool (*) (const xauth_t*))
+ xauth_module.verify_secret = (bool (*) (const char*, const xauth_t*))
dlsym(xauth_module.handle, "verify_secret");
DBG(DBG_CONTROL,
if (xauth_module.verify_secret != NULL)
diff --git a/src/pluto/xauth.h b/src/pluto/xauth.h
index 1f06aefd9..740618750 100644
--- a/src/pluto/xauth.h
+++ b/src/pluto/xauth.h
@@ -30,7 +30,7 @@ typedef struct {
typedef struct {
void *handle;
bool (*get_secret) (xauth_t *xauth_secret);
- bool (*verify_secret) (const xauth_t *xauth_secret);
+ bool (*verify_secret) (const char *conn_name, const xauth_t *xauth_secret);
} xauth_module_t;
extern xauth_module_t xauth_module;
diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in
index b21b9bf05..798f09de8 100644
--- a/src/scepclient/Makefile.in
+++ b/src/scepclient/Makefile.in
@@ -128,6 +128,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -140,6 +141,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -150,8 +152,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -173,6 +179,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -182,6 +189,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -195,9 +204,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -212,6 +225,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
scepclient_SOURCES = rsakey.c rsakey.h pkcs10.c pkcs10.h scep.c scep.h scepclient.c
INCLUDES = \
-I$(top_srcdir)/src/libfreeswan \
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 80410a205..432b3d6d5 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -121,6 +121,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -133,6 +134,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -143,8 +145,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -166,6 +172,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -175,6 +182,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -188,9 +197,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -205,6 +218,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
starter_SOURCES = y.tab.c netkey.c y.tab.h parser.h args.h netkey.h \
starterwhack.c starterwhack.h starterstroke.c invokepluto.c confread.c \
starterstroke.h interfaces.c invokepluto.h confread.h interfaces.h args.c \
diff --git a/src/starter/args.c b/src/starter/args.c
index 82e957f59..fb8424841 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -61,6 +61,12 @@ static const char *LST_sendcert[] = {
NULL
};
+static const char *LST_strict[] = {
+ "no",
+ "yes",
+ "ifuri",
+ NULL
+};
static const char *LST_dpd_action[] = {
"none",
"clear",
@@ -160,7 +166,7 @@ static const token_info_t token_info[] =
{ ARG_UINT, offsetof(starter_config_t, setup.overridemtu), NULL },
{ ARG_TIME, offsetof(starter_config_t, setup.crlcheckinterval), NULL },
{ ARG_ENUM, offsetof(starter_config_t, setup.cachecrls), LST_bool },
- { ARG_ENUM, offsetof(starter_config_t, setup.strictcrlpolicy), LST_bool },
+ { ARG_ENUM, offsetof(starter_config_t, setup.strictcrlpolicy), LST_strict },
{ ARG_ENUM, offsetof(starter_config_t, setup.nocrsend), LST_bool },
{ ARG_ENUM, offsetof(starter_config_t, setup.nat_traversal), LST_bool },
{ ARG_TIME, offsetof(starter_config_t, setup.keep_alive), NULL },
