diff options
Diffstat (limited to 'src/libcharon/plugins/stroke')
-rw-r--r-- | src/libcharon/plugins/stroke/Makefile.am | 2 | ||||
-rw-r--r-- | src/libcharon/plugins/stroke/Makefile.in | 8 | ||||
-rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 6 | ||||
-rw-r--r-- | src/libcharon/plugins/stroke/stroke_socket.c | 90 |
4 files changed, 64 insertions, 42 deletions
diff --git a/src/libcharon/plugins/stroke/Makefile.am b/src/libcharon/plugins/stroke/Makefile.am index 9509b1bd3..b90688791 100644 --- a/src/libcharon/plugins/stroke/Makefile.am +++ b/src/libcharon/plugins/stroke/Makefile.am @@ -7,7 +7,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-stroke.la diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index 253203de7..59a59834a 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -268,6 +268,7 @@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ @@ -286,6 +287,7 @@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ @@ -313,6 +315,7 @@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -404,6 +407,7 @@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -423,7 +427,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-stroke.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-stroke.la diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index e5e6d9246..62967b006 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -174,10 +174,12 @@ static void add_proposals(private_stroke_config_t *this, char *string, if (ike_cfg) { ike_cfg->add_proposal(ike_cfg, proposal_create_default(proto)); + ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(proto)); } else { child_cfg->add_proposal(child_cfg, proposal_create_default(proto)); + child_cfg->add_proposal(child_cfg, proposal_create_default_aead(proto)); } } @@ -1149,6 +1151,10 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, map_action(msg->add_conn.close_action), msg->add_conn.ipcomp, msg->add_conn.inactivity, msg->add_conn.reqid, &mark_in, &mark_out, msg->add_conn.tfc); + if (msg->add_conn.replay_window != -1) + { + child_cfg->set_replay_window(child_cfg, msg->add_conn.replay_window); + } child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode, msg->add_conn.install_policy); add_ts(this, &msg->add_conn.me, child_cfg, TRUE); diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 169ff2bf6..54dd56e91 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -107,6 +107,19 @@ struct private_stroke_socket_t { }; /** + * Helper macro to log configuration options, but only if they are defined. + */ +#define DBG_OPT(...) VA_ARGS_DISPATCH(DBG_OPT, __VA_ARGS__)(__VA_ARGS__) +#define DBG_OPT2(fmt, val) ({ \ + typeof(val) _val = val; \ + if (_val) { DBG2(DBG_CFG, fmt, _val); } \ +}) +#define DBG_OPT3(fmt, label, val) ({ \ + typeof(val) _val = val; \ + if (_val) { DBG2(DBG_CFG, fmt, label, _val); } \ +}) + +/** * Helper function which corrects the string pointers * in a stroke_msg_t. Strings in a stroke_msg sent over "wire" * contains RELATIVE addresses (relative to the beginning of the @@ -157,22 +170,22 @@ static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end) pop_string(msg, &end->cert_policy); pop_string(msg, &end->updown); - DBG2(DBG_CFG, " %s=%s", label, end->address); - DBG2(DBG_CFG, " %ssubnet=%s", label, end->subnets); - DBG2(DBG_CFG, " %ssourceip=%s", label, end->sourceip); - DBG2(DBG_CFG, " %sdns=%s", label, end->dns); - DBG2(DBG_CFG, " %sauth=%s", label, end->auth); - DBG2(DBG_CFG, " %sauth2=%s", label, end->auth2); - DBG2(DBG_CFG, " %sid=%s", label, end->id); - DBG2(DBG_CFG, " %sid2=%s", label, end->id2); - DBG2(DBG_CFG, " %srsakey=%s", label, end->rsakey); - DBG2(DBG_CFG, " %scert=%s", label, end->cert); - DBG2(DBG_CFG, " %scert2=%s", label, end->cert2); - DBG2(DBG_CFG, " %sca=%s", label, end->ca); - DBG2(DBG_CFG, " %sca2=%s", label, end->ca2); - DBG2(DBG_CFG, " %sgroups=%s", label, end->groups); - DBG2(DBG_CFG, " %sgroups2=%s", label, end->groups2); - DBG2(DBG_CFG, " %supdown=%s", label, end->