diff options
Diffstat (limited to 'src/charon/config')
-rw-r--r-- | src/charon/config/attributes/attribute_manager.c | 2 | ||||
-rw-r--r-- | src/charon/config/backend_manager.c | 2 | ||||
-rw-r--r-- | src/charon/config/child_cfg.c | 30 | ||||
-rw-r--r-- | src/charon/config/child_cfg.h | 12 | ||||
-rw-r--r-- | src/charon/config/peer_cfg.c | 70 | ||||
-rw-r--r-- | src/charon/config/proposal.c | 3 |
6 files changed, 53 insertions, 66 deletions
diff --git a/src/charon/config/attributes/attribute_manager.c b/src/charon/config/attributes/attribute_manager.c index 83e431c43..bf45fdb42 100644 --- a/src/charon/config/attributes/attribute_manager.c +++ b/src/charon/config/attributes/attribute_manager.c @@ -260,7 +260,7 @@ attribute_manager_t *attribute_manager_create() this->providers = linked_list_create(); this->handlers = linked_list_create(); - this->lock = rwlock_create(RWLOCK_DEFAULT); + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); return &this->public; } diff --git a/src/charon/config/backend_manager.c b/src/charon/config/backend_manager.c index 3a3a78466..cfd611858 100644 --- a/src/charon/config/backend_manager.c +++ b/src/charon/config/backend_manager.c @@ -438,7 +438,7 @@ backend_manager_t *backend_manager_create() this->public.destroy = (void (*)(backend_manager_t*))destroy; this->backends = linked_list_create(); - this->lock = rwlock_create(RWLOCK_DEFAULT); + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); return &this->public; } diff --git a/src/charon/config/child_cfg.c b/src/charon/config/child_cfg.c index 43e41671a..990ee3fd6 100644 --- a/src/charon/config/child_cfg.c +++ b/src/charon/config/child_cfg.c @@ -345,35 +345,6 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca } /** - * Implementation of child_cfg_t.equal_traffic_selectors. - */ -bool equal_traffic_selectors(private_child_cfg_t *this, bool local, - linked_list_t *ts_list, host_t *host) -{ - linked_list_t *this_list; - traffic_selector_t *this_ts, *ts; - bool result; - - this_list = (local) ? this->my_ts : this->other_ts; - - /* currently equality is established for single traffic selectors only */ - if (this_list->get_count(this_list) != 1 || ts_list->get_count(ts_list) != 1) - { - return FALSE; - } - - this_list->get_first(this_list, (void**)&this_ts); - this_ts = this_ts->clone(this_ts); - this_ts->set_address(this_ts, host); - ts_list->get_first(ts_list, (void**)&ts); - - result = ts->equals(ts, this_ts); - - this_ts->destroy(this_ts); - return result; -} - -/** * Implementation of child_cfg_t.get_updown. */ static char* get_updown(private_child_cfg_t *this) @@ -525,7 +496,6 @@ child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime, this->public.get_name = (char* (*) (child_cfg_t*))get_name; this->public.add_traffic_selector = (void (*)(child_cfg_t*,bool,traffic_selector_t*))add_traffic_selector; this->public.get_traffic_selectors = (linked_list_t*(*)(child_cfg_t*,bool,linked_list_t*,host_t*))get_traffic_selectors; - this->public.equal_traffic_selectors = (bool (*)(child_cfg_t*,bool,linked_list_t*,host_t*))equal_traffic_selectors; this->public.add_proposal = (void (*) (child_cfg_t*,proposal_t*))add_proposal; this->public.get_proposals = (linked_list_t* (*) (child_cfg_t*,bool))get_proposals; this->public.select_proposal = (proposal_t* (*) (child_cfg_t*,linked_list_t*,bool))select_proposal; diff --git a/src/charon/config/child_cfg.h b/src/charon/config/child_cfg.h index 185fee3da..33c75701c 100644 --- a/src/charon/config/child_cfg.h +++ b/src/charon/config/child_cfg.h @@ -150,18 +150,6 @@ struct child_cfg_t { linked_list_t *(*get_traffic_selectors)(child_cfg_t *this, bool local, linked_list_t *supplied, host_t *host); - - /** - * Checks [single] traffic selectors for equality - * - * @param local TRUE for TS on local side, FALSE for remote - * @param ts list with single traffic selector to compare with - * @param host address to use for narrowing "dynamic" TS', or NULL - * @return TRUE if