diff --git a/src/starter/confread.h b/src/starter/confread.h
index e0de68376..2fe75fcc6 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -46,6 +46,12 @@ typedef enum {
KEY_EXCHANGE_IKEV2
} keyexchange_t;
+typedef enum {
+ STRICT_NO,
+ STRICT_YES,
+ STRICT_IFURI
+} strict_t;
+
typedef struct starter_end starter_end_t;
struct starter_end {
@@ -156,23 +162,23 @@ struct starter_config {
bool plutostart;
/* pluto/charon keywords */
- char **plutodebug;
- char *charondebug;
- char *prepluto;
- char *postpluto;
- bool uniqueids;
- u_int overridemtu;
- u_int crlcheckinterval;
- bool cachecrls;
- bool strictcrlpolicy;
- bool nocrsend;
- bool nat_traversal;
- u_int keep_alive;
- char *virtual_private;
- char *eapdir;
- char *pkcs11module;
- bool pkcs11keepstate;
- bool pkcs11proxy;
+ char **plutodebug;
+ char *charondebug;
+ char *prepluto;
+ char *postpluto;
+ bool uniqueids;
+ u_int overridemtu;
+ u_int crlcheckinterval;
+ bool cachecrls;
+ strict_t strictcrlpolicy;
+ bool nocrsend;
+ bool nat_traversal;
+ u_int keep_alive;
+ char *virtual_private;
+ char *eapdir;
+ char *pkcs11module;
+ bool pkcs11keepstate;
+ bool pkcs11proxy;
/* KLIPS keywords */
char **klipsdebug;
diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c
index e97c8388b..48cb4151b 100644
--- a/src/starter/invokecharon.c
+++ b/src/starter/invokecharon.c
@@ -100,6 +100,7 @@ starter_start_charon (starter_config_t *cfg, bool debug)
{
int pid, i;
struct stat stb;
+ char buffer[BUF_LEN], buffer1[BUF_LEN];
int argc = 1;
char *arg[] = {
CHARON_CMD, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
@@ -115,6 +116,7 @@ starter_start_charon (starter_config_t *cfg, bool debug)
if (cfg->setup.strictcrlpolicy)
{
arg[argc++] = "--strictcrlpolicy";
+ arg[argc++] = cfg->setup.strictcrlpolicy == STRICT_IFURI ? "2":"1";
}
if (cfg->setup.cachecrls)
{
@@ -122,11 +124,9 @@ starter_start_charon (starter_config_t *cfg, bool debug)
}
if (cfg->setup.crlcheckinterval > 0)
{
- char buffer[BUF_LEN];
-
- snprintf(buffer, BUF_LEN, "%u", cfg->setup.crlcheckinterval);
+ snprintf(buffer1, BUF_LEN, "%u", cfg->setup.crlcheckinterval);
arg[argc++] = "--crlcheckinterval";
- arg[argc++] = buffer;
+ arg[argc++] = buffer1;
}
if (cfg->setup.eapdir)
{
@@ -135,7 +135,7 @@ starter_start_charon (starter_config_t *cfg, bool debug)
}
{ /* parse debug string */
- char *pos, *level, *buf_pos, type[4], buffer[BUF_LEN];
+ char *pos, *level, *buf_pos, type[4];
pos = cfg->setup.charondebug;
buf_pos = buffer;
while (pos && sscanf(pos, "%4s %d,", type, &level) == 2)
@@ -181,7 +181,11 @@ starter_start_charon (starter_config_t *cfg, bool debug)
FILE *f;
plog("no %s file, generating RSA key", SECRETS_FILE);
+ seteuid(IPSEC_UID);
+ setegid(IPSEC_GID);
system("ipsec scepclient --out pkcs1 --out cert-self --quiet");
+ seteuid(0);
+ setegid(0);
/* ipsec.secrets is root readable only */
oldmask = umask(0066);
@@ -194,6 +198,7 @@ starter_start_charon (starter_config_t *cfg, bool debug)
fprintf(f, ": RSA myKey.der\n");
fclose(f);
}
+ chown(SECRETS_FILE, IPSEC_UID, IPSEC_GID);
umask(oldmask);
}