updown); + DBG_OPT(" %s=%s", label, end->address); + DBG_OPT(" %ssubnet=%s", label, end->subnets); + DBG_OPT(" %ssourceip=%s", label, end->sourceip); + DBG_OPT(" %sdns=%s", label, end->dns); + DBG_OPT(" %sauth=%s", label, end->auth); + DBG_OPT(" %sauth2=%s", label, end->auth2); + DBG_OPT(" %sid=%s", label, end->id); + DBG_OPT(" %sid2=%s", label, end->id2); + DBG_OPT(" %srsakey=%s", label, end->rsakey); + DBG_OPT(" %scert=%s", label, end->cert); + DBG_OPT(" %scert2=%s", label, end->cert2); + DBG_OPT(" %sca=%s", label, end->ca); + DBG_OPT(" %sca2=%s", label, end->ca2); + DBG_OPT(" %sgroups=%s", label, end->groups); + DBG_OPT(" %sgroups2=%s", label, end->groups2); + DBG_OPT(" %supdown=%s", label, end->updown); } /** @@ -194,20 +207,20 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg) pop_string(msg, &msg->add_conn.algorithms.ah); pop_string(msg, &msg->add_conn.ikeme.mediated_by); pop_string(msg, &msg->add_conn.ikeme.peerid); - DBG2(DBG_CFG, " eap_identity=%s", msg->add_conn.eap_identity); - DBG2(DBG_CFG, " aaa_identity=%s", msg->add_conn.aaa_identity); - DBG2(DBG_CFG, " xauth_identity=%s", msg->add_conn.xauth_identity); - DBG2(DBG_CFG, " ike=%s", msg->add_conn.algorithms.ike); - DBG2(DBG_CFG, " esp=%s", msg->add_conn.algorithms.esp); - DBG2(DBG_CFG, " ah=%s", msg->add_conn.algorithms.ah); - DBG2(DBG_CFG, " dpddelay=%d", msg->add_conn.dpd.delay); - DBG2(DBG_CFG, " dpdtimeout=%d", msg->add_conn.dpd.timeout); - DBG2(DBG_CFG, " dpdaction=%d", msg->add_conn.dpd.action); - DBG2(DBG_CFG, " closeaction=%d", msg->add_conn.close_action); - DBG2(DBG_CFG, " mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no"); - DBG2(DBG_CFG, " mediated_by=%s", msg->add_conn.ikeme.mediated_by); - DBG2(DBG_CFG, " me_peerid=%s", msg->add_conn.ikeme.peerid); - DBG2(DBG_CFG, " keyexchange=ikev%u", msg->add_conn.version); + DBG_OPT(" eap_identity=%s", msg->add_conn.eap_identity); + DBG_OPT(" aaa_identity=%s", msg->add_conn.aaa_identity); + DBG_OPT(" xauth_identity=%s", msg->add_conn.xauth_identity); + DBG_OPT(" ike=%s", msg->add_conn.algorithms.ike); + DBG_OPT(" esp=%s", msg->add_conn.algorithms.esp); + DBG_OPT(" ah=%s", msg->add_conn.algorithms.ah); + DBG_OPT(" dpddelay=%d", msg->add_conn.dpd.delay); + DBG_OPT(" dpdtimeout=%d", msg->add_conn.dpd.timeout); + DBG_OPT(" dpdaction=%d", msg->add_conn.dpd.action); + DBG_OPT(" closeaction=%d", msg->add_conn.close_action); + DBG_OPT(" mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no"); + DBG_OPT(" mediated_by=%s", msg->add_conn.ikeme.mediated_by); + DBG_OPT(" me_peerid=%s", msg->add_conn.ikeme.peerid); + DBG_OPT(" keyexchange=ikev%u", msg->add_conn.version); this->config->add(this->config, msg); this->attribute->add_dns(this->attribute, msg); @@ -311,13 +324,13 @@ static void stroke_add_ca(private_stroke_socket_t *this, pop_string(msg, &msg->add_ca.ocspuri); pop_string(msg, &msg->add_ca.ocspuri2); pop_string(msg, &msg->add_ca.certuribase); - DBG2(DBG_CFG, "ca %s", msg->add_ca.name); - DBG2(DBG_CFG, " cacert=%s", msg->add_ca.cacert); - DBG2(DBG_CFG, " crluri=%s", msg->add_ca.crluri); - DBG2(DBG_CFG, " crluri2=%s", msg->add_ca.crluri2); - DBG2(DBG_CFG, " ocspuri=%s", msg->add_ca.ocspuri); - DBG2(DBG_CFG, " ocspuri2=%s", msg->add_ca.ocspuri2); - DBG2(DBG_CFG, " certuribase=%s", msg->add_ca.certuribase); + DBG2(DBG_CFG, "ca %s", msg->add_ca.name); + DBG_OPT(" cacert=%s", msg->add_ca.cacert); + DBG_OPT(" crluri=%s", msg->add_ca.crluri); + DBG_OPT(" crluri2=%s", msg->add_ca.crluri2); + DBG_OPT(" ocspuri=%s", msg->add_ca.ocspuri); + DBG_OPT(" ocspuri2=%s", msg->add_ca.ocspuri2); + DBG_OPT(" certuribase=%s", msg->add_ca.certuribase); this->ca->add(this->ca, msg); } @@ -584,8 +597,7 @@ static void stroke_loglevel(private_stroke_socket_t *this, } else { - group = enum_from_name(debug_names, msg->loglevel.type); - if ((int)group < 0) + if (!enum_from_name(debug_names, msg->loglevel.type, &group)) { fprintf(out, "unknown type '%s'!\n", msg->loglevel.type); return; |