TS are equal, FALSE otherwise - */ - bool (*equal_traffic_selectors)(child_cfg_t *this, bool local, - linked_list_t *ts_list, host_t *host); - /** * Get the updown script to run for the CHILD_SA. * diff --git a/src/charon/config/peer_cfg.c b/src/charon/config/peer_cfg.c index da796d6a2..f096f269e 100644 --- a/src/charon/config/peer_cfg.c +++ b/src/charon/config/peer_cfg.c @@ -250,22 +250,46 @@ static enumerator_t* create_child_cfg_enumerator(private_peer_cfg_t *this) } /** - * Check if child_cfg contains traffic selectors + * Check how good a list of TS matches a given child config */ -static int contains_ts(child_cfg_t *child, bool mine, linked_list_t *ts, - host_t *host) +static int get_ts_match(child_cfg_t *cfg, bool local, + linked_list_t *sup_list, host_t *host) { - linked_list_t *selected; - int prio; + linked_list_t *cfg_list; + enumerator_t *sup_enum, *cfg_enum; + traffic_selector_t *sup_ts, *cfg_ts; + int match = 0, round; - if (child->equal_traffic_selectors(child, mine, ts, host)) + /* fetch configured TS list, narrowing dynamic TS */ + cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, host); + + /* use a round counter to rate leading TS with higher priority */ + round = sup_list->get_count(sup_list); + + sup_enum = sup_list->create_enumerator(sup_list); + while (sup_enum->enumerate(sup_enum, &sup_ts)) { - return 2; + cfg_enum = cfg_list->create_enumerator(cfg_list); + while (cfg_enum->enumerate(cfg_enum, &cfg_ts)) + { + if (cfg_ts->equals(cfg_ts, sup_ts)) + { /* equality is honored better than matches */ + match += round * 5; + } + else if (cfg_ts->is_contained_in(cfg_ts, sup_ts) || + sup_ts->is_contained_in(sup_ts, cfg_ts)) + { + match += round * 1; + } + } + cfg_enum->destroy(cfg_enum); + round--; } - selected = child->get_traffic_selectors(child, mine, ts, host); - prio = selected->get_count(selected) ? 1 : 0; - selected->destroy_offset(selected, offsetof(traffic_selector_t, destroy)); - return prio; + sup_enum->destroy(sup_enum); + + cfg_list->destroy_offset(cfg_list, offsetof(traffic_selector_t, destroy)); + + return match; } /** @@ -279,21 +303,23 @@ static child_cfg_t* select_child_cfg(private_peer_cfg_t *this, child_cfg_t *current, *found = NULL; enumerator_t *enumerator; int best = 0; - - DBG2(DBG_CFG, "looking for a child config for %#R=== %#R", my_ts, other_ts); + + DBG2(DBG_CFG, "looking for a child config for %#R=== %#R", my_ts, other_ts); enumerator = create_child_cfg_enumerator(this); while (enumerator->enumerate(enumerator, ¤t)) { - int prio = contains_ts(current, TRUE, my_ts, my_host) + - contains_ts(current, FALSE, other_ts, other_host); - - if (prio) + int my_prio, other_prio; + + my_prio = get_ts_match(current, TRUE, my_ts, my_host); + other_prio = get_ts_match(current, FALSE, other_ts, other_host); + + if (my_prio && other_prio) { - DBG2(DBG_CFG, " candidate \"%s\" with prio %d", - current->get_name(current), prio); - if (prio > best) + DBG2(DBG_CFG, " candidate \"%s\" with prio %d+%d", + current->get_name(current), my_prio, other_prio); + if (my_prio + other_prio > best) { - best = prio; + best = my_prio + other_prio; DESTROY_IF(found); found = current->get_ref(current); } @@ -637,7 +663,7 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, this->ike_version = ike_version; this->ike_cfg = ike_cfg; this->child_cfgs = linked_list_create(); - this->mutex = mutex_create(MUTEX_DEFAULT); + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->cert_policy = cert_policy; this->unique = unique; this->keyingtries = keyingtries; diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c index e2dfcca4f..cf7e19605 100644 --- a/src/charon/config/proposal.c +++ b/src/charon/config/proposal.c @@ -266,6 +266,9 @@ static bool is_authenticated_encryption(u_int16_t alg) case ENCR_AES_GCM_ICV8: case ENCR_AES_GCM_ICV12: case ENCR_AES_GCM_ICV16: + case ENCR_CAMELLIA_CCM_ICV8: + case ENCR_CAMELLIA_CCM_ICV12: + case ENCR_CAMELLIA_CCM_ICV16: return TRUE; } return FALSE; |