@@ -207,6 +212,8 @@ starter_start_charon (starter_config_t *cfg, bool debug)
/* child */
setsid();
sigprocmask(SIG_SETMASK, 0, NULL);
+ /* disable glibc's malloc checker, conflicts with leak detective */
+ setenv("MALLOC_CHECK_", "0", 1);
execv(arg[0], arg);
plog("can't execv(%s,...): %s", arg[0], strerror(errno));
exit(1);
diff --git a/src/starter/invokepluto.c b/src/starter/invokepluto.c
index 1b11b4a10..240d98391 100644
--- a/src/starter/invokepluto.c
+++ b/src/starter/invokepluto.c
@@ -216,7 +216,11 @@ starter_start_pluto (starter_config_t *cfg, bool debug)
FILE *f;
plog("no %s file, generating RSA key", SECRETS_FILE);
+ seteuid(IPSEC_UID);
+ setegid(IPSEC_GID);
system("ipsec scepclient --out pkcs1 --out cert-self --quiet");
+ seteuid(0);
+ setegid(0);
/* ipsec.secrets is root readable only */
oldmask = umask(0066);
@@ -229,6 +233,7 @@ starter_start_pluto (starter_config_t *cfg, bool debug)
fprintf(f, ": RSA myKey.der\n");
fclose(f);
}
+ chown(SECRETS_FILE, IPSEC_UID, IPSEC_GID);
umask(oldmask);
}
diff --git a/src/starter/ipsec.conf.5 b/src/starter/ipsec.conf.5
index 3e59190e3..c80c5166b 100644
--- a/src/starter/ipsec.conf.5
+++ b/src/starter/ipsec.conf.5
@@ -600,7 +600,16 @@ value is
.B %modeconfig
or
.B %config,
-an address is requested from the peer.
+an address is requested from the peer. In IKEv2, a defined address is requested,
+but the server may change it. If the server does not support it, the address
+is enforced.
+.TP
+.B rightsourceip
+The internal source IP to use in a tunnel for the remote peer. If the
+value is
+.B %config
+on the responder side, the initiator must propose a address which is then echoed
+back.
.TP
.B leftsubnetwithin
Not relevant for IKEv2, as subnets are narrowed.
@@ -678,13 +687,16 @@ Relevant only locally, other end need not agree on it.
.B ike
IKE/ISAKMP SA encryption/authentication algorithm to be used, e.g.
.B aes128-sha1-modp2048
-(encryption-integrity-dhgroup).
+(encryption-integrity-dhgroup). In IKEv2, multiple algorithms and proposals
+may be included, such as
+.B aes128-aes256-sha1-modp1536-modp2048,3des-sha1-md5-modp1024.
.TP
.B esp
ESP encryption/authentication algorithm to be used
for the connection, e.g.
.B 3des-md5
-(encryption-integrity).
+(encryption-integrity-[dh-group]). If dh-group is specified, CHILD_SA setup
+and rekeying include a separate diffe hellman exchange (IKEv2 only).
.TP
.B ah
AH authentication algorithm to be used
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index fb8e74b8c..13c2f4326 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -156,6 +156,7 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
msg_end->id = push_string(msg, conn_end->id);
msg_end->cert = push_string(msg, conn_end->cert);
msg_end->ca = push_string(msg, conn_end->ca);
+ msg_end->groups = push_string(msg, conn_end->groups);
msg_end->updown = push_string(msg, conn_end->updown);
ip_address2string(&conn_end->addr, buffer, sizeof(buffer));
msg_end->address = push_string(msg, buffer);
@@ -167,7 +168,7 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
msg_end->tohost = !conn_end->has_client;
msg_end->protocol = conn_end->protocol;
msg_end->port = conn_end->port;
- msg_end->virtual_ip = conn_end->modecfg;
+ msg_end->virtual_ip = conn_end->modecfg || conn_end->has_srcip;
ip_address2string(&conn_end->srcip, buffer, sizeof(buffer));
msg_end->sourceip = push_string(msg, buffer);
}
diff --git a/src/starter/y.tab.c b/src/starter/y.tab.c
index 11a0373e9..49da832c0 100644
--- a/src/starter/y.tab.c
+++ b/src/starter/y.tab.c
@@ -172,7 +172,7 @@ extern kw_entry_t *in_word_set (char *str, unsigned int len);
typedef union YYSTYPE
#line 56 "parser.y"
{ char *s; }
-/* Line 193 of yacc.c. */
+/* Line 187 of yacc.c. */
#line 177 "y.tab.c"
YYSTYPE;
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
diff --git a/src/starter/y.tab.h b/src/starter/y.tab.h
index 4b55cb005..b4352e6b4 100644
--- a/src/starter/y.tab.h
+++ b/src/starter/y.tab.h
@@ -70,7 +70,7 @@
typedef union YYSTYPE
#line 56 "parser.y"
{ char *s; }
-/* Line 1528 of yacc.c. */
+/* Line 1488 of yacc.c. */
#line 75 "y.tab.h"
YYSTYPE;
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index 179bca750..a32dc8b90 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -111,6 +111,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -123,6 +124,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -133,8 +135,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -156,6 +162,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -165,6 +172,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -178,9 +187,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -195,6 +208,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
stroke_SOURCES = stroke.c stroke.h stroke_keywords.c stroke_keywords.h
INCLUDES = -I$(top_srcdir)/src/libstrongswan
EXTRA_DIST = stroke_keywords.txt
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index 5d3fd6e77..cd2e85caa 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -218,6 +218,9 @@ static int list_flags[] = {
LIST_CERTS,
LIST_CACERTS,
LIST_OCSPCERTS,
+ LIST_AACERTS,
+ LIST_ACERTS,
+ LIST_GROUPS,
LIST_CAINFOS,
LIST_CRLS,
LIST_OCSP,
@@ -238,6 +241,8 @@ static int list(stroke_keyword_t kw, int utc)
static int reread_flags[] = {
REREAD_CACERTS,
REREAD_OCSPCERTS,
+ REREAD_AACERTS,
+ REREAD_ACERTS,
REREAD_CRLS,
REREAD_ALL
};
diff --git a/src/stroke/stroke.h b/src/stroke/stroke.h
index 2eefb36c4..94e07d465 100644
--- a/src/stroke/stroke.h
+++ b/src/stroke/stroke.h
@@ -47,14 +47,20 @@ enum list_flag_t {
LIST_CACERTS = 0x0002,
/** list all ocsp signer certs */
LIST_OCSPCERTS = 0x0004,
+ /** list all aa certs */
+ LIST_AACERTS = 0x0008,
+ /** list all attribute certs */
+ LIST_ACERTS = 0x0010,
+ /** list all access control groups */
+ LIST_GROUPS = 0x0020,
/** list all ca information records */
- LIST_CAINFOS = 0x0008,
+ LIST_CAINFOS = 0x0040,
/** list all crls */
- LIST_CRLS = 0x0010,
+ LIST_CRLS = 0x0080,
/** list all ocsp cache entries */
- LIST_OCSP = 0x0020,
+ LIST_OCSP = 0x0100,
/** all list options */
- LIST_ALL = 0x003F,
+ LIST_ALL = 0x01FF,
};
typedef enum reread_flag_t reread_flag_t;
@@ -70,10 +76,14 @@ enum reread_flag_t {
REREAD_CACERTS = 0x0001,
/** reread all ocsp signer certs */
REREAD_OCSPCERTS = 0x0002,
