summaryrefslogtreecommitdiff
path: root/src/libhydra
diff options
context:
space:
mode:
Diffstat (limited to 'src/libhydra')
-rw-r--r--src/libhydra/Android.mk7
-rw-r--r--src/libhydra/Makefile.am24
-rw-r--r--src/libhydra/Makefile.in73
-rw-r--r--src/libhydra/attributes/attribute_handler.h72
-rw-r--r--src/libhydra/attributes/attribute_manager.c348
-rw-r--r--src/libhydra/attributes/attribute_manager.h153
-rw-r--r--src/libhydra/attributes/attribute_provider.h71
-rw-r--r--src/libhydra/attributes/attributes.c114
-rw-r--r--src/libhydra/attributes/attributes.h91
-rw-r--r--src/libhydra/attributes/mem_pool.c649
-rw-r--r--src/libhydra/attributes/mem_pool.h146
-rw-r--r--src/libhydra/hydra.c4
-rw-r--r--src/libhydra/hydra.h9
-rw-r--r--src/libhydra/kernel/kernel_interface.c276
-rw-r--r--src/libhydra/kernel/kernel_interface.h76
-rw-r--r--src/libhydra/kernel/kernel_ipsec.h28
-rw-r--r--src/libhydra/kernel/kernel_listener.h13
-rw-r--r--src/libhydra/plugins/attr/Makefile.am18
-rw-r--r--src/libhydra/plugins/attr/attr_plugin.c109
-rw-r--r--src/libhydra/plugins/attr/attr_provider.c329
-rw-r--r--src/libhydra/plugins/attr/attr_provider.h54
-rw-r--r--src/libhydra/plugins/attr_sql/Makefile.am18
-rw-r--r--src/libhydra/plugins/attr_sql/Makefile.in774
-rw-r--r--src/libhydra/plugins/attr_sql/attr_sql_plugin.c129
-rw-r--r--src/libhydra/plugins/attr_sql/sql_attribute.c475
-rw-r--r--src/libhydra/plugins/attr_sql/sql_attribute.h50
-rw-r--r--src/libhydra/plugins/kernel_netlink/Makefile.am21
-rw-r--r--src/libhydra/plugins/kernel_netlink/Makefile.in267
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c299
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c46
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c477
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h4
-rw-r--r--src/libhydra/plugins/kernel_netlink/suites/test_socket.c302
-rw-r--r--src/libhydra/plugins/kernel_netlink/tests.c51
-rw-r--r--src/libhydra/plugins/kernel_netlink/tests.h (renamed from src/libhydra/plugins/attr_sql/attr_sql_plugin.h)32
-rw-r--r--src/libhydra/plugins/kernel_pfkey/Makefile.in5
-rw-r--r--src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c112
-rw-r--r--src/libhydra/plugins/kernel_pfroute/Makefile.in5
-rw-r--r--src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c9
-rw-r--r--src/libhydra/plugins/resolve/Makefile.am19
-rw-r--r--src/libhydra/plugins/resolve/Makefile.in775
-rw-r--r--src/libhydra/plugins/resolve/resolve_handler.c377
-rw-r--r--src/libhydra/plugins/resolve/resolve_handler.h49
-rw-r--r--src/libhydra/plugins/resolve/resolve_plugin.c102
-rw-r--r--src/libhydra/plugins/resolve/resolve_plugin.h42
-rw-r--r--src/libhydra/tests/Makefile.am18
-rw-r--r--src/libhydra/tests/Makefile.in (renamed from src/libhydra/plugins/attr/Makefile.in)326
-rw-r--r--src/libhydra/tests/hydra_tests.c53
-rw-r--r--src/libhydra/tests/hydra_tests.h (renamed from src/libhydra/plugins/attr/attr_plugin.h)30
49 files changed, 2035 insertions, 5496 deletions
diff --git a/src/libhydra/Android.mk b/src/libhydra/Android.mk
index ff134da7b..af39f04ec 100644
--- a/src/libhydra/Android.mk
+++ b/src/libhydra/Android.mk
@@ -4,10 +4,6 @@ include $(CLEAR_VARS)
# copy-n-paste from Makefile.am
libhydra_la_SOURCES := \
hydra.c hydra.h \
-attributes/attributes.c attributes/attributes.h \
-attributes/attribute_provider.h attributes/attribute_handler.h \
-attributes/attribute_manager.c attributes/attribute_manager.h \
-attributes/mem_pool.c attributes/mem_pool.h \
kernel/kernel_interface.c kernel/kernel_interface.h \
kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
kernel/kernel_net.c kernel/kernel_net.h \
@@ -17,8 +13,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(libhydra_la_SOURCES))
# adding the plugin source files
-LOCAL_SRC_FILES += $(call add_plugin, attr)
-
LOCAL_SRC_FILES += $(call add_plugin, kernel-pfkey)
LOCAL_SRC_FILES += $(call add_plugin, kernel-netlink)
@@ -42,4 +36,3 @@ LOCAL_PRELINK_MODULE := false
LOCAL_SHARED_LIBRARIES += libstrongswan
include $(BUILD_SHARED_LIBRARY)
-
diff --git a/src/libhydra/Makefile.am b/src/libhydra/Makefile.am
index 510f2a124..9cdbc0147 100644
--- a/src/libhydra/Makefile.am
+++ b/src/libhydra/Makefile.am
@@ -2,10 +2,6 @@ ipseclib_LTLIBRARIES = libhydra.la
libhydra_la_SOURCES = \
hydra.c hydra.h \
-attributes/attributes.c attributes/attributes.h \
-attributes/attribute_provider.h attributes/attribute_handler.h \
-attributes/attribute_manager.c attributes/attribute_manager.h \
-attributes/mem_pool.c attributes/mem_pool.h \
kernel/kernel_interface.c kernel/kernel_interface.h \
kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
kernel/kernel_net.c kernel/kernel_net.h \
@@ -37,20 +33,6 @@ else
SUBDIRS = .
endif
-if USE_ATTR
- SUBDIRS += plugins/attr
-if MONOLITHIC
- libhydra_la_LIBADD += plugins/attr/libstrongswan-attr.la
-endif
-endif
-
-if USE_ATTR_SQL
- SUBDIRS += plugins/attr_sql
-if MONOLITHIC
- libhydra_la_LIBADD += plugins/attr_sql/libstrongswan-attr-sql.la
-endif
-endif
-
if USE_KERNEL_PFKEY
SUBDIRS += plugins/kernel_pfkey
if MONOLITHIC
@@ -72,9 +54,7 @@ if MONOLITHIC
endif
endif
-if USE_RESOLVE
- SUBDIRS += plugins/resolve
if MONOLITHIC
- libhydra_la_LIBADD += plugins/resolve/libstrongswan-resolve.la
-endif
+ SUBDIRS += .
endif
+SUBDIRS += tests
diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in
index e3ff1981c..9bb2e839a 100644
--- a/src/libhydra/Makefile.in
+++ b/src/libhydra/Makefile.in
@@ -79,18 +79,12 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@USE_WINDOWS_TRUE@am__append_1 = -lws2_32
-@USE_ATTR_TRUE@am__append_2 = plugins/attr
-@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_3 = plugins/attr/libstrongswan-attr.la
-@USE_ATTR_SQL_TRUE@am__append_4 = plugins/attr_sql
-@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_5 = plugins/attr_sql/libstrongswan-attr-sql.la
-@USE_KERNEL_PFKEY_TRUE@am__append_6 = plugins/kernel_pfkey
-@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_7 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la
-@USE_KERNEL_PFROUTE_TRUE@am__append_8 = plugins/kernel_pfroute
-@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_9 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la
-@USE_KERNEL_NETLINK_TRUE@am__append_10 = plugins/kernel_netlink
-@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_11 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la
-@USE_RESOLVE_TRUE@am__append_12 = plugins/resolve
-@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_13 = plugins/resolve/libstrongswan-resolve.la
+@USE_KERNEL_PFKEY_TRUE@am__append_2 = plugins/kernel_pfkey
+@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_3 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la
+@USE_KERNEL_PFROUTE_TRUE@am__append_4 = plugins/kernel_pfroute
+@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_5 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la
+@USE_KERNEL_NETLINK_TRUE@am__append_6 = plugins/kernel_netlink
+@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_7 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la
subdir = src/libhydra
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
@@ -144,13 +138,10 @@ am__DEPENDENCIES_1 =
libhydra_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(am__DEPENDENCIES_1) $(am__append_3) $(am__append_5) \
- $(am__append_7) $(am__append_9) $(am__append_11) \
- $(am__append_13)
+ $(am__append_7)
am__dirstamp = $(am__leading_dot)dirstamp
-am_libhydra_la_OBJECTS = hydra.lo attributes/attributes.lo \
- attributes/attribute_manager.lo attributes/mem_pool.lo \
- kernel/kernel_interface.lo kernel/kernel_ipsec.lo \
- kernel/kernel_net.lo
+am_libhydra_la_OBJECTS = hydra.lo kernel/kernel_interface.lo \
+ kernel/kernel_ipsec.lo kernel/kernel_net.lo
libhydra_la_OBJECTS = $(am_libhydra_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -232,8 +223,8 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
-DIST_SUBDIRS = . plugins/attr plugins/attr_sql plugins/kernel_pfkey \
- plugins/kernel_pfroute plugins/kernel_netlink plugins/resolve
+DIST_SUBDIRS = . plugins/kernel_pfkey plugins/kernel_pfroute \
+ plugins/kernel_netlink tests
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -285,6 +276,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -345,10 +337,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -422,6 +416,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
@@ -483,10 +479,6 @@ xml_LIBS = @xml_LIBS@
ipseclib_LTLIBRARIES = libhydra.la
libhydra_la_SOURCES = \
hydra.c hydra.h \
-attributes/attributes.c attributes/attributes.h \
-attributes/attribute_provider.h attributes/attribute_handler.h \
-attributes/attribute_manager.c attributes/attribute_manager.h \
-attributes/mem_pool.c attributes/mem_pool.h \
kernel/kernel_interface.c kernel/kernel_interface.h \
kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
kernel/kernel_net.c kernel/kernel_net.h \
@@ -495,8 +487,7 @@ kernel/kernel_listener.h
libhydra_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(am__append_1) $(am__append_3) $(am__append_5) \
- $(am__append_7) $(am__append_9) $(am__append_11) \
- $(am__append_13)
+ $(am__append_7)
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-DIPSEC_DIR=\"${ipsecdir}\" \
@@ -507,14 +498,12 @@ AM_LDFLAGS = \
EXTRA_DIST = Android.mk
@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_2) $(am__append_4) \
-@MONOLITHIC_FALSE@ $(am__append_6) $(am__append_8) \
-@MONOLITHIC_FALSE@ $(am__append_10) $(am__append_12)
+@MONOLITHIC_FALSE@ $(am__append_6) tests
# build optional plugins
########################
@MONOLITHIC_TRUE@SUBDIRS = $(am__append_2) $(am__append_4) \
-@MONOLITHIC_TRUE@ $(am__append_6) $(am__append_8) \
-@MONOLITHIC_TRUE@ $(am__append_10) $(am__append_12)
+@MONOLITHIC_TRUE@ $(am__append_6) . tests
all: all-recursive
.SUFFIXES:
@@ -584,18 +573,6 @@ clean-ipseclibLTLIBRARIES:
echo rm -f $${locs}; \
rm -f $${locs}; \
}
-attributes/$(am__dirstamp):
- @$(MKDIR_P) attributes
- @: > attributes/$(am__dirstamp)
-attributes/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) attributes/$(DEPDIR)
- @: > attributes/$(DEPDIR)/$(am__dirstamp)
-attributes/attributes.lo: attributes/$(am__dirstamp) \
- attributes/$(DEPDIR)/$(am__dirstamp)
-attributes/attribute_manager.lo: attributes/$(am__dirstamp) \
- attributes/$(DEPDIR)/$(am__dirstamp)
-attributes/mem_pool.lo: attributes/$(am__dirstamp) \
- attributes/$(DEPDIR)/$(am__dirstamp)
kernel/$(am__dirstamp):
@$(MKDIR_P) kernel
@: > kernel/$(am__dirstamp)
@@ -614,8 +591,6 @@ libhydra.la: $(libhydra_la_OBJECTS) $(libhydra_la_DEPENDENCIES) $(EXTRA_libhydra
mostlyclean-compile:
-rm -f *.$(OBJEXT)
- -rm -f attributes/*.$(OBJEXT)
- -rm -f attributes/*.lo
-rm -f kernel/*.$(OBJEXT)
-rm -f kernel/*.lo
@@ -623,9 +598,6 @@ distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hydra.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@attributes/$(DEPDIR)/attribute_manager.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@attributes/$(DEPDIR)/attributes.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@attributes/$(DEPDIR)/mem_pool.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@kernel/$(DEPDIR)/kernel_interface.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@kernel/$(DEPDIR)/kernel_ipsec.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@kernel/$(DEPDIR)/kernel_net.Plo@am__quote@
@@ -659,7 +631,6 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
- -rm -rf attributes/.libs attributes/_libs
-rm -rf kernel/.libs kernel/_libs
# This directory's subdirectories are mostly independent; you can cd
@@ -850,8 +821,6 @@ clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
- -rm -f attributes/$(DEPDIR)/$(am__dirstamp)
- -rm -f attributes/$(am__dirstamp)
-rm -f kernel/$(DEPDIR)/$(am__dirstamp)
-rm -f kernel/$(am__dirstamp)
@@ -864,7 +833,7 @@ clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \
mostlyclean-am
distclean: distclean-recursive
- -rm -rf ./$(DEPDIR) attributes/$(DEPDIR) kernel/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) kernel/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -910,7 +879,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
- -rm -rf ./$(DEPDIR) attributes/$(DEPDIR) kernel/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) kernel/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
diff --git a/src/libhydra/attributes/attribute_handler.h b/src/libhydra/attributes/attribute_handler.h
deleted file mode 100644
index bc488f6cb..000000000
--- a/src/libhydra/attributes/attribute_handler.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup attribute_handler attribute_handler
- * @{ @ingroup attributes
- */
-
-#ifndef ATTRIBUTE_HANDLER_H_
-#define ATTRIBUTE_HANDLER_H_
-
-#include <utils/chunk.h>
-#include <utils/identification.h>
-#include <collections/linked_list.h>
-
-#include "attributes.h"
-
-typedef struct attribute_handler_t attribute_handler_t;
-
-/**
- * Interface to handle configuration payload attributes.
- */
-struct attribute_handler_t {
-
- /**
- * Handle a configuration attribute.
- *
- * After receiving a configuration attriubte, it is passed to each
- * attribute handler until it is handled.
- *
- * @param server server from which the attribute was received
- * @param type type of configuration attribute to handle
- * @param data associated attribute data
- * @return TRUE if attribute handled
- */
- bool (*handle)(attribute_handler_t *this, identification_t *server,
- configuration_attribute_type_t type, chunk_t data);
-
- /**
- * Release an attribute handled during handle().
- *
- * A handler that handle()d an attribute gets a call to release() when the
- * connection gets closed. Depending on the implementation, this is required
- * to remove the attribute.
- */
- void (*release)(attribute_handler_t *this, identification_t *server,
- configuration_attribute_type_t type, chunk_t data);
-
- /**
- * Enumerate attributes to request from a server.
- *
- * @param server server identity to request attributes from
- * @param vips list of virtual IPs (host_t*) we are requesting
- * @return enumerator (configuration_attribute_type_t, chunk_t)
- */
- enumerator_t* (*create_attribute_enumerator)(attribute_handler_t *this,
- identification_t *server, linked_list_t *vips);
-};
-
-#endif /** ATTRIBUTE_HANDLER_H_ @}*/
diff --git a/src/libhydra/attributes/attribute_manager.c b/src/libhydra/attributes/attribute_manager.c
deleted file mode 100644
index 5fda8b426..000000000
--- a/src/libhydra/attributes/attribute_manager.c
+++ /dev/null
@@ -1,348 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "attribute_manager.h"
-
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-#include <threading/rwlock.h>
-
-typedef struct private_attribute_manager_t private_attribute_manager_t;
-
-/**
- * private data of attribute_manager
- */
-struct private_attribute_manager_t {
-
- /**
- * public functions
- */
- attribute_manager_t public;
-
- /**
- * list of registered providers
- */
- linked_list_t *providers;
-
- /**
- * list of registered handlers
- */
- linked_list_t *handlers;
-
- /**
- * rwlock provider list
- */
- rwlock_t *lock;
-};
-
-/**
- * Data to pass to enumerator filters
- */
-typedef struct {
- /** attribute group pools */
- linked_list_t *pools;
- /** server/peer identity */
- identification_t *id;
- /** requesting/assigned virtual IPs */
- linked_list_t *vips;
-} enum_data_t;
-
-METHOD(attribute_manager_t, acquire_address, host_t*,
- private_attribute_manager_t *this, linked_list_t *pools,
- identification_t *id, host_t *requested)
-{
- enumerator_t *enumerator;
- attribute_provider_t *current;
- host_t *host = NULL;
-
- this->lock->read_lock(this->lock);
- enumerator = this->providers->create_enumerator(this->providers);
- while (enumerator->enumerate(enumerator, &current))
- {
- host = current->acquire_address(current, pools, id, requested);
- if (host)
- {
- break;
- }
- }
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
-
- return host;
-}
-
-METHOD(attribute_manager_t, release_address, bool,
- private_attribute_manager_t *this, linked_list_t *pools, host_t *address,
- identification_t *id)
-{
- enumerator_t *enumerator;
- attribute_provider_t *current;
- bool found = FALSE;
-
- this->lock->read_lock(this->lock);
- enumerator = this->providers->create_enumerator(this->providers);
- while (enumerator->enumerate(enumerator, &current))
- {
- if (current->release_address(current, pools, address, id))
- {
- found = TRUE;
- break;
- }
- }
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
-
- return found;
-}
-
-/**
- * inner enumerator constructor for responder attributes
- */
-static enumerator_t *responder_enum_create(attribute_provider_t *provider,
- enum_data_t *data)
-{
- return provider->create_attribute_enumerator(provider, data->pools,
- data->id, data->vips);
-}
-
-METHOD(attribute_manager_t, create_responder_enumerator, enumerator_t*,
- private_attribute_manager_t *this, linked_list_t *pools,
- identification_t *id, linked_list_t *vips)
-{
- enum_data_t *data;
-
- INIT(data,
- .pools = pools,
- .id = id,
- .vips = vips,
- );
- this->lock->read_lock(this->lock);
- return enumerator_create_cleaner(
- enumerator_create_nested(
- this->providers->create_enumerator(this->providers),
- (void*)responder_enum_create, data, free),
- (void*)this->lock->unlock, this->lock);
-}
-
-METHOD(attribute_manager_t, add_provider, void,
- private_attribute_manager_t *this, attribute_provider_t *provider)
-{
- this->lock->write_lock(this->lock);
- this->providers->insert_last(this->providers, provider);
- this->lock->unlock(this->lock);
-}
-
-METHOD(attribute_manager_t, remove_provider, void,
- private_attribute_manager_t *this, attribute_provider_t *provider)
-{
- this->lock->write_lock(this->lock);
- this->providers->remove(this->providers, provider, NULL);
- this->lock->unlock(this->lock);
-}
-
-METHOD(attribute_manager_t, handle, attribute_handler_t*,
- private_attribute_manager_t *this, identification_t *server,
- attribute_handler_t *handler, configuration_attribute_type_t type,
- chunk_t data)
-{
- enumerator_t *enumerator;
- attribute_handler_t *current, *handled = NULL;
-
- this->lock->read_lock(this->lock);
-
- /* try to find the passed handler */
- enumerator = this->handlers->create_enumerator(this->handlers);
- while (enumerator->enumerate(enumerator, &current))
- {
- if (current == handler && current->handle(current, server, type, data))
- {
- handled = current;
- break;
- }
- }
- enumerator->destroy(enumerator);
- if (!handled)
- { /* handler requesting this attribute not found, try any other */
- enumerator = this->handlers->create_enumerator(this->handlers);
- while (enumerator->enumerate(enumerator, &current))
- {
- if (current->handle(current, server, type, data))
- {
- handled = current;
- break;
- }
- }
- enumerator->destroy(enumerator);
- }
- this->lock->unlock(this->lock);
-
- if (!handled)
- {
- DBG1(DBG_CFG, "handling %N attribute failed",
- configuration_attribute_type_names, type);
- }
- return handled;
-}
-
-METHOD(attribute_manager_t, release, void,
- private_attribute_manager_t *this, attribute_handler_t *handler,
- identification_t *server, configuration_attribute_type_t type, chunk_t data)
-{
- enumerator_t *enumerator;
- attribute_handler_t *current;
-
- this->lock->read_lock(this->lock);
- enumerator = this->handlers->create_enumerator(this->handlers);
- while (enumerator->enumerate(enumerator, &current))
- {
- if (current == handler)
- {
- current->release(current, server, type, data);
- break;
- }
- }
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
-}
-
-/**
- * Enumerator implementation to enumerate nested initiator attributes
- */
-typedef struct {
- /** implements enumerator_t */
- enumerator_t public;
- /** back ref */
- private_attribute_manager_t *this;
- /** currently processing handler */
- attribute_handler_t *handler;
- /** outer enumerator over handlers */
- enumerator_t *outer;
- /** inner enumerator over current handlers attributes */
- enumerator_t *inner;
- /** server ID we want attributes for */
- identification_t *id;
- /** virtual IPs we are requesting along with attriubutes */
- linked_list_t *vips;
-} initiator_enumerator_t;
-
-/**
- * Enumerator implementation for initiator attributes
- */
-static bool initiator_enumerate(initiator_enumerator_t *this,
- attribute_handler_t **handler,
- configuration_attribute_type_t *type,
- chunk_t *value)
-{
- /* enumerate inner attributes using outer handler enumerator */
- while (!this->inner || !this->inner->enumerate(this->inner, type, value))
- {
- if (!this->outer->enumerate(this->outer, &this->handler))
- {
- return FALSE;
- }
- DESTROY_IF(this->inner);
- this->inner = this->handler->create_attribute_enumerator(this->handler,
- this->id, this->vips);
- }
- /* inject the handler as additional attribute */
- *handler = this->handler;
- return TRUE;
-}
-
-/**
- * Cleanup function of initiator attribute enumerator
- */
-static void initiator_destroy(initiator_enumerator_t *this)
-{
- this->this->lock->unlock(this->this->lock);
- this->outer->destroy(this->outer);
- DESTROY_IF(this->inner);
- free(this);
-}
-
-METHOD(attribute_manager_t, create_initiator_enumerator, enumerator_t*,
- private_attribute_manager_t *this, identification_t *id, linked_list_t *vips)
-{
- initiator_enumerator_t *enumerator;
-
- this->lock->read_lock(this->lock);
-
- INIT(enumerator,
- .public = {
- .enumerate = (void*)initiator_enumerate,
- .destroy = (void*)initiator_destroy,
- },
- .this = this,
- .id = id,
- .vips = vips,
- .outer = this->handlers->create_enumerator(this->handlers),
- );
- return &enumerator->public;
-}
-
-METHOD(attribute_manager_t, add_handler, void,
- private_attribute_manager_t *this, attribute_handler_t *handler)
-{
- this->lock->write_lock(this->lock);
- this->handlers->insert_last(this->handlers, handler);
- this->lock->unlock(this->lock);
-}
-
-METHOD(attribute_manager_t, remove_handler, void,
- private_attribute_manager_t *this, attribute_handler_t *handler)
-{
- this->lock->write_lock(this->lock);
- this->handlers->remove(this->handlers, handler, NULL);
- this->lock->unlock(this->lock);
-}
-
-METHOD(attribute_manager_t, destroy, void,
- private_attribute_manager_t *this)
-{
- this->providers->destroy(this->providers);
- this->handlers->destroy(this->handlers);
- this->lock->destroy(this->lock);
- free(this);
-}
-
-/*
- * see header file
- */
-attribute_manager_t *attribute_manager_create()
-{
- private_attribute_manager_t *this;
-
- INIT(this,
- .public = {
- .acquire_address = _acquire_address,
- .release_address = _release_address,
- .create_responder_enumerator = _create_responder_enumerator,
- .add_provider = _add_provider,
- .remove_provider = _remove_provider,
- .handle = _handle,
- .release = _release,
- .create_initiator_enumerator = _create_initiator_enumerator,
- .add_handler = _add_handler,
- .remove_handler = _remove_handler,
- .destroy = _destroy,
- },
- .providers = linked_list_create(),
- .handlers = linked_list_create(),
- .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
- );
-
- return &this->public;
-}
-
diff --git a/src/libhydra/attributes/attribute_manager.h b/src/libhydra/attributes/attribute_manager.h
deleted file mode 100644
index 99f41772c..000000000
--- a/src/libhydra/attributes/attribute_manager.h
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup attribute_manager attribute_manager
- * @{ @ingroup attributes
- */
-
-#ifndef ATTRIBUTE_MANAGER_H_
-#define ATTRIBUTE_MANAGER_H_
-
-#include "attribute_provider.h"
-#include "attribute_handler.h"
-
-typedef struct attribute_manager_t attribute_manager_t;
-
-/**
- * The attribute manager hands out attributes or handles them.
- *
- * The attribute manager manages both, attribute providers and attribute
- * handlers. Attribute providers are responsible to hand out attributes if
- * a connecting peer requests them. Handlers handle such attributes if they
- * are received on the requesting peer.
- */
-struct attribute_manager_t {
-
- /**
- * Acquire a virtual IP address to assign to a peer.
- *
- * @param pools list of pool names (char*) to acquire from
- * @param id peer identity to get address forua
- * @param requested IP in configuration request
- * @return allocated address, NULL to serve none
- */
- host_t* (*acquire_address)(attribute_manager_t *this,
- linked_list_t *pool, identification_t *id,
- host_t *requested);
-
- /**
- * Release a previously acquired address.
- *
- * @param pools list of pool names (char*) to release to
- * @param address address to release
- * @param id peer identity to get address for
- * @return TRUE if address released to pool
- */
- bool (*release_address)(attribute_manager_t *this,
- linked_list_t *pools, host_t *address,
- identification_t *id);
-
- /**
- * Create an enumerator over attributes to hand out to a peer.
- *
- * @param pool list of pools names (char*) to query attributes from
- * @param id peer identity to hand out attributes to
- * @param vip list of virtual IPs (host_t*) to assign to peer
- * @return enumerator (configuration_attribute_type_t, chunk_t)
- */
- enumerator_t* (*create_responder_enumerator)(attribute_manager_t *this,
- linked_list_t *pool, identification_t *id,
- linked_list_t *vips);
-
- /**
- * Register an attribute provider to the manager.
- *
- * @param provider attribute provider to register
- */
- void (*add_provider)(attribute_manager_t *this,
- attribute_provider_t *provider);
- /**
- * Unregister an attribute provider from the manager.
- *
- * @param provider attribute provider to unregister
- */
- void (*remove_provider)(attribute_manager_t *this,
- attribute_provider_t *provider);
-
- /**
- * Handle a configuration attribute by passing them to the handlers.
- *
- * @param server server from which the attribute was received
- * @param handler handler we requested the attribute for, if any
- * @param type type of configuration attribute
- * @param data associated attribute data
- * @return handler which handled this attribute, NULL if none
- */
- attribute_handler_t* (*handle)(attribute_manager_t *this,
- identification_t *server, attribute_handler_t *handler,
- configuration_attribute_type_t type, chunk_t data);
-
- /**
- * Release an attribute previously handle()d by a handler.
- *
- * @param handler handler returned by handle() for this attribute
- * @param server server from which the attribute was received
- * @param type type of attribute to release
- * @param data associated attribute data
- */
- void (*release)(attribute_manager_t *this, attribute_handler_t *handler,
- identification_t *server,
- configuration_attribute_type_t type,
- chunk_t data);
-
- /**
- * Create an enumerator over attributes to request from server.
- *
- * @param id server identity to hand out attributes to
- * @param vip list of virtual IPs (host_t*) going to request
- * @return enumerator (attribute_handler_t, ca_type_t, chunk_t)
- */
- enumerator_t* (*create_initiator_enumerator)(attribute_manager_t *this,
- identification_t *id, linked_list_t *vips);
-
- /**
- * Register an attribute handler to the manager.
- *
- * @param handler attribute handler to register
- */
- void (*add_handler)(attribute_manager_t *this,
- attribute_handler_t *handler);
-
- /**
- * Unregister an attribute handler from the manager.
- *
- * @param handler attribute handler to unregister
- */
- void (*remove_handler)(attribute_manager_t *this,
- attribute_handler_t *handler);
-
- /**
- * Destroy a attribute_manager instance.
- */
- void (*destroy)(attribute_manager_t *this);
-};
-
-/**
- * Create a attribute_manager instance.
- */
-attribute_manager_t *attribute_manager_create();
-
-#endif /** ATTRIBUTE_MANAGER_H_ @}*/
diff --git a/src/libhydra/attributes/attribute_provider.h b/src/libhydra/attributes/attribute_provider.h
deleted file mode 100644
index adfd4a516..000000000
--- a/src/libhydra/attributes/attribute_provider.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup attribute_provider attribute_provider
- * @{ @ingroup attributes
- */
-
-#ifndef ATTRIBUTE_PROVIDER_H_
-#define ATTRIBUTE_PROVIDER_H_
-
-#include <networking/host.h>
-#include <utils/identification.h>
-#include <collections/linked_list.h>
-
-typedef struct attribute_provider_t attribute_provider_t;
-
-/**
- * Interface to provide attributes to peers through attribute manager.
- */
-struct attribute_provider_t {
-
- /**
- * Acquire a virtual IP address to assign to a peer.
- *
- * @param pools list of pool names (char*) to acquire from
- * @param id peer ID
- * @param requested IP in configuration request
- * @return allocated address, NULL to serve none
- */
- host_t* (*acquire_address)(attribute_provider_t *this,
- linked_list_t *pools, identification_t *id,
- host_t *requested);
- /**
- * Release a previously acquired address.
- *
- * @param pools list of pool names (char*) to release to
- * @param address address to release
- * @param id peer ID
- * @return TRUE if the address has been released by the provider
- */
- bool (*release_address)(attribute_provider_t *this,
- linked_list_t *pools, host_t *address,
- identification_t *id);
-
- /**
- * Create an enumerator over attributes to hand out to a peer.
- *
- * @param pool list of pools names (char*) to query attributes from
- * @param id peer ID
- * @param vip list of virtual IPs (host_t*) to assign to peer
- * @return enumerator (configuration_attribute_type_t, chunk_t)
- */
- enumerator_t* (*create_attribute_enumerator)(attribute_provider_t *this,
- linked_list_t *pools, identification_t *id,
- linked_list_t *vips);
-};
-
-#endif /** ATTRIBUTE_PROVIDER_H_ @}*/
diff --git a/src/libhydra/attributes/attributes.c b/src/libhydra/attributes/attributes.c
deleted file mode 100644
index 9fabcf4e4..000000000
--- a/src/libhydra/attributes/attributes.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-
-#include "attributes.h"
-
-ENUM_BEGIN(configuration_attribute_type_names, INTERNAL_IP4_ADDRESS, HOME_AGENT_ADDRESS,
- "INTERNAL_IP4_ADDRESS",
- "INTERNAL_IP4_NETMASK",
- "INTERNAL_IP4_DNS",
- "INTERNAL_IP4_NBNS",
- "INTERNAL_ADDRESS_EXPIRY",
- "INTERNAL_IP4_DHCP",
- "APPLICATION_VERSION",
- "INTERNAL_IP6_ADDRESS",
- "INTERNAL_IP6_NETMASK",
- "INTERNAL_IP6_DNS",
- "INTERNAL_IP6_NBNS",
- "INTERNAL_IP6_DHCP",
- "INTERNAL_IP4_SUBNET",
- "SUPPORTED_ATTRIBUTES",
- "INTERNAL_IP6_SUBNET",
- "MIP6_HOME_PREFIX",
- "INTERNAL_IP6_LINK",
- "INTERNAL_IP6_PREFIX",
- "HOME_AGENT_ADDRESS");
-ENUM_NEXT(configuration_attribute_type_names, XAUTH_TYPE, XAUTH_ANSWER, HOME_AGENT_ADDRESS,
- "XAUTH_TYPE",
- "XAUTH_USER_NAME",
- "XAUTH_USER_PASSWORD",
- "XAUTH_PASSCODE",
- "XAUTH_MESSAGE",
- "XAUTH_CHALLENGE",
- "XAUTH_DOMAIN",
- "XAUTH_STATUS",
- "XAUTH_NEXT_PIN",
- "XAUTH_ANSWER");
-ENUM_NEXT(configuration_attribute_type_names, INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, XAUTH_ANSWER,
- "INTERNAL_IP4_SERVER",
- "INTERNAL_IP6_SERVER");
-ENUM_NEXT(configuration_attribute_type_names, UNITY_BANNER, UNITY_DDNS_HOSTNAME, INTERNAL_IP6_SERVER,
- "UNITY_BANNER",
- "UNITY_SAVE_PASSWD",
- "UNITY_DEF_DOMAIN",
- "UNITY_SPLITDNS_NAME",
- "UNITY_SPLIT_INCLUDE",
- "UNITY_NATT_PORT",
- "UNITY_LOCAL_LAN",
- "UNITY_PFS",
- "UNITY_FW_TYPE",
- "UNITY_BACKUP_SERVERS",
- "UNITY_DDNS_HOSTNAME");
-ENUM_END(configuration_attribute_type_names, UNITY_DDNS_HOSTNAME);
-
-ENUM_BEGIN(configuration_attribute_type_short_names, INTERNAL_IP4_ADDRESS, HOME_AGENT_ADDRESS,
- "ADDR",
- "MASK",
- "DNS",
- "NBNS",
- "EXP",
- "DHCP",
- "VER",
- "ADDR6",
- "MASK6",
- "DNS6",
- "NBNS6",
- "DHCP6",
- "SUBNET",
- "SUP",
- "SUBNET6",
- "MIP6HPFX",
- "LINK6",
- "PFX6",
- "HOA");
-ENUM_NEXT(configuration_attribute_type_short_names, XAUTH_TYPE, XAUTH_ANSWER, HOME_AGENT_ADDRESS,
- "X_TYPE",
- "X_USER",
- "X_PWD",
- "X_CODE",
- "X_MSG",
- "X_CHALL",
- "X_DOMAIN",
- "X_STATUS",
- "X_PIN",
- "X_ANSWER");
-ENUM_NEXT(configuration_attribute_type_short_names, INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, XAUTH_ANSWER,
- "SRV",
- "SRV6");
-ENUM_NEXT(configuration_attribute_type_short_names, UNITY_BANNER, UNITY_DDNS_HOSTNAME, INTERNAL_IP6_SERVER,
- "U_BANNER",
- "U_SAVEPWD",
- "U_DEFDOM",
- "U_SPLITDNS",
- "U_SPLITINC",
- "U_NATTPORT",
- "U_LOCALLAN",
- "U_PFS",
- "U_FWTYPE",
- "U_BKPSRV",
- "U_DDNSHOST");
-ENUM_END(configuration_attribute_type_short_names, UNITY_DDNS_HOSTNAME);
diff --git a/src/libhydra/attributes/attributes.h b/src/libhydra/attributes/attributes.h
deleted file mode 100644
index 5d1e9f9ba..000000000
--- a/src/libhydra/attributes/attributes.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup attributes_g attributes
- * @{ @ingroup attributes
- */
-
-#ifndef ATTRIBUTES_H_
-#define ATTRIBUTES_H_
-
-typedef enum configuration_attribute_type_t configuration_attribute_type_t;
-
-#include <utils/utils.h>
-
-/**
- * Type of the attribute, as in IKEv2 RFC 3.15.1 or IKEv1 ModeConfig.
- */
-enum configuration_attribute_type_t {
- INTERNAL_IP4_ADDRESS = 1,
- INTERNAL_IP4_NETMASK = 2,
- INTERNAL_IP4_DNS = 3,
- INTERNAL_IP4_NBNS = 4,
- INTERNAL_ADDRESS_EXPIRY = 5,
- INTERNAL_IP4_DHCP = 6,
- APPLICATION_VERSION = 7,
- INTERNAL_IP6_ADDRESS = 8,
- INTERNAL_IP6_NETMASK = 9,
- INTERNAL_IP6_DNS = 10,
- INTERNAL_IP6_NBNS = 11,
- INTERNAL_IP6_DHCP = 12,
- INTERNAL_IP4_SUBNET = 13,
- SUPPORTED_ATTRIBUTES = 14,
- INTERNAL_IP6_SUBNET = 15,
- MIP6_HOME_PREFIX = 16,
- INTERNAL_IP6_LINK = 17,
- INTERNAL_IP6_PREFIX = 18,
- HOME_AGENT_ADDRESS = 19,
- /* XAUTH attributes */
- XAUTH_TYPE = 16520,
- XAUTH_USER_NAME = 16521,
- XAUTH_USER_PASSWORD = 16522,
- XAUTH_PASSCODE = 16523,
- XAUTH_MESSAGE = 16524,
- XAUTH_CHALLENGE = 16525,
- XAUTH_DOMAIN = 16526,
- XAUTH_STATUS = 16527,
- XAUTH_NEXT_PIN = 16528,
- XAUTH_ANSWER = 16529,
- /* proprietary Microsoft attributes */
- INTERNAL_IP4_SERVER = 23456,
- INTERNAL_IP6_SERVER = 23457,
- /* proprietary Cisco Unity attributes */
- UNITY_BANNER = 28672,
- UNITY_SAVE_PASSWD = 28673,
- UNITY_DEF_DOMAIN = 28674,
- UNITY_SPLITDNS_NAME = 28675,
- UNITY_SPLIT_INCLUDE = 28676,
- UNITY_NATT_PORT = 28677,
- UNITY_LOCAL_LAN = 28678,
- UNITY_PFS = 28679,
- UNITY_FW_TYPE = 28680,
- UNITY_BACKUP_SERVERS = 28681,
- UNITY_DDNS_HOSTNAME = 28682
-};
-
-/**
- * enum names for configuration_attribute_type_t.
- */
-extern enum_name_t *configuration_attribute_type_names;
-
-/**
- * Short enum names for configuration_attribute_type_t.
- */
-extern enum_name_t *configuration_attribute_type_short_names;
-
-
-#endif /** ATTRIBUTES_H_ @}*/
diff --git a/src/libhydra/attributes/mem_pool.c b/src/libhydra/attributes/mem_pool.c
deleted file mode 100644
index cc45e5629..000000000
--- a/src/libhydra/attributes/mem_pool.c
+++ /dev/null
@@ -1,649 +0,0 @@
-/*
- * Copyright (C) 2010 Tobias Brunner
- * Copyright (C) 2008-2010 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "mem_pool.h"
-
-#include <library.h>
-#include <hydra.h>
-#include <utils/debug.h>
-#include <collections/hashtable.h>
-#include <collections/array.h>
-#include <threading/mutex.h>
-
-#define POOL_LIMIT (sizeof(u_int)*8 - 1)
-
-typedef struct private_mem_pool_t private_mem_pool_t;
-
-/**
- * private data of mem_pool_t
- */
-struct private_mem_pool_t {
- /**
- * public interface
- */
- mem_pool_t public;
-
- /**
- * name of the pool
- */
- char *name;
-
- /**
- * base address of the pool
- */
- host_t *base;
-
- /**
- * size of the pool
- */
- u_int size;
-
- /**
- * next unused address
- */
- u_int unused;
-
- /**
- * lease hashtable [identity => entry]
- */
- hashtable_t *leases;
-
- /**
- * lock to safely access the pool
- */
- mutex_t *mutex;
-
- /**
- * Do we reassign online leases to the same identity, if requested?
- */
- bool reassign_online;
-};
-
-/**
- * Lease entry.
- */
-typedef struct {
- /* identitiy reference */
- identification_t *id;
- /* array of online leases, as u_int offset */
- array_t *online;
- /* array of offline leases, as u_int offset */
- array_t *offline;
-} entry_t;
-
-/**
- * Create a new entry
- */
-static entry_t* entry_create(identification_t *id)
-{
- entry_t *entry;
-
- INIT(entry,
- .id = id->clone(id),
- .online = array_create(sizeof(u_int), 0),
- .offline = array_create(sizeof(u_int), 0),
- );
- return entry;
-}
-
-/**
- * hashtable hash function for identities
- */
-static u_int id_hash(identification_t *id)
-{
- return chunk_hash(id->get_encoding(id));
-}
-
-/**
- * hashtable equals function for identities
- */
-static bool id_equals(identification_t *a, identification_t *b)
-{
- return a->equals(a, b);
-}
-
-/**
- * convert a pool offset to an address
- */
-static host_t* offset2host(private_mem_pool_t *pool, int offset)
-{
- chunk_t addr;
- host_t *host;
- u_int32_t *pos;
-
- offset--;
- if (offset > pool->size)
- {
- return NULL;
- }
-
- addr = chunk_clone(pool->base->get_address(pool->base));
- if (pool->base->get_family(pool->base) == AF_INET6)
- {
- pos = (u_int32_t*)(addr.ptr + 12);
- }
- else
- {
- pos = (u_int32_t*)addr.ptr;
- }
- *pos = htonl(offset + ntohl(*pos));
- host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0);
- free(addr.ptr);
- return host;
-}
-
-/**
- * convert a host to a pool offset
- */
-static int host2offset(private_mem_pool_t *pool, host_t *addr)
-{
- chunk_t host, base;
- u_int32_t hosti, basei;
-
- if (addr->get_family(addr) != pool->base->get_family(pool->base))
- {
- return -1;
- }
- host = addr->get_address(addr);
- base = pool->base->get_address(pool->base);
- if (addr->get_family(addr) == AF_INET6)
- {
- /* only look at last /32 block */
- if (!memeq(host.ptr, base.ptr, 12))
- {
- return -1;
- }
- host = chunk_skip(host, 12);
- base = chunk_skip(base, 12);
- }
- hosti = ntohl(*(u_int32_t*)(host.ptr));
- basei = ntohl(*(u_int32_t*)(base.ptr));
- if (hosti > basei + pool->size)
- {
- return -1;
- }
- return hosti - basei + 1;
-}
-
-METHOD(mem_pool_t, get_name, const char*,
- private_mem_pool_t *this)
-{
- return this->name;
-}
-
-METHOD(mem_pool_t, get_base, host_t*,
- private_mem_pool_t *this)
-{
- return this->base;
-}
-
-METHOD(mem_pool_t, get_size, u_int,
- private_mem_pool_t *this)
-{
- return this->size;
-}
-
-METHOD(mem_pool_t, get_online, u_int,
- private_mem_pool_t *this)
-{
- enumerator_t *enumerator;
- entry_t *entry;
- u_int count = 0;
-
- this->mutex->lock(this->mutex);
- enumerator = this->leases->create_enumerator(this->leases);
- while (enumerator->enumerate(enumerator, NULL, &entry))
- {
- count += array_count(entry->online);
- }
- enumerator->destroy(enumerator);
- this->mutex->unlock(this->mutex);
-
- return count;
-}
-
-METHOD(mem_pool_t, get_offline, u_int,
- private_mem_pool_t *this)
-{
- enumerator_t *enumerator;
- entry_t *entry;
- u_int count = 0;
-
- this->mutex->lock(this->mutex);
- enumerator = this->leases->create_enumerator(this->leases);
- while (enumerator->enumerate(enumerator, NULL, &entry))
- {
- count += array_count(entry->offline);
- }
- enumerator->destroy(enumerator);
- this->mutex->unlock(this->mutex);
-
- return count;
-}
-
-/**
- * Get an existing lease for id
- */
-static int get_existing(private_mem_pool_t *this, identification_t *id,
- host_t *requested)
-{
- enumerator_t *enumerator;
- u_int *current;
- entry_t *entry;
- int offset = 0;
-
- entry = this->leases->get(this->leases, id);
- if (!entry)
- {
- return 0;
- }
-
- /* check for a valid offline lease, refresh */
- enumerator = array_create_enumerator(entry->offline);
- if (enumerator->enumerate(enumerator, &current))
- {
- offset = *current;
- array_insert(entry->online, ARRAY_TAIL, current);
- array_remove_at(entry->offline, enumerator);
- }
- enumerator->destroy(enumerator);
- if (offset)
- {
- DBG1(DBG_CFG, "reassigning offline lease to '%Y'", id);
- return offset;
- }
- if (!this->reassign_online)
- {
- return 0;
- }
- /* check for a valid online lease to reassign */
- enumerator = array_create_enumerator(entry->online);
- while (enumerator->enumerate(enumerator, &current))
- {
- if (*current == host2offset(this, requested))
- {
- offset = *current;
- /* add an additional "online" entry */
- array_insert(entry->online, ARRAY_TAIL, current);
- break;
- }
- }
- enumerator->destroy(enumerator);
- if (offset)
- {
- DBG1(DBG_CFG, "reassigning online lease to '%Y'", id);
- }
- return offset;
-}
-
-/**
- * Get a new lease for id
- */
-static int get_new(private_mem_pool_t *this, identification_t *id)
-{
- entry_t *entry;
- u_int offset = 0;
-
- if (this->unused < this->size)
- {
- entry = this->leases->get(this->leases, id);
- if (!entry)
- {
- entry = entry_create(id);
- this->leases->put(this->leases, entry->id, entry);
- }
- /* assigning offset, starting by 1 */
- offset = ++this->unused;
- array_insert(entry->online, ARRAY_TAIL, &offset);
- DBG1(DBG_CFG, "assigning new lease to '%Y'", id);
- }
- return offset;
-}
-
-/**
- * Get a reassigned lease for id in case the pool is full
- */
-static int get_reassigned(private_mem_pool_t *this, identification_t *id)
-{
- enumerator_t *enumerator;
- entry_t *entry;
- u_int current, offset = 0;
-
- enumerator = this->leases->create_enumerator(this->leases);
- while (enumerator->enumerate(enumerator, NULL, &entry))
- {
- if (array_remove(entry->offline, ARRAY_HEAD, &current))
- {
- offset = current;
- DBG1(DBG_CFG, "reassigning existing offline lease by '%Y'"
- " to '%Y'", entry->id, id);
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- if (offset)
- {
- entry = entry_create(id);
- array_insert(entry->online, ARRAY_TAIL, &offset);
- this->leases->put(this->leases, entry->id, entry);
- }
- return offset;
-}
-
-METHOD(mem_pool_t, acquire_address, host_t*,
- private_mem_pool_t *this, identification_t *id, host_t *requested,
- mem_pool_op_t operation)
-{
- int offset = 0;
-
- /* if the pool is empty (e.g. in the %config case) we simply return the
- * requested address */
- if (this->size == 0)
- {
- return requested->clone(requested);
- }
-
- if (requested->get_family(requested) !=
- this->base->get_family(this->base))
- {
- return NULL;
- }
-
- this->mutex->lock(this->mutex);
- switch (operation)
- {
- case MEM_POOL_EXISTING:
- offset = get_existing(this, id, requested);
- break;
- case MEM_POOL_NEW:
- offset = get_new(this, id);
- break;
- case MEM_POOL_REASSIGN:
- offset = get_reassigned(this, id);
- if (!offset)
- {
- DBG1(DBG_CFG, "pool '%s' is full, unable to assign address",
- this->name);
- }
- break;
- default:
- break;
- }
- this->mutex->unlock(this->mutex);
-
- if (offset)
- {
- return offset2host(this, offset);
- }
- return NULL;
-}
-
-METHOD(mem_pool_t, release_address, bool,
- private_mem_pool_t *this, host_t *address, identification_t *id)
-{
- enumerator_t *enumerator;
- bool found = FALSE, more = FALSE;
- entry_t *entry;
- u_int offset, *current;
-
- if (this->size != 0)
- {
- this->mutex->lock(this->mutex);
- entry = this->leases->get(this->leases, id);
- if (entry)
- {
- offset = host2offset(this, address);
-
- enumerator = array_create_enumerator(entry->online);
- while (enumerator->enumerate(enumerator, &current))
- {
- if (*current == offset)
- {
- if (!found)
- { /* remove the first entry only */
- array_remove_at(entry->online, enumerator);
- found = TRUE;
- }
- else
- { /* but check for more entries */
- more = TRUE;
- break;
- }
- }
- }
- enumerator->destroy(enumerator);
-
- if (found && !more)
- {
- /* no tunnels are online anymore for this lease, make offline */
- array_insert(entry->offline, ARRAY_TAIL, &offset);
- DBG1(DBG_CFG, "lease %H by '%Y' went offline", address, id);
- }
- }
- this->mutex->unlock(this->mutex);
- }
- return found;
-}
-
-/**
- * lease enumerator
- */
-typedef struct {
- /** implemented enumerator interface */
- enumerator_t public;
- /** hash-table enumerator */
- enumerator_t *entries;
- /** online enumerator */
- enumerator_t *online;
- /** offline enumerator */
- enumerator_t *offline;
- /** enumerated pool */
- private_mem_pool_t *pool;
- /** currently enumerated entry */
- entry_t *entry;
- /** currently enumerated lease address */
- host_t *addr;
-} lease_enumerator_t;
-
-METHOD(enumerator_t, lease_enumerate, bool,
- lease_enumerator_t *this, identification_t **id, host_t **addr, bool *online)
-{
- u_int *offset;
-
- DESTROY_IF(this->addr);
- this->addr = NULL;
-
- while (TRUE)
- {
- if (this->entry)
- {
- if (this->online->enumerate(this->online, &offset))
- {
- *id = this->entry->id;
- *addr = this->addr = offset2host(this->pool, *offset);
- *online = TRUE;
- return TRUE;
- }
- if (this->offline->enumerate(this->offline, &offset))
- {
- *id = this->entry->id;
- *addr = this->addr = offset2host(this->pool, *offset);
- *online = FALSE;
- return TRUE;
- }
- this->online->destroy(this->online);
- this->offline->destroy(this->offline);
- this->online = this->offline = NULL;
- }
- if (!this->entries->enumerate(this->entries, NULL, &this->entry))
- {
- return FALSE;
- }
- this->online = array_create_enumerator(this->entry->online);
- this->offline = array_create_enumerator(this->entry->offline);
- }
-}
-
-METHOD(enumerator_t, lease_enumerator_destroy, void,
- lease_enumerator_t *this)
-{
- DESTROY_IF(this->addr);
- DESTROY_IF(this->online);
- DESTROY_IF(this->offline);
- this->entries->destroy(this->entries);
- this->pool->mutex->unlock(this->pool->mutex);
- free(this);
-}
-
-METHOD(mem_pool_t, create_lease_enumerator, enumerator_t*,
- private_mem_pool_t *this)
-{
- lease_enumerator_t *enumerator;
-
- this->mutex->lock(this->mutex);
- INIT(enumerator,
- .public = {
- .enumerate = (void*)_lease_enumerate,
- .destroy = _lease_enumerator_destroy,
- },
- .pool = this,
- .entries = this->leases->create_enumerator(this->leases),
- );
- return &enumerator->public;
-}
-
-METHOD(mem_pool_t, destroy, void,
- private_mem_pool_t *this)
-{
- enumerator_t *enumerator;
- entry_t *entry;
-
- enumerator = this->leases->create_enumerator(this->leases);
- while (enumerator->enumerate(enumerator, NULL, &entry))
- {
- entry->id->destroy(entry->id);
- array_destroy(entry->online);
- array_destroy(entry->offline);
- free(entry);
- }
- enumerator->destroy(enumerator);
-
- this->leases->destroy(this->leases);
- this->mutex->destroy(this->mutex);
- DESTROY_IF(this->base);
- free(this->name);
- free(this);
-}
-
-/**
- * Generic constructor
- */
-static private_mem_pool_t *create_generic(char *name)
-{
- private_mem_pool_t *this;
-
- INIT(this,
- .public = {
- .get_name = _get_name,
- .get_base = _get_base,
- .get_size = _get_size,
- .get_online = _get_online,
- .get_offline = _get_offline,
- .acquire_address = _acquire_address,
- .release_address = _release_address,
- .create_lease_enumerator = _create_lease_enumerator,
- .destroy = _destroy,
- },
- .name = strdup(name),
- .leases = hashtable_create((hashtable_hash_t)id_hash,
- (hashtable_equals_t)id_equals, 16),
- .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
- .reassign_online = lib->settings->get_bool(lib->settings,
- "%s.mem-pool.reassign_online", FALSE, lib->ns),
- );
-
- return this;
-}
-
-/**
- * Described in header
- */
-mem_pool_t *mem_pool_create(char *name, host_t *base, int bits)
-{
- private_mem_pool_t *this;
- int addr_bits;
-
- this = create_generic(name);
- if (base)
- {
- addr_bits = base->get_family(base) == AF_INET ? 32 : 128;
- bits = max(0, min(bits, base->get_family(base) == AF_INET ? 32 : 128));
- /* net bits -> host bits */
- bits = addr_bits - bits;
- if (bits > POOL_LIMIT)
- {
- bits = POOL_LIMIT;
- DBG1(DBG_CFG, "virtual IP pool too large, limiting to %H/%d",
- base, addr_bits - bits);
- }
- this->size = 1 << bits;
-
- if (this->size > 2)
- { /* do not use first and last addresses of a block */
- this->unused++;
- this->size -= 2;
- }
- this->base = base->clone(base);
- }
-
- return &this->public;
-}
-
-/**
- * Described in header
- */
-mem_pool_t *mem_pool_create_range(char *name, host_t *from, host_t *to)
-{
- private_mem_pool_t *this;
- chunk_t fromaddr, toaddr;
- u_int32_t diff;
-
- fromaddr = from->get_address(from);
- toaddr = to->get_address(to);
-
- if (from->get_family(from) != to->get_family(to) ||
- fromaddr.len != toaddr.len || fromaddr.len < sizeof(diff) ||
- memcmp(fromaddr.ptr, toaddr.ptr, toaddr.len) > 0)
- {
- DBG1(DBG_CFG, "invalid IP address range: %H-%H", from, to);
- return NULL;
- }
- if (fromaddr.len > sizeof(diff) &&
- !chunk_equals(chunk_create(fromaddr.ptr, fromaddr.len - sizeof(diff)),
- chunk_create(toaddr.ptr, toaddr.len - sizeof(diff))))
- {
- DBG1(DBG_CFG, "IP address range too large: %H-%H", from, to);
- return NULL;
- }
- this = create_generic(name);
- this->base = from->clone(from);
- diff = untoh32(toaddr.ptr + toaddr.len - sizeof(diff)) -
- untoh32(fromaddr.ptr + fromaddr.len - sizeof(diff));
- this->size = diff + 1;
-
- return &this->public;
-}
diff --git a/src/libhydra/attributes/mem_pool.h b/src/libhydra/attributes/mem_pool.h
deleted file mode 100644
index 7347bb547..000000000
--- a/src/libhydra/attributes/mem_pool.h
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup mem_pool mem_pool
- * @{ @ingroup attributes
- */
-
-#ifndef MEM_POOL_H
-#define MEM_POOL_H
-
-typedef struct mem_pool_t mem_pool_t;
-typedef enum mem_pool_op_t mem_pool_op_t;
-
-#include <networking/host.h>
-#include <utils/identification.h>
-
-/**
- * In-memory IP pool acquire operation.
- */
-enum mem_pool_op_t {
- /** Check for an exsiting lease */
- MEM_POOL_EXISTING,
- /** Get a new lease */
- MEM_POOL_NEW,
- /** Replace an existing offline lease of another ID */
- MEM_POOL_REASSIGN,
-};
-
-/**
- * An in-memory IP address pool.
- */
-struct mem_pool_t {
-
- /**
- * Get the name of this pool.
- *
- * @return the name of this pool
- */
- const char* (*get_name)(mem_pool_t *this);
-
- /**
- * Get the base (first) address of this pool.
- *
- * @return base address, internal host
- */
- host_t* (*get_base)(mem_pool_t *this);
-
- /**
- * Get the size (i.e. number of addresses) of this pool.
- *
- * @return the size of this pool
- */
- u_int (*get_size)(mem_pool_t *this);
-
- /**
- * Get the number of online leases.
- *
- * @return the number of offline leases
- */
- u_int (*get_online)(mem_pool_t *this);
-
- /**
- * Get the number of offline leases.
- *
- * @return the number of online leases
- */
- u_int (*get_offline)(mem_pool_t *this);
-
- /**
- * Acquire an address for the given id from this pool.
- *
- * This call is usually invoked several times: The first time to find an
- * existing lease (MEM_POOL_EXISTING), if none found a second time to
- * acquire a new lease (MEM_POOL_NEW), and if the pool is full once again
- * to assign an existing offline lease (MEM_POOL_REASSIGN).
- *
- * @param id the id to acquire an address for
- * @param requested acquire this address, if possible
- * @param operation acquire operation to perform, see above
- * @return the acquired address
- */
- host_t* (*acquire_address)(mem_pool_t *this, identification_t *id,
- host_t *requested, mem_pool_op_t operation);
-
- /**
- * Release a previously acquired address.
- *
- * @param address the address to release
- * @param id the id the address was assigned to
- * @return TRUE, if the lease was found
- */
- bool (*release_address)(mem_pool_t *this, host_t *address,
- identification_t *id);
-
- /**
- * Create an enumerator over the leases of this pool.
- *
- * Enumerator enumerates over
- * identification_t *id, host_t *address, bool online
- *
- * @return enumerator
- */
- enumerator_t* (*create_lease_enumerator)(mem_pool_t *this);
-
- /**
- * Destroy a mem_pool_t instance.
- */
- void (*destroy)(mem_pool_t *this);
-};
-
-/**
- * Create an in-memory IP address pool.
- *
- * An empty pool just returns the requested address.
- *
- * @param name name of this pool
- * @param base base address of this pool, NULL to create an empty pool
- * @param bits number of non-network bits in base, as in CIDR notation
- * @return memory pool instance
- */
-mem_pool_t *mem_pool_create(char *name, host_t *base, int bits);
-
-/**
- * Create an in-memory IP address from a range.
- *
- * @param name name of this pool
- * @param from start of ranged pool
- * @param to end of ranged pool
- * @return memory pool instance, NULL if range invalid
- */
-mem_pool_t *mem_pool_create_range(char *name, host_t *from, host_t *to);
-
-#endif /** MEM_POOL_H_ @} */
diff --git a/src/libhydra/hydra.c b/src/libhydra/hydra.c
index 1b5065081..47ffb59c6 100644
--- a/src/libhydra/hydra.c
+++ b/src/libhydra/hydra.c
@@ -57,7 +57,6 @@ void libhydra_deinit()
return;
}
- this->public.attributes->destroy(this->public.attributes);
this->public.kernel_interface->destroy(this->public.kernel_interface);
free(this);
hydra = NULL;
@@ -78,9 +77,6 @@ bool libhydra_init()
}
INIT(this,
- .public = {
- .attributes = attribute_manager_create(),
- },
.ref = 1,
);
hydra = &this->public;
diff --git a/src/libhydra/hydra.h b/src/libhydra/hydra.h
index 94209ff59..b23a30584 100644
--- a/src/libhydra/hydra.h
+++ b/src/libhydra/hydra.h
@@ -16,9 +16,6 @@
/**
* @defgroup libhydra libhydra
*
- * @defgroup attributes attributes
- * @ingroup libhydra
- *
* @defgroup hkernel kernel
* @ingroup libhydra
*
@@ -34,7 +31,6 @@
typedef struct hydra_t hydra_t;
-#include <attributes/attribute_manager.h>
#include <kernel/kernel_interface.h>
#include <library.h>
@@ -45,11 +41,6 @@ typedef struct hydra_t hydra_t;
struct hydra_t {
/**
- * manager for payload attributes
- */
- attribute_manager_t *attributes;
-
- /**
* kernel interface to communicate with kernel
*/
kernel_interface_t *kernel_interface;
diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c
index 3fa28e054..ce31bd410 100644
--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@@ -43,6 +43,8 @@
#include <utils/debug.h>
#include <threading/mutex.h>
#include <collections/linked_list.h>
+#include <collections/hashtable.h>
+#include <collections/array.h>
typedef struct private_kernel_interface_t private_kernel_interface_t;
@@ -115,6 +117,16 @@ struct private_kernel_interface_t {
linked_list_t *listeners;
/**
+ * Reqid entries indexed by reqids
+ */
+ hashtable_t *reqids;
+
+ /**
+ * Reqid entries indexed by traffic selectors
+ */
+ hashtable_t *reqids_by_ts;
+
+ /**
* mutex for algorithm mappings
*/
mutex_t *mutex_algs;
@@ -155,24 +167,252 @@ METHOD(kernel_interface_t, get_features, kernel_feature_t,
METHOD(kernel_interface_t, get_spi, status_t,
private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
+ u_int8_t protocol, u_int32_t *spi)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->get_spi(this->ipsec, src, dst, protocol, reqid, spi);
+ return this->ipsec->get_spi(this->ipsec, src, dst, protocol, spi);
}
METHOD(kernel_interface_t, get_cpi, status_t,
private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t reqid, u_int16_t *cpi)
+ u_int16_t *cpi)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->get_cpi(this->ipsec, src, dst, reqid, cpi);
+ return this->ipsec->get_cpi(this->ipsec, src, dst, cpi);
+}
+
+/**
+ * Reqid mapping entry
+ */
+typedef struct {
+ /** allocated reqid */
+ u_int32_t reqid;
+ /** references to this entry */
+ u_int refs;
+ /** inbound mark used for SA */
+ mark_t mark_in;
+ /** outbound mark used for SA */
+ mark_t mark_out;
+ /** local traffic selectors */
+ array_t *local;
+ /** remote traffic selectors */
+ array_t *remote;
+} reqid_entry_t;
+
+/**
+ * Destroy a reqid mapping entry
+ */
+static void reqid_entry_destroy(reqid_entry_t *entry)
+{
+ array_destroy_offset(entry->local, offsetof(traffic_selector_t, destroy));
+ array_destroy_offset(entry->remote, offsetof(traffic_selector_t, destroy));
+ free(entry);
+}
+
+/**
+ * Hashtable hash function for reqid entries using reqid as key
+ */
+static u_int hash_reqid(reqid_entry_t *entry)
+{
+ return chunk_hash_inc(chunk_from_thing(entry->reqid),
+ chunk_hash_inc(chunk_from_thing(entry->mark_in),
+ chunk_hash(chunk_from_thing(entry->mark_out))));
+}
+
+/**
+ * Hashtable equals function for reqid entries using reