summaryrefslogtreecommitdiff
path: root/src/libhydra
diff options
context:
space:
mode:
Diffstat (limited to 'src/libhydra')
-rw-r--r--src/libhydra/Makefile.in3
-rw-r--r--src/libhydra/kernel/kernel_interface.c6
-rw-r--r--src/libhydra/kernel/kernel_interface.h3
-rw-r--r--src/libhydra/kernel/kernel_ipsec.h3
-rw-r--r--src/libhydra/plugins/attr/Makefile.in3
-rw-r--r--src/libhydra/plugins/attr/attr_plugin.c15
-rw-r--r--src/libhydra/plugins/attr/attr_provider.c102
-rw-r--r--src/libhydra/plugins/attr/attr_provider.h5
-rw-r--r--src/libhydra/plugins/attr_sql/Makefile.in3
-rw-r--r--src/libhydra/plugins/attr_sql/attr_sql_plugin.c9
-rw-r--r--src/libhydra/plugins/attr_sql/pool.c19
-rw-r--r--src/libhydra/plugins/attr_sql/pool_attributes.c24
-rw-r--r--src/libhydra/plugins/kernel_klips/Makefile.in3
-rw-r--r--src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c2
-rw-r--r--src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c8
-rw-r--r--src/libhydra/plugins/kernel_netlink/Makefile.in3
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c253
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c144
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c8
-rw-r--r--src/libhydra/plugins/kernel_pfkey/Makefile.in3
-rw-r--r--src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c2
-rw-r--r--src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c8
-rw-r--r--src/libhydra/plugins/kernel_pfroute/Makefile.in3
-rw-r--r--src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c121
-rw-r--r--src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c8
-rw-r--r--src/libhydra/plugins/resolve/Makefile.in3
-rw-r--r--src/libhydra/plugins/resolve/resolve_handler.c4
-rw-r--r--src/libhydra/plugins/resolve/resolve_plugin.c8
28 files changed, 483 insertions, 293 deletions
diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in
index 8b1e7384f..08c73b5e3 100644
--- a/src/libhydra/Makefile.in
+++ b/src/libhydra/Makefile.in
@@ -292,6 +292,8 @@ nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
openac_plugins = @openac_plugins@
p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
pki_plugins = @pki_plugins@
@@ -315,6 +317,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c
index 4fd5a7535..4b5b41f2b 100644
--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@@ -81,8 +81,8 @@ METHOD(kernel_interface_t, add_sa, status_t,
u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
- u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts)
+ u_int16_t cpi, bool encap, bool esn, bool inbound,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
{
if (!this->ipsec)
{
@@ -90,7 +90,7 @@ METHOD(kernel_interface_t, add_sa, status_t,
}
return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode,
- ipcomp, cpi, encap, inbound, src_ts, dst_ts);
+ ipcomp, cpi, encap, esn, inbound, src_ts, dst_ts);
}
METHOD(kernel_interface_t, update_sa, status_t,
diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h
index ec73fa1f7..471a1d5d3 100644
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -101,6 +101,7 @@ struct kernel_interface_t {
* @param ipcomp IPComp transform to use
* @param cpi CPI for IPComp
* @param encap enable UDP encapsulation for NAT traversal
+ * @param esn TRUE to use Extended Sequence Numbers
* @param inbound TRUE if this is an inbound SA
* @param src_ts traffic selector with BEET source address
* @param dst_ts traffic selector with BEET destination address
@@ -113,7 +114,7 @@ struct kernel_interface_t {
u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key,
ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- bool encap, bool inbound,
+ bool encap, bool esn, bool inbound,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
/**
diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h
index 3e2d8b9ce..ef36efd11 100644
--- a/src/libhydra/kernel/kernel_ipsec.h
+++ b/src/libhydra/kernel/kernel_ipsec.h
@@ -214,6 +214,7 @@ struct kernel_ipsec_t {
* @param ipcomp IPComp transform to use
* @param cpi CPI for IPComp
* @param encap enable UDP encapsulation for NAT traversal
+ * @param esn TRUE to use Extended Sequence Numbers
* @param inbound TRUE if this is an inbound SA
* @param src_ts traffic selector with BEET source address
* @param dst_ts traffic selector with BEET destination address
@@ -226,7 +227,7 @@ struct kernel_ipsec_t {
u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key,
ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- bool encap, bool inbound,
+ bool encap, bool esn, bool inbound,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
/**
diff --git a/src/libhydra/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in
index 2da06a89c..250ac9539 100644
--- a/src/libhydra/plugins/attr/Makefile.in
+++ b/src/libhydra/plugins/attr/Makefile.in
@@ -240,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
openac_plugins = @openac_plugins@
p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
pki_plugins = @pki_plugins@
@@ -263,6 +265,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
diff --git a/src/libhydra/plugins/attr/attr_plugin.c b/src/libhydra/plugins/attr/attr_plugin.c
index 0f66b680a..cb14495af 100644
--- a/src/libhydra/plugins/attr/attr_plugin.c
+++ b/src/libhydra/plugins/attr/attr_plugin.c
@@ -36,6 +36,19 @@ struct private_attr_plugin_t {
attr_provider_t *provider;
};
+METHOD(plugin_t, get_name, char*,
+ private_attr_plugin_t *this)
+{
+ return "attr";
+}
+
+METHOD(plugin_t, reload, bool,
+ private_attr_plugin_t *this)
+{
+ this->provider->reload(this->provider);
+ return TRUE;
+}
+
METHOD(plugin_t, destroy, void,
private_attr_plugin_t *this)
{
@@ -54,6 +67,8 @@ plugin_t *attr_plugin_create()
INIT(this,
.public = {
.plugin = {
+ .get_name = _get_name,
+ .reload = _reload,
.destroy = _destroy,
},
},
diff --git a/src/libhydra/plugins/attr/attr_provider.c b/src/libhydra/plugins/attr/attr_provider.c
index b3c0cc076..44242c259 100644
--- a/src/libhydra/plugins/attr/attr_provider.c
+++ b/src/libhydra/plugins/attr/attr_provider.c
@@ -21,6 +21,7 @@
#include <hydra.h>
#include <debug.h>
#include <utils/linked_list.h>
+#include <threading/rwlock.h>
#define SERVER_MAX 2
@@ -41,6 +42,11 @@ struct private_attr_provider_t {
* List of attributes, attribute_entry_t
*/
linked_list_t *attributes;
+
+ /**
+ * Lock for attribute list
+ */
+ rwlock_t *lock;
};
struct attribute_entry_t {
@@ -51,6 +57,15 @@ struct attribute_entry_t {
};
/**
+ * Destroy an entry
+ */
+static void attribute_destroy(attribute_entry_t *this)