+ /** reread all aa certs */
+ REREAD_AACERTS = 0x0004,
+ /** reread all attribute certs */
+ REREAD_ACERTS = 0x0008,
/** reread all crls */
- REREAD_CRLS = 0x0004,
+ REREAD_CRLS = 0x0010,
/** all reread options */
- REREAD_ALL = 0x0007,
+ REREAD_ALL = 0x001F,
};
typedef enum purge_flag_t purge_flag_t;
@@ -98,6 +108,7 @@ struct stroke_end_t {
char *id;
char *cert;
char *ca;
+ char *groups;
char *updown;
char *address;
char *sourceip;
diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c
index 71d99ecad..11ac592ed 100644
--- a/src/stroke/stroke_keywords.c
+++ b/src/stroke/stroke_keywords.c
@@ -1,6 +1,6 @@
/* C code produced by gperf version 3.0.1 */
/* Command-line: /usr/bin/gperf -C -G -t */
-/* Computed positions: -k'2,7' */
+/* Computed positions: -k'1,5,7' */
#if !((' ' == 32) && ('!' == 33) && ('"' == 34) && ('#' == 35) \
&& ('%' == 37) && ('&' == 38) && ('\'' == 39) && ('(' == 40) \
@@ -56,12 +56,12 @@ struct stroke_token {
stroke_keyword_t kw;
};
-#define TOTAL_KEYWORDS 22
+#define TOTAL_KEYWORDS 27
#define MIN_WORD_LENGTH 2
#define MAX_WORD_LENGTH 15
-#define MIN_HASH_VALUE 2
-#define MAX_HASH_VALUE 33
-/* maximum key range = 32, duplicates = 0 */
+#define MIN_HASH_VALUE 3
+#define MAX_HASH_VALUE 40
+/* maximum key range = 38, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -77,32 +77,32 @@ hash (str, len)
{
static const unsigned char asso_values[] =
{
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 0, 34, 0,
- 30, 0, 34, 34, 34, 5, 34, 34, 15, 34,
- 0, 0, 0, 34, 10, 5, 5, 10, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
- 34, 34, 34, 34, 34, 34
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 0, 41, 5,
+ 28, 0, 41, 5, 41, 20, 41, 41, 0, 41,
+ 41, 15, 0, 41, 10, 10, 0, 10, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 41, 41, 41
};
register int hval = len;
@@ -113,10 +113,13 @@ hash (str, len)
/*FALLTHROUGH*/
case 6:
case 5:
+ hval += asso_values[(unsigned char)str[4]];
+ /*FALLTHROUGH*/
case 4:
case 3:
case 2:
- hval += asso_values[(unsigned char)str[1]];
+ case 1:
+ hval += asso_values[(unsigned char)str[0]];
break;
}
return hval;
@@ -124,35 +127,42 @@ hash (str, len)
static const struct stroke_token wordlist[] =
{
- {""}, {""},
+ {""}, {""}, {""},
+ {"add", STROKE_ADD},
+ {""}, {""}, {""},
+ {"listall", STROKE_LIST_ALL},
+ {"loglevel", STROKE_LOGLEVEL},
+ {""},
+ {"listacerts", STROKE_LIST_ACERTS},
+ {""},
{"up", STROKE_UP},
- {"del", STROKE_DEL},
- {"down", STROKE_DOWN},
+ {"listcrls", STROKE_LIST_CRLS},
+ {"purgeocsp", STROKE_PURGE_OCSP},
{"route", STROKE_ROUTE},
- {"delete", STROKE_DELETE},
- {"unroute", STROKE_UNROUTE},
- {"loglevel", STROKE_LOGLEVEL},
+ {"listaacerts", STROKE_LIST_AACERTS},
+ {""}, {""},
{"rereadall", STROKE_REREAD_ALL},
+ {""},
+ {"listcacerts", STROKE_LIST_CACERTS},
+ {"rereadacerts", STROKE_REREAD_ACERTS,},
+ {"rereadaacerts", STROKE_REREAD_AACERTS,},
+ {"listcerts", STROKE_LIST_CERTS},
{"rereadcrls", STROKE_REREAD_CRLS},
{"status", STROKE_STATUS},
- {""},
+ {"unroute", STROKE_UNROUTE},
{"rereadcacerts", STROKE_REREAD_CACERTS},
{"statusall", STROKE_STATUSALL},
- {"rereadocspcerts", STROKE_REREAD_OCSPCERTS},
- {"listcacerts", STROKE_LIST_CACERTS},
- {""},
+ {"listgroups", STROKE_LIST_GROUPS},
+ {"del", STROKE_DEL},
+ {"down", STROKE_DOWN},
{"listocsp", STROKE_LIST_OCSP},
- {"purgeocsp", STROKE_PURGE_OCSP},
+ {"delete", STROKE_DELETE},
{""},
{"listcainfos", STROKE_LIST_CAINFOS},
{""},
{"listocspcerts", STROKE_LIST_OCSPCERTS},
- {"listcerts", STROKE_LIST_CERTS},
- {""}, {""},
- {"listall", STROKE_LIST_ALL},
- {"listcrls", STROKE_LIST_CRLS},
- {""}, {""}, {""}, {""},
- {"add", STROKE_ADD}
+ {""},
+ {"rereadocspcerts", STROKE_REREAD_OCSPCERTS}
};
#ifdef __GNUC__
diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h
index 2e7d7c385..2b4b40e52 100644
--- a/src/stroke/stroke_keywords.h
+++ b/src/stroke/stroke_keywords.h
@@ -32,12 +32,17 @@ typedef enum {
STROKE_LIST_CERTS,
STROKE_LIST_CACERTS,
STROKE_LIST_OCSPCERTS,
+ STROKE_LIST_AACERTS,
+ STROKE_LIST_ACERTS,
+ STROKE_LIST_GROUPS,
STROKE_LIST_CAINFOS,
STROKE_LIST_CRLS,
STROKE_LIST_OCSP,
STROKE_LIST_ALL,
STROKE_REREAD_CACERTS,
STROKE_REREAD_OCSPCERTS,
+ STROKE_REREAD_AACERTS,
+ STROKE_REREAD_ACERTS,
STROKE_REREAD_CRLS,
STROKE_REREAD_ALL,
STROKE_PURGE_OCSP
diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt
index 1e8afe19e..962b4c555 100644
--- a/src/stroke/stroke_keywords.txt
+++ b/src/stroke/stroke_keywords.txt
@@ -39,12 +39,17 @@ statusall, STROKE_STATUSALL
listcerts, STROKE_LIST_CERTS
listcacerts, STROKE_LIST_CACERTS
listocspcerts, STROKE_LIST_OCSPCERTS
+listaacerts, STROKE_LIST_AACERTS
+listacerts, STROKE_LIST_ACERTS
+listgroups, STROKE_LIST_GROUPS
listcainfos, STROKE_LIST_CAINFOS
listcrls, STROKE_LIST_CRLS
listocsp, STROKE_LIST_OCSP
listall, STROKE_LIST_ALL
rereadcacerts, STROKE_REREAD_CACERTS
rereadocspcerts, STROKE_REREAD_OCSPCERTS
+rereadaacerts, STROKE_REREAD_AACERTS,
+rereadacerts, STROKE_REREAD_ACERTS,
rereadcrls, STROKE_REREAD_CRLS
rereadall, STROKE_REREAD_ALL
purgeocsp, STROKE_PURGE_OCSP
diff --git a/src/whack/Makefile.in b/src/whack/Makefile.in
index d14f5e8ed..e9a7af85d 100644
--- a/src/whack/Makefile.in
+++ b/src/whack/Makefile.in
@@ -111,6 +111,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
@@ -123,6 +124,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -133,8 +135,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -156,6 +162,7 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+backenddir = @backenddir@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -165,6 +172,8 @@ build_vendor = @build_vendor@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
docdir = @docdir@
dvidir = @dvidir@
eapdir = @eapdir@
@@ -178,9 +187,13 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+interfacedir = @interfacedir@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
libdir = @libdir@
libexecdir = @libexecdir@
+linuxdir = @linuxdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
@@ -195,6 +208,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
whack_SOURCES = whack.c whack.h
INCLUDES = -I$(top_srcdir)/src/libfreeswan -I$(top_srcdir)/src/pluto
whack_LDADD = $(top_builddir)/src/libfreeswan/libfreeswan.a
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 19:32:10 +0000