+{
+ free(this->value.ptr);
+ free(this);
+}
+
+/**
* convert enumerator value from attribute_entry
*/
static bool attr_enum_filter(void *null, attribute_entry_t **in,
@@ -61,35 +76,26 @@ static bool attr_enum_filter(void *null, attribute_entry_t **in,
return TRUE;
}
-/**
- * Implementation of attribute_provider_t.create_attribute_enumerator
- */
-static enumerator_t* create_attribute_enumerator(private_attr_provider_t *this,
- char *pool, identification_t *id, host_t *vip)
+METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
+ private_attr_provider_t *this, char *pool,
+ identification_t *id, host_t *vip)
{
if (vip)
{
+ this->lock->read_lock(this->lock);
return enumerator_create_filter(
- this->attributes->create_enumerator(this->attributes),
- (void*)attr_enum_filter, NULL, NULL);
+ this->attributes->create_enumerator(this->attributes),
+ (void*)attr_enum_filter, this->lock, (void*)this->lock->unlock);
}
return enumerator_create_empty();
}
-/**
- * Implementation of attr_provider_t.destroy
- */
-static void destroy(private_attr_provider_t *this)
+METHOD(attr_provider_t, destroy, void,
+ private_attr_provider_t *this)
{
- attribute_entry_t *entry;
-
- while (this->attributes->remove_last(this->attributes,
- (void**)&entry) == SUCCESS)
- {
- free(entry->value.ptr);
- free(entry);
- }
- this->attributes->destroy(this->attributes);
+ this->attributes->destroy_function(this->attributes,
+ (void*)attribute_destroy);
+ this->lock->destroy(this->lock);
free(this);
}
@@ -129,6 +135,8 @@ static void add_legacy_entry(private_attr_provider_t *this, char *key, int nr,
entry->type = type;
entry->value = chunk_clone(host->get_address(host));
host->destroy(host);
+ DBG2(DBG_CFG, "loaded legacy entry attribute %N: %#B",
+ configuration_attribute_type_names, entry->type, &entry->value);
this->attributes->insert_last(this->attributes, entry);
}
}
@@ -158,6 +166,13 @@ static void load_entries(private_attr_provider_t *this)
{
enumerator_t *enumerator, *tokens;
char *key, *value, *token;
+ int i;
+
+ for (i = 1; i <= SERVER_MAX; i++)
+ {
+ add_legacy_entry(this, "dns", i, INTERNAL_IP4_DNS);
+ add_legacy_entry(this, "nbns", i, INTERNAL_IP4_NBNS);
+ }
enumerator = lib->settings->create_key_value_enumerator(lib->settings,
"%s.plugins.attr", hydra->daemon);
@@ -231,6 +246,8 @@ static void load_entries(private_attr_provider_t *this)
}
}
host->destroy(host);
+ DBG2(DBG_CFG, "loaded attribute %N: %#B",
+ configuration_attribute_type_names, entry->type, &entry->value);
this->attributes->insert_last(this->attributes, entry);
}
tokens->destroy(tokens);
@@ -238,28 +255,43 @@ static void load_entries(private_attr_provider_t *this)
enumerator->destroy(enumerator);
}
+METHOD(attr_provider_t, reload, void,
+ private_attr_provider_t *this)
+{
+ this->lock->write_lock(this->lock);
+
+ this->attributes->destroy_function(this->attributes, (void*)attribute_destroy);
+ this->attributes = linked_list_create();
+
+ load_entries(this);
+
+ DBG1(DBG_CFG, "loaded %d entr%s for attr plugin configuration",
+ this->attributes->get_count(this->attributes),
+ this->attributes->get_count(this->attributes) == 1 ? "y" : "ies");
+
+ this->lock->unlock(this->lock);
+}
+
/*
* see header file
*/
attr_provider_t *attr_provider_create(database_t *db)
{
private_attr_provider_t *this;
- int i;
-
- this = malloc_thing(private_attr_provider_t);
-
- this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))return_null;
- this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))return_false;
- this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, char *names, identification_t *id, host_t *vip))create_attribute_enumerator;
- this->public.destroy = (void(*)(attr_provider_t*))destroy;
-
- this->attributes = linked_list_create();
- for (i = 1; i <= SERVER_MAX; i++)
- {
- add_legacy_entry(this, "dns", i, INTERNAL_IP4_DNS);
- add_legacy_entry(this, "nbns", i, INTERNAL_IP4_NBNS);
- }
+ INIT(this,
+ .public = {
+ .provider = {
+ .acquire_address = (void*)return_null,
+ .release_address = (void*)return_false,
+ .create_attribute_enumerator = _create_attribute_enumerator,
+ },
+ .reload = _reload,
+ .destroy = _destroy,
+ },
+ .attributes = linked_list_create(),
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
load_entries(this);
diff --git a/src/libhydra/plugins/attr/attr_provider.h b/src/libhydra/plugins/attr/attr_provider.h
index a41466718..17db30408 100644
--- a/src/libhydra/plugins/attr/attr_provider.h
+++ b/src/libhydra/plugins/attr/attr_provider.h
@@ -36,6 +36,11 @@ struct attr_provider_t {
attribute_provider_t provider;
/**
+ * Reload configuration from strongswan.conf.
+ */
+ void (*reload)(attr_provider_t *this);
+
+ /**
* Destroy a attr_provider instance.
*/
void (*destroy)(attr_provider_t *this);
diff --git a/src/libhydra/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in
index 26e7a3038..80d497f59 100644
--- a/src/libhydra/plugins/attr_sql/Makefile.in
+++ b/src/libhydra/plugins/attr_sql/Makefile.in
@@ -253,6 +253,8 @@ nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
openac_plugins = @openac_plugins@
p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
pki_plugins = @pki_plugins@
@@ -276,6 +278,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
diff --git a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
index ca9de023e..c04ec9a01 100644
--- a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
+++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
@@ -40,9 +40,14 @@ struct private_attr_sql_plugin_t {
* configuration attributes
*/
sql_attribute_t *attribute;
-
};
+METHOD(plugin_t, get_name, char*,
+ private_attr_sql_plugin_t *this)
+{
+ return "attr-sql";
+}
+
METHOD(plugin_t, destroy, void,
private_attr_sql_plugin_t *this)
{
@@ -71,6 +76,8 @@ plugin_t *attr_sql_plugin_create()
INIT(this,
.public = {
.plugin = {
+ .get_name = _get_name,
+ .reload = (void*)return_false,
.destroy = _destroy,
},
},
diff --git a/src/libhydra/plugins/attr_sql/pool.c b/src/libhydra/plugins/attr_sql/pool.c
index b4bdfc629..e81a23ed9 100644
--- a/src/libhydra/plugins/attr_sql/pool.c
+++ b/src/libhydra/plugins/attr_sql/pool.c
@@ -379,7 +379,7 @@ static void add(char *name, host_t *start, host_t *end, int timeout)
chunk_increment(cur_addr);
}
commit_transaction();
- printf("done.\n", count);
+ printf("done.\n");
}
static bool add_address(u_int pool_id, char *address_str, int *family)
@@ -407,9 +407,11 @@ static bool add_address(u_int pool_id, char *address_str, int *family)
fprintf(stderr, "invalid address '%s'.\n", address_str);
return FALSE;
}
- if (family && *family && *family != address->get_family(address))
+ if (family && *family != AF_UNSPEC &&
+ *family != address->get_family(address))
{
fprintf(stderr, "invalid address family '%s'.\n", address_str);
+ address->destroy(address);
return FALSE;
}
@@ -421,9 +423,13 @@ static bool add_address(u_int pool_id, char *address_str, int *family)
DB_UINT, user_id, DB_UINT, 0, DB_UINT, 1) != 1)
{
fprintf(stderr, "inserting address '%s' failed.\n", address_str);
+ address->destroy(address);
return FALSE;
}
- *family = address->get_family(address);
+ if (family)
+ {
+ *family = address->get_family(address);
+ }
address->destroy(address);
return TRUE;
@@ -469,6 +475,10 @@ static void add_addresses(char *pool, char *path, int timeout)
}
if (add_address(pool_id, address_str, &family) == FALSE)
{
+ if (file != stdin)
+ {
+ fclose(file);
+ }
exit(EXIT_FAILURE);
}
++count;
@@ -586,7 +596,7 @@ static void resize(char *name, host_t *end)
DB_UINT, id, DB_BLOB, cur_addr, DB_UINT, 0, DB_UINT, 0, DB_UINT, 1);
}
commit_transaction();
- printf("done.\n", count);
+ printf("done.\n");
}
@@ -1004,6 +1014,7 @@ static void do_args(int argc, char *argv[])
break;
case '1':
operation = OP_STATUS_ATTR;
+ break;
case 'u':
utc = TRUE;
continue;
diff --git a/src/libhydra/plugins/attr_sql/pool_attributes.c b/src/libhydra/plugins/attr_sql/pool_attributes.c
index 5f7afdfcd..5c7397476 100644
--- a/src/libhydra/plugins/attr_sql/pool_attributes.c
+++ b/src/libhydra/plugins/attr_sql/pool_attributes.c
@@ -241,7 +241,7 @@ static bool parse_attributes(char *name, char *value, value_type_t *value_type,
/* clean up */
DESTROY_IF(addr);
- /* is the attribute type numeric? */
+ /* is the attribute type numeric? */
*type = strtol(name, &endptr, 10);
if (*endptr != '\0')
@@ -262,7 +262,7 @@ static bool parse_attributes(char *name, char *value, value_type_t *value_type,
}
return TRUE;
}
-
+
/**
* Lookup/insert an attribute pool by name
*/
@@ -541,11 +541,11 @@ void del_attr(char *name, char *pool, char *identity,
}
}
else
- {
+ {
if (value_type == VALUE_ADDR)
{
host_t *server = host_create_from_chunk(AF_UNSPEC, blob, 0);
-
+
fprintf(stderr, "the %s server %H%s was not found.\n", name,
server, id_pool_str);
server->destroy(server);
@@ -630,7 +630,7 @@ void status_attr(bool hexout)
if (type == attr_info[i].type)
{
value_type = attr_info[i].value_type;
- break;
+ break;
}
}
}
@@ -671,8 +671,8 @@ void status_attr(bool hexout)
}
break;
case VALUE_STRING:
- printf("\"%.*s\"\n", value.len, value.ptr);
- break;
+ printf("\"%.*s\"\n", (int)value.len, value.ptr);
+ break;
case VALUE_HEX:
default:
printf(" %#B\n", &value);
@@ -692,13 +692,13 @@ void show_attr(void)
for (i = 0; i < countof(attr_info); i++)
{
char value_name[10];
-
-
+
+
snprintf(value_name, sizeof(value_name), "%N",
value_type_names, attr_info[i].value_type);
-
- printf("%-20s --%-6s (%N",
- attr_info[i].keyword, value_name,
+
+ printf("%-20s --%-6s (%N",
+ attr_info[i].keyword, value_name,
configuration_attribute_type_names, attr_info[i].type);
if (attr_info[i].type_ip6)
diff --git a/src/libhydra/plugins/kernel_klips/Makefile.in b/src/libhydra/plugins/kernel_klips/Makefile.in
index 7d2464456..5f6512b44 100644
--- a/src/libhydra/plugins/kernel_klips/Makefile.in
+++ b/src/libhydra/plugins/kernel_klips/Makefile.in
@@ -244,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
openac_plugins = @openac_plugins@
p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
pki_plugins = @pki_plugins@
@@ -267,6 +269,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
index cf9a3e1fd..ff4f0ed55 100644
--- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -1671,7 +1671,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
- u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound,
+ u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
{
unsigned char request[PFKEY_BUFFER_SIZE];
diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c b/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c
index 3c312ca2b..7fe47f630 100644
--- a/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c
+++ b/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c
@@ -32,6 +32,12 @@ struct private_kernel_klips_plugin_t {
kernel_klips_plugin_t public;
};
+METHOD(plugin_t, get_name, char*,
+ private_kernel_klips_plugin_t *this)
+{
+ return "kernel-klips";
+}
+
METHOD(plugin_t, destroy, void,
private_kernel_klips_plugin_t *this)
{
@@ -50,6 +56,8 @@ plugin_t *kernel_klips_plugin_create()
INIT(this,
.public = {
.plugin = {
+ .get_name = _get_name,
+ .reload = (void*)return_false,
.destroy = _destroy,
},
},
diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in
index c7404fe06..78dfb1b54 100644
--- a/src/libhydra/plugins/kernel_netlink/Makefile.in
+++ b/src/libhydra/plugins/kernel_netlink/Makefile.in
@@ -245,6 +245,8 @@ nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
openac_plugins = @openac_plugins@
p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
pki_plugins = @pki_plugins@
@@ -268,6 +270,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 4dc80785c..8b2a1aa77 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -61,6 +61,9 @@
#define PRIO_LOW 1024
#define PRIO_HIGH 512
+/** default replay window size, if not set using charon.replay_window */
+#define DEFAULT_REPLAY_WINDOW 32
+
/**
* map the limit for bytes and packets to XFRM_INF per default
*/
@@ -348,6 +351,16 @@ struct private_kernel_netlink_ipsec_t {
* whether to install routes along policies
*/
bool install_routes;
+
+ /**
+ * Size of the replay window, in packets
+ */
+ u_int32_t replay_window;
+
+ /**
+ * Size of the replay window bitmap, in bytes
+ */
+ u_int32_t replay_bmp;
};
/**
@@ -868,7 +881,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
- u_int16_t cpi, bool encap, bool inbound,
+ u_int16_t cpi, bool encap, bool esn, bool inbound,
traffic_selector_t* src_ts, traffic_selector_t* dst_ts)
{
netlink_buf_t request;
@@ -876,6 +889,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
struct nlmsghdr *hdr;
struct xfrm_usersa_info *sa;
u_int16_t icv_size = 64;
+ status_t status = FAILED;
/* if IPComp is used, we install an additional IPComp SA. if the cpi is 0
* we are in the recursive call below */
@@ -884,7 +898,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}};
add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, tfc,
&lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty,
- mode, ipcomp, 0, FALSE, inbound, NULL, NULL);
+ mode, ipcomp, 0, FALSE, FALSE, inbound, NULL, NULL);
ipcomp = IPCOMP_NONE;
/* use transport mode ESP SA, IPComp uses tunnel mode */
mode = MODE_TRANSPORT;
@@ -930,7 +944,6 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
break;
}
- sa->replay_window = (protocol == IPPROTO_COMP) ? 0 : 32;
sa->reqid = reqid;
sa->lft.soft_byte_limit = XFRM_LIMIT(lifetime->bytes.rekey);
sa->lft.hard_byte_limit = XFRM_LIMIT(lifetime->bytes.life);
@@ -971,17 +984,17 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
{
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
encryption_algorithm_names, enc_alg);
- return FAILED;
+ goto failed;
}
DBG2(DBG_KNL, " using encryption algorithm %N with key size %d",
encryption_algorithm_names, enc_alg, enc_key.len * 8);
rthdr->rta_type = XFRMA_ALG_AEAD;
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_aead) + enc_key.len);
- hdr->nlmsg_len += rthdr->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
algo = (struct xfrm_algo_aead*)RTA_DATA(rthdr);
@@ -1002,17 +1015,17 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
{
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
encryption_algorithm_names, enc_alg);
- return FAILED;
+ goto failed;
}
DBG2(DBG_KNL, " using encryption algorithm %N with key size %d",
encryption_algorithm_names, enc_alg, enc_key.len * 8);
rthdr->rta_type = XFRMA_ALG_CRYPT;
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + enc_key.len);
- hdr->nlmsg_len += rthdr->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
algo = (struct xfrm_algo*)RTA_DATA(rthdr);
@@ -1031,7 +1044,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
{
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
integrity_algorithm_names, int_alg);
- return FAILED;
+ goto failed;
}
DBG2(DBG_KNL, " using integrity algorithm %N with key size %d",
integrity_algorithm_names, int_alg, int_key.len * 8);
@@ -1045,10 +1058,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
rthdr->rta_type = XFRMA_ALG_AUTH_TRUNC;
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_auth) + int_key.len);
- hdr->nlmsg_len += rthdr->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr);
@@ -1064,10 +1077,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
rthdr->rta_type = XFRMA_ALG_AUTH;
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + int_key.len);
- hdr->nlmsg_len += rthdr->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
algo = (struct xfrm_algo*)RTA_DATA(rthdr);
@@ -1086,16 +1099,16 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
{
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
ipcomp_transform_names, ipcomp);
- return FAILED;
+ goto failed;
}
DBG2(DBG_KNL, " using compression algorithm %N",
ipcomp_transform_names, ipcomp);
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo));
- hdr->nlmsg_len += rthdr->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr);
@@ -1112,10 +1125,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
rthdr->rta_type = XFRMA_ENCAP;
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_encap_tmpl));
- hdr->nlmsg_len += rthdr->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
tmpl = (struct xfrm_encap_tmpl*)RTA_DATA(rthdr);
@@ -1142,10 +1155,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
rthdr->rta_type = XFRMA_MARK;
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark));
- hdr->nlmsg_len += rthdr->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
mrk = (struct xfrm_mark*)RTA_DATA(rthdr);
@@ -1161,10 +1174,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
rthdr->rta_type = XFRMA_TFCPAD;
rthdr->rta_len = RTA_LENGTH(sizeof(u_int32_t));
- hdr->nlmsg_len += rthdr->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
tfcpad = (u_int32_t*)RTA_DATA(rthdr);
@@ -1172,6 +1185,41 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
rthdr = XFRM_RTA_NEXT(rthdr);
}
+ if (protocol != IPPROTO_COMP)
+ {
+ if (esn || this->replay_window > DEFAULT_REPLAY_WINDOW)
+ {
+ /* for ESN or larger replay windows we need the new
+ * XFRMA_REPLAY_ESN_VAL attribute to configure a bitmap */
+ struct xfrm_replay_state_esn *replay;
+
+ rthdr->rta_type = XFRMA_REPLAY_ESN_VAL;
+ rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_replay_state_esn) +
+ (this->replay_window + 7) / 8);
+
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
+ if (hdr->nlmsg_len > sizeof(request))
+ {
+ goto failed;
+ }
+
+ replay = (struct xfrm_replay_state_esn*)RTA_DATA(rthdr);
+ /* bmp_len contains number uf __u32's */
+ replay->bmp_len = this->replay_bmp;
+ replay->replay_window = this->replay_window;
+
+ rthdr = XFRM_RTA_NEXT(rthdr);
+ if (esn)
+ {
+ sa->flags |= XFRM_STATE_ESN;
+ }
+ }
+ else
+ {
+ sa->replay_window = DEFAULT_REPLAY_WINDOW;
+ }
+ }
+
if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS)
{
if (mark.value)
@@ -1183,17 +1231,25 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
{
DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi));
}
- return FAILED;
+ goto failed;
}
- return SUCCESS;
+
+ status = SUCCESS;
+
+failed:
+ memwipe(request, sizeof(request));
+ return status;
}
/**
- * Get the replay state (i.e. sequence numbers) of an SA.
+ * Get the ESN replay state (i.e. sequence numbers) of an SA.
+ *
+ * Allocates into one the replay state structure we get from the kernel.
*/
-static status_t get_replay_state(private_kernel_netlink_ipsec_t *this,
- u_int32_t spi, u_int8_t protocol, host_t *dst,
- struct xfrm_replay_state *replay)
+static void get_replay_state(private_kernel_netlink_ipsec_t *this,
+ u_int32_t spi, u_int8_t protocol, host_t *dst,
+ struct xfrm_replay_state_esn **replay_esn,
+ struct xfrm_replay_state **replay)
{
netlink_buf_t request;
struct nlmsghdr *hdr, *out = NULL;
@@ -1204,7 +1260,8 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this,
memset(&request, 0, sizeof(request));
- DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x", ntohl(spi));
+ DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x",
+ ntohl(spi));
hdr = (struct nlmsghdr*)request;
hdr->nlmsg_flags = NLM_F_REQUEST;
@@ -1248,32 +1305,30 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this,
}
}
- if (out_aevent == NULL)
+ if (out_aevent)
{
- DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI %.8x",
- ntohl(spi));
- free(out);
- return FAILED;
- }
-
- rta = XFRM_RTA(out, struct xfrm_aevent_id);
- rtasize = XFRM_PAYLOAD(out, struct xfrm_aevent_id);
- while(RTA_OK(rta, rtasize))
- {
- if (rta->rta_type == XFRMA_REPLAY_VAL &&
- RTA_PAYLOAD(rta) == sizeof(struct xfrm_replay_state))
+ rta = XFRM_RTA(out, struct xfrm_aevent_id);
+ rtasize = XFRM_PAYLOAD(out, struct xfrm_aevent_id);
+ while (RTA_OK(rta, rtasize))
{
- memcpy(replay, RTA_DATA(rta), RTA_PAYLOAD(rta));
- free(out);
- return SUCCESS;
+ if (rta->rta_type == XFRMA_REPLAY_VAL &&
+ RTA_PAYLOAD(rta) == sizeof(**replay))
+ {
+ *replay = malloc(RTA_PAYLOAD(rta));
+ memcpy(*replay, RTA_DATA(rta), RTA_PAYLOAD(rta));
+ break;
+ }
+ if (rta->rta_type == XFRMA_REPLAY_ESN_VAL &&
+ RTA_PAYLOAD(rta) >= sizeof(**replay_esn) + this->replay_bmp)
+ {
+ *replay_esn = malloc(RTA_PAYLOAD(rta));
+ memcpy(*replay_esn, RTA_DATA(rta), RTA_PAYLOAD(rta));
+ break;
+ }
+ rta = RTA_NEXT(rta, rtasize);
}
- rta = RTA_NEXT(rta, rtasize);
}
-
- DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI %.8x",
- ntohl(spi));
free(out);
- return FAILED;
}
METHOD(kernel_ipsec_t, query_sa, status_t,
@@ -1284,6 +1339,7 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
struct nlmsghdr *out = NULL, *hdr;
struct xfrm_usersa_id *sa_id;
struct xfrm_usersa_info *sa = NULL;
+ status_t status = FAILED;
size_t len;
memset(&request, 0, sizeof(request));
@@ -1315,7 +1371,7 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
rthdr->rta_type = XFRMA_MARK;
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark));
- hdr->nlmsg_len += rthdr->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
return FAILED;
@@ -1370,13 +1426,15 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
if (sa == NULL)
{
DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi));
- free(out);
- return FAILED;
}
- *bytes = sa->curlft.bytes;
-
+ else
+ {
+ *bytes = sa->curlft.bytes;
+ status = SUCCESS;
+ }
+ memwipe(out, len);
free(out);
- return SUCCESS;
+ return status;
}
METHOD(kernel_ipsec_t, del_sa, status_t,
@@ -1422,7 +1480,7 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
rthdr->rta_type = XFRMA_MARK;
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark));
- hdr->nlmsg_len += rthdr->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
return FAILED;
@@ -1472,8 +1530,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
struct rtattr *rta;
size_t rtasize;
struct xfrm_encap_tmpl* tmpl = NULL;
- bool got_replay_state = FALSE;
- struct xfrm_replay_state replay;
+ struct xfrm_replay_state *replay = NULL;
+ struct xfrm_replay_state_esn *replay_esn = NULL;
+ status_t status = FAILED;
/* if IPComp is used, we first update the IPComp SA */
if (cpi)
@@ -1529,22 +1588,16 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
if (out_sa == NULL)
{
DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi));
- free(out);
- return FAILED;
+ goto failed;
}
- /* try to get the replay state */
- if (get_replay_state(this, spi, protocol, dst, &replay) == SUCCESS)
- {
- got_replay_state = TRUE;
- }
+ get_replay_state(this, spi, protocol, dst, &replay_esn, &replay);
/* delete the old SA (without affecting the IPComp SA) */
if (del_sa(this, src, dst, spi, protocol, 0, mark) != SUCCESS)
{
DBG1(DBG_KNL, "unable to delete old SAD entry with SPI %.8x", ntohl(spi));
- free(out);
- return FAILED;
+ goto failed;
}
DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H",
@@ -1594,10 +1647,10 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
rta->rta_type = XFRMA_ENCAP;
rta->rta_len = RTA_LENGTH(sizeof(struct xfrm_encap_tmpl));
- hdr->nlmsg_len += rta->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rta->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
tmpl = (struct xfrm_encap_tmpl*)RTA_DATA(rta);
@@ -1609,30 +1662,56 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
rta = XFRM_RTA_NEXT(rta);
}
- if (got_replay_state)
- { /* copy the replay data if available */
+ if (replay_esn)
+ {
+ rta->rta_type = XFRMA_REPLAY_ESN_VAL;
+ rta->rta_len = RTA_LENGTH(sizeof(struct xfrm_replay_state_esn) +
+ this->replay_bmp);
+
+ hdr->nlmsg_len += RTA_ALIGN(rta->rta_len);
+ if (hdr->nlmsg_len > sizeof(request))
+ {
+ goto failed;
+ }
+ memcpy(RTA_DATA(rta), replay_esn,
+ sizeof(struct xfrm_replay_state_esn) + this->replay_bmp);
+
+ rta = XFRM_RTA_NEXT(rta);
+ }
+ else if (replay)
+ {
rta->rta_type = XFRMA_REPLAY_VAL;
rta->rta_len = RTA_LENGTH(sizeof(struct xfrm_replay_state));
- hdr->nlmsg_len += rta->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rta->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
- return FAILED;
+ goto failed;
}
- memcpy(RTA_DATA(rta), &replay, sizeof(replay));
+ memcpy(RTA_DATA(rta), replay, sizeof(replay));
rta = XFRM_RTA_NEXT(rta);
}
+ else
+ {
+ DBG1(DBG_KNL, "unable to copy replay state from old SAD entry "
+ "with SPI %.8x", ntohl(spi));
+ }
if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS)
{
DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi));
- free(out);
- return FAILED;
+ goto failed;
}
+
+ status = SUCCESS;
+failed:
+ free(replay);
+ free(replay_esn);
+ memwipe(out, len);
free(out);
- return SUCCESS;
+ return status;
}
METHOD(kernel_ipsec_t, add_policy, status_t,
@@ -1757,7 +1836,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
}
rthdr->rta_len += RTA_LENGTH(sizeof(struct xfrm_user_tmpl));
- hdr->nlmsg_len += RTA_LENGTH(sizeof(struct xfrm_user_tmpl));
+ hdr->nlmsg_len += RTA_ALIGN(RTA_LENGTH(sizeof(struct xfrm_user_tmpl)));
if (hdr->nlmsg_len > sizeof(request))
{
return FAILED;
@@ -1793,7 +1872,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
rthdr->rta_type = XFRMA_MARK;
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark));
- hdr->nlmsg_len += rthdr->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
return FAILED;
@@ -1912,7 +1991,7 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
rthdr->rta_type = XFRMA_MARK;
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark));
- hdr->nlmsg_len += rthdr->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
return FAILED;
@@ -2054,7 +2133,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
rthdr->rta_type = XFRMA_MARK;
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark));
- hdr->nlmsg_len += rthdr->rta_len;
+ hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
if (hdr->nlmsg_len > sizeof(request))
{
return FAILED;
@@ -2195,10 +2274,14 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
(hashtable_equals_t)policy_equals, 32),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.install_routes = lib->settings->get_bool(lib->settings,
- "%s.install_routes", TRUE,
- hydra->daemon),
+ "%s.install_routes", TRUE, hydra->daemon),
+ .replay_window = lib->settings->get_int(lib->settings,
+ "%s.replay_window", DEFAULT_REPLAY_WINDOW, hydra->daemon),
);
+ this->replay_bmp = (this->replay_window + sizeof(u_int32_t) * 8 - 1) /
+ (sizeof(u_int32_t) * 8);
+
if (streq(hydra->daemon, "pluto"))
{ /* no routes for pluto, they are installed via updown script */
this->install_routes = FALSE;
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index 314c1acc1..8315ed310 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -350,7 +350,7 @@ static void process_link(private_kernel_netlink_net_t *this,
entry->addrs = linked_list_create();
this->ifaces->insert_last(this->ifaces, entry);
}
- memcpy(entry->ifname, name, IFNAMSIZ);
+ strncpy(entry->ifname, name, IFNAMSIZ);
entry->ifname[IFNAMSIZ-1] = '\0';
if (event)
{
@@ -534,6 +534,7 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h
switch (rta->rta_type)
{
case RTA_PREFSRC:
+ DESTROY_IF(host);
host = host_create_from_chunk(msg->rtm_family,
chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)), 0);
break;
@@ -652,7 +653,8 @@ static void address_enumerator_destroy(address_enumerator_t *data)
/**
* filter for addresses
*/
-static bool filter_addresses(address_enumerator_t *data, addr_entry_t** in, host_t** out)
+static bool filter_addresses(address_enumerator_t *data,
+ addr_entry_t** in, host_t** out)
{
if (!data->include_virtual_ips && (*in)->virtual)
{ /* skip virtual interfaces added by us */
@@ -669,16 +671,19 @@ static bool filter_addresses(address_enumerator_t *data, addr_entry_t** in, host
/**
* enumerator constructor for interfaces
*/
-static enumerator_t *create_iface_enumerator(iface_entry_t *iface, address_enumerator_t *data)
+static enumerator_t *create_iface_enumerator(iface_entry_t *iface,
+ address_enumerator_t *data)
{
- return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs),
+ return enumerator_create_filter(
+ iface->addrs->create_enumerator(iface->addrs),
(void*)filter_addresses, data, NULL);
}
/**
* filter for interfaces
*/
-static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, iface_entry_t** out)
+static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
+ iface_entry_t** out)
{
if (!data->include_down_ifaces && !((*in)->flags & IFF_UP))
{ /* skip interfaces not up */
@@ -688,11 +693,9 @@ static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, if
return TRUE;
}
-/**
- * implementation of kernel_net_t.create_address_enumerator
- */
-static enumerator_t *create_address_enumerator(private_kernel_netlink_net_t *this,
- bool include_down_ifaces, bool include_virtual_ips)
+METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
+ private_kernel_netlink_net_t *this,
+ bool include_down_ifaces, bool include_virtual_ips)
{
address_enumerator_t *data = malloc_thing(address_enumerator_t);
data->this = this;
@@ -701,15 +704,15 @@ static enumerator_t *create_address_enumerator(private_kernel_netlink_net_t *thi
this->mutex->lock(this->mutex);
return enumerator_create_nested(
- enumerator_create_filter(this->ifaces->create_enumerator(this->ifaces),
- (void*)filter_interfaces, data, NULL),
- (void*)create_iface_enumerator, data, (void*)address_enumerator_destroy);
+ enumerator_create_filter(
+ this->ifaces->create_enumerator(this->ifaces),
+ (void*)filter_interfaces, data, NULL),
+ (void*)create_iface_enumerator, data,
+ (void*)address_enumerator_destroy);
}
-/**
- * implementation of kernel_net_t.get_interface_name
- */
-static char *get_interface_name(private_kernel_netlink_net_t *this, host_t* ip)
+METHOD(kernel_net_t, get_interface_name, char*,
+ private_kernel_netlink_net_t *this, host_t* ip)
{
enumerator_t *ifaces, *addrs;
iface_entry_t *iface;
@@ -1036,19 +1039,14 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
return src;
}
-/**
- * Implementation of kernel_net_t.get_source_addr.
- */
-static host_t* get_source_addr(private_kernel_netlink_net_t *this,
- host_t *dest, host_t *src)
+METHOD(kernel_net_t, get_source_addr, host_t*,
+ private_kernel_netlink_net_t *this, host_t *dest, host_t *src)
{
return get_route(this, dest, FALSE, src);
}
-/**
- * Implementation of kernel_net_t.get_nexthop.
- */
-static host_t* get_nexthop(private_kernel_netlink_net_t *this, host_t *dest)
+METHOD(kernel_net_t, get_nexthop, host_t*,
+ private_kernel_netlink_net_t *this, host_t *dest)
{
return get_route(this, dest, TRUE, NULL);
}
@@ -1086,11 +1084,8 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type
return this->socket->send_ack(this->socket, hdr);
}
-/**
- * Implementation of kernel_net_t.add_ip.
- */
-static status_t add_ip(private_kernel_netlink_net_t *this,
- host_t *virtual_ip, host_t *iface_ip)
+METHOD(kernel_net_t, add_ip, status_t,
+ private_kernel_netlink_net_t *this, host_t *virtual_ip, host_t *iface_ip)
{
iface_entry_t *iface;
addr_entry_t *addr;
@@ -1165,10 +1160,8 @@ static status_t add_ip(private_kernel_netlink_net_t *this,
return FAILED;
}
-/**
- * Implementation of kernel_net_t.del_ip.
- */
-static status_t del_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip)
+METHOD(kernel_net_t, del_ip, status_t,
+ private_kernel_netlink_net_t *this, host_t *virtual_ip)
{
iface_entry_t *iface;
addr_entry_t *addr;
@@ -1296,21 +1289,17 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_ty
return this->socket->send_ack(this->socket, hdr);
}
-/**
- * Implementation of kernel_net_t.add_route.
- */
-static status_t add_route(private_kernel_netlink_net_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+METHOD(kernel_net_t, add_route, status_t,
+ private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
+ host_t *gateway, host_t *src_ip, char *if_name)
{
return manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
dst_net, prefixlen, gateway, src_ip, if_name);
}
-/**
- * Implementation of kernel_net_t.del_route.
- */
-static status_t del_route(private_kernel_netlink_net_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+METHOD(kernel_net_t, del_route, status_t,
+ private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
+ host_t *gateway, host_t *src_ip, char *if_name)
{
return manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen,
gateway, src_ip, if_name);
@@ -1441,10 +1430,8 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
return this->socket->send_ack(this->socket, hdr);
}
-/**
- * Implementation of kernel_netlink_net_t.destroy.
- */
-static void destroy(private_kernel_netlink_net_t *this)
+METHOD(kernel_net_t, destroy, void,
+ private_kernel_netlink_net_t *this)
{
if (this->routing_table)
{
@@ -1474,37 +1461,41 @@ static void destroy(private_kernel_netlink_net_t *this)
*/
kernel_netlink_net_t *kernel_netlink_net_create()
{
- private_kernel_netlink_net_t *this = malloc_thing(private_kernel_netlink_net_t);
+ private_kernel_netlink_net_t *this;
struct sockaddr_nl addr;
enumerator_t *enumerator;
char *exclude;
- /* public functions */
- this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name;
- this->public.interface.create_address_enumerator = (enumerator_t*(*)(kernel_net_t*,bool,bool))create_address_enumerator;
- this->public.interface.get_source_addr = (host_t*(*)(kernel_net_t*, host_t *dest, host_t *src))get_source_addr;
- this->public.interface.get_nexthop = (host_t*(*)(kernel_net_t*, host_t *dest))get_nexthop;
- this->public.interface.add_ip = (status_t(*)(kernel_net_t*,host_t*,host_t*)) add_ip;
- this->public.interface.del_ip = (status_t(*)(kernel_net_t*,host_t*)) del_ip;
- this->public.interface.add_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route;
- this->public.interface.del_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route;
- this->public.interface.destroy = (void(*)(kernel_net_t*)) destroy;
-
- /* private members */
- this->ifaces = linked_list_create();
- this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
- this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ INIT(this,
+ .public = {
+ .interface = {
+ .get_interface = _get_interface_name,
+ .create_address_enumerator = _create_address_enumerator,
+ .get_source_addr = _get_source_addr,
+ .get_nexthop = _get_nexthop,
+ .add_ip = _add_ip,
+ .del_ip = _del_ip,
+ .add_route = _add_route,
+ .del_route = _del_route,
+ .destroy = _destroy,
+ },
+ },
+ .socket = netlink_socket_create(NETLINK_ROUTE),
+ .rt_exclude = linked_list_create(),
+ .ifaces = linked_list_create(),
+ .mutex = mutex_create(MUTEX_TYPE_RECURSIVE),
+ .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
+ .routing_table = lib->settings->get_int(lib->settings,
+ "%s.routing_table", ROUTING_TABLE, hydra->daemon),
+ .routing_table_prio = lib->settings->get_int(lib->settings,
+ "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon),
+ .process_route = lib->settings->get_bool(lib->settings,
+ "%s.process_route", TRUE, hydra->daemon),
+ .install_virtual_ip = lib->settings->get_bool(lib->settings,
+ "%s.install_virtual_ip", TRUE, hydra->daemon),
+ );
timerclear(&this->last_roam);
- this->routing_table = lib->settings->get_int(lib->settings,
- "%s.routing_table", ROUTING_TABLE, hydra->daemon);
- this->routing_table_prio = lib->settings->get_int(lib->settings,
- "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon);
- this->process_route = lib->settings->get_bool(lib->settings,
- "%s.process_route", TRUE, hydra->daemon);
- this->install_virtual_ip = lib->settings->get_bool(lib->settings,
- "%s.install_virtual_ip", TRUE, hydra->daemon);
-
- this->rt_exclude = linked_list_create();
+
exclude = lib->settings->get_str(lib->settings,
"%s.ignore_routing_tables", NULL, hydra->daemon);
if (exclude)
@@ -1526,9 +1517,6 @@ kernel_netlink_net_t *kernel_netlink_net_create()
enumerator->destroy(enumerator);
}
- this->socket = netlink_socket_create(NETLINK_ROUTE);
- this->job = NULL;
-
memset(&addr, 0, sizeof(addr));
addr.nl_family = AF_NETLINK;
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c
index 9fc1a03f5..779466472 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c
@@ -33,6 +33,12 @@ struct private_kernel_netlink_plugin_t {
kernel_netlink_plugin_t public;
};
+METHOD(plugin_t, get_name, char*,
+ private_kernel_netlink_plugin_t *this)
+{
+ return "kernel-netlink";
+}
+
METHOD(plugin_t, destroy, void,
private_kernel_netlink_plugin_t *this)
{
@@ -53,6 +59,8 @@ plugin_t *kernel_netlink_plugin_create()
INIT(this,
.public = {
.plugin = {
+ .get_name = _get_name,
+ .reload = (void*)return_false,
.destroy = _destroy,
},
},
diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.in b/src/libhydra/plugins/kernel_pfkey/Makefile.in
index 40363f319..251483017 100644
--- a/src/libhydra/plugins/kernel_pfkey/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfkey/Makefile.in
@@ -244,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
openac_plugins = @openac_plugins@
p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
pki_plugins = @pki_plugins@
@@ -267,6 +269,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 681811528..b252b7092 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1209,7 +1209,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
- u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound,
+ u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
{
unsigned char request[PFKEY_BUFFER_SIZE];
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c
index 9e7a7904d..842511181 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c
@@ -32,6 +32,12 @@ struct private_kernel_pfkey_plugin_t {
kernel_pfkey_plugin_t public;
};
+METHOD(plugin_t, get_name, char*,
+ private_kernel_pfkey_plugin_t *this)
+{
+ return "kernel-pfkey";
+}
+
METHOD(plugin_t, destroy, void,
private_kernel_pfkey_plugin_t *this)
{
@@ -50,6 +56,8 @@ plugin_t *kernel_pfkey_plugin_create()
INIT(this,
.public = {
.plugin = {
+ .get_name = _get_name,
+ .reload = (void*)return_false,
.destroy = _destroy,
},
},
diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.in b/src/libhydra/plugins/kernel_pfroute/Makefile.in
index 4db374b75..b7e12561d 100644
--- a/src/libhydra/plugins/kernel_pfroute/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfroute/Makefile.in
@@ -244,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
openac_plugins = @openac_plugins@
p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
pki_plugins = @pki_plugins@
@@ -267,6 +269,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
index 59fc915fd..fca46bfd2 100644
--- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -412,7 +412,8 @@ static void address_enumerator_destroy(address_enumerator_t *data)
/**
* filter for addresses
*/
-static bool filter_addresses(address_enumerator_t *data, addr_entry_t** in, host_t** out)
+static bool filter_addresses(address_enumerator_t *data,
+ addr_entry_t** in, host_t** out)
{
host_t *ip;
if (!data->include_virtual_ips && (*in)->virtual)
@@ -435,7 +436,8 @@ static bool filter_addresses(address_enumerator_t *data, addr_entry_t** in, host
/**
* enumerator constructor for interfaces
*/
-static enumerator_t *create_iface_enumerator(iface_entry_t *iface, address_enumerator_t *data)
+static enumerator_t *create_iface_enumerator(iface_entry_t *iface,
+ address_enumerator_t *data)
{
return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs),
(void*)filter_addresses, data, NULL);
@@ -444,7 +446,8 @@ static enumerator_t *create_iface_enumerator(iface_entry_t *iface, address_enume
/**
* filter for interfaces
*/
-static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, iface_entry_t** out)
+static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
+ iface_entry_t** out)
{
if (!data->include_down_ifaces && !((*in)->flags & IFF_UP))
{ /* skip interfaces not up */
@@ -454,11 +457,9 @@ static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, if
return TRUE;
}
-/**
- * implementation of kernel_net_t.create_address_enumerator
- */
-static enumerator_t *create_address_enumerator(private_kernel_pfroute_net_t *this,
- bool include_down_ifaces, bool include_virtual_ips)
+METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
+ private_kernel_pfroute_net_t *this,
+ bool include_down_ifaces, bool include_virtual_ips)
{
address_enumerator_t *data = malloc_thing(address_enumerator_t);
data->this = this;
@@ -467,15 +468,15 @@ static enumerator_t *create_address_enumerator(private_kernel_pfroute_net_t *thi
this->mutex->lock(this->mutex);
return enumerator_create_nested(
- enumerator_create_filter(this->ifaces->create_enumerator(this->ifaces),
- (void*)filter_interfaces, data, NULL),
- (void*)create_iface_enumerator, data, (void*)address_enumerator_destroy);
+ enumerator_create_filter(
+ this->ifaces->create_enumerator(this->ifaces),
+ (void*)filter_interfaces, data, NULL),
+ (void*)create_iface_enumerator, data,
+ (void*)address_enumerator_destroy);
}
-/**
- * implementation of kernel_net_t.get_interface_name
- */
-static char *get_interface_name(private_kernel_pfroute_net_t *this, host_t* ip)
+METHOD(kernel_net_t, get_interface_name, char*,
+ private_kernel_pfroute_net_t *this, host_t* ip)
{
enumerator_t *ifaces, *addrs;
iface_entry_t *iface;
@@ -517,54 +518,40 @@ static char *get_interface_name(private_kernel_pfroute_net_t *this, host_t* ip)
return name;
}
-/**
- * Implementation of kernel_net_t.get_source_addr.
- */
-static host_t* get_source_addr(private_kernel_pfroute_net_t *this,
- host_t *dest, host_t *src)
+METHOD(kernel_net_t, get_source_addr, host_t*,
+ private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
{
return NULL;
}
-/**
- * Implementation of kernel_net_t.get_nexthop.
- */
-static host_t* get_nexthop(private_kernel_pfroute_net_t *this, host_t *dest)
+METHOD(kernel_net_t, get_nexthop, host_t*,
+ private_kernel_pfroute_net_t *this, host_t *dest)
{
return NULL;
}
-/**
- * Implementation of kernel_net_t.add_ip.
- */
-static status_t add_ip(private_kernel_pfroute_net_t *this,
- host_t *virtual_ip, host_t *iface_ip)
+METHOD(kernel_net_t, add_ip, status_t,
+ private_kernel_pfroute_net_t *this, host_t *virtual_ip, host_t *iface_ip)
{
return FAILED;
}
-/**
- * Implementation of kernel_net_t.del_ip.
- */
-static status_t del_ip(private_kernel_pfroute_net_t *this, host_t *virtual_ip)
+METHOD(kernel_net_t, del_ip, status_t,
+ private_kernel_pfroute_net_t *this, host_t *virtual_ip)
{
return FAILED;
}
-/**
- * Implementation of kernel_net_t.add_route.
- */
-static status_t add_route(private_kernel_pfroute_net_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+METHOD(kernel_net_t, add_route, status_t,
+ private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
+ host_t *gateway, host_t *src_ip, char *if_name)
{
return FAILED;
}
-/**
- * Implementation of kernel_net_t.del_route.
- */
-static status_t del_route(private_kernel_pfroute_net_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+METHOD(kernel_net_t, del_route, status_t,
+ private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
+ host_t *gateway, host_t *src_ip, char *if_name)
{
return FAILED;
}
@@ -658,10 +645,8 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this)
return SUCCESS;
}
-/**
- * Implementation of kernel_netlink_net_t.destroy.
- */
-static void destroy(private_kernel_pfroute_net_t *this)
+METHOD(kernel_net_t, destroy, void,
+ private_kernel_pfroute_net_t *this)
{
if (this->job)
{
@@ -686,28 +671,26 @@ static void destroy(private_kernel_pfroute_net_t *this)
*/
kernel_pfroute_net_t *kernel_pfroute_net_create()
{
- private_kernel_pfroute_net_t *this = malloc_thing(private_kernel_pfroute_net_t);
-
- /* public functions */
- this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name;
- this->public.interface.create_address_enumerator = (enumerator_t*(*)(kernel_net_t*,bool,bool))create_address_enumerator;
- this->public.interface.get_source_addr = (host_t*(*)(kernel_net_t*, host_t *dest, host_t *src))get_source_addr;
- this->public.interface.get_nexthop = (host_t*(*)(kernel_net_t*, host_t *dest))get_nexthop;
- this->public.interface.add_ip = (status_t(*)(kernel_net_t*,host_t*,host_t*)) add_ip;
- this->public.interface.del_ip = (status_t(*)(kernel_net_t*,host_t*)) del_ip;
- this->public.interface.add_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route;
- this->public.interface.del_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route;
-
- this->public.interface.destroy = (void(*)(kernel_net_t*)) destroy;
-
- /* private members */
- this->ifaces = linked_list_create();
- this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
- this->mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT);
-
- this->seq = 0;
- this->socket_events = 0;
- this->job = NULL;
+ private_kernel_pfroute_net_t *this;
+
+ INIT(this,
+ .public = {
+ .interface = {
+ .get_interface = _get_interface_name,
+ .create_address_enumerator = _create_address_enumerator,
+ .get_source_addr = _get_source_addr,
+ .get_nexthop = _get_nexthop,
+ .add_ip = _add_ip,
+ .del_ip = _del_ip,
+ .add_route = _add_route,
+ .del_route = _del_route,
+ .destroy = _destroy,
+ },
+ },
+ .ifaces = linked_list_create(),
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT),
+ );
/* create a PF_ROUTE socket to communicate with the kernel */
this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c
index a4cb53edd..680caa5d0 100644
--- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c
+++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c
@@ -32,6 +32,12 @@ struct private_kernel_pfroute_plugin_t {
kernel_pfroute_plugin_t public;
};
+METHOD(plugin_t, get_name, char*,
+ private_kernel_pfroute_plugin_t *this)
+{
+ return "kernel-pfroute";
+}
+
METHOD(plugin_t, destroy, void,
private_kernel_pfroute_plugin_t *this)
{
@@ -50,6 +56,8 @@ plugin_t *kernel_pfroute_plugin_create()
INIT(this,
.public = {
.plugin = {
+ .get_name = _get_name,
+ .reload = (void*)return_false,
.destroy = _destroy,
},
},
diff --git a/src/libhydra/plugins/resolve/Makefile.in b/src/libhydra/plugins/resolve/Makefile.in
index e6c5fb712..d3cda309a 100644
--- a/src/libhydra/plugins/resolve/Makefile.in
+++ b/src/libhydra/plugins/resolve/Makefile.in
@@ -243,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
openac_plugins = @openac_plugins@
p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
pki_plugins = @pki_plugins@
@@ -266,6 +268,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
diff --git a/src/libhydra/plugins/resolve/resolve_handler.c b/src/libhydra/plugins/resolve/resolve_handler.c
index cdc639038..feb2fd05a 100644
--- a/src/libhydra/plugins/resolve/resolve_handler.c
+++ b/src/libhydra/plugins/resolve/resolve_handler.c
@@ -116,7 +116,7 @@ static void release(private_resolve_handler_t *this, identification_t *server,
configuration_attribute_type_t type, chunk_t data)
{
FILE *in, *out;
- char line[1024], matcher[512], *pos;
+ char line[1024], matcher[512];
host_t *addr;
int family;
@@ -148,7 +148,7 @@ static void release(private_resolve_handler_t *this, identification_t *server,
addr, server);
/* copy all, but matching line */
- while ((pos = fgets(line, sizeof(line), in)))
+ while (fgets(line, sizeof(line), in))
{
if (strneq(line, matcher, strlen(matcher)))
{
diff --git a/src/libhydra/plugins/resolve/resolve_plugin.c b/src/libhydra/plugins/resolve/resolve_plugin.c
index ad18c7060..d23d36127 100644
--- a/src/libhydra/plugins/resolve/resolve_plugin.c
+++ b/src/libhydra/plugins/resolve/resolve_plugin.c
@@ -36,6 +36,12 @@ struct private_resolve_plugin_t {
resolve_handler_t *handler;
};
+METHOD(plugin_t, get_name, char*,
+ private_resolve_plugin_t *this)
+{
+ return "resolve";
+}
+
METHOD(plugin_t, destroy, void,
private_resolve_plugin_t *this)
{
@@ -54,6 +60,8 @@ plugin_t *resolve_plugin_create()
INIT(this,
.public = {
.plugin = {
+ .get_name = _get_name,
+ .reload = (void*)return_false,
.destroy = _destroy,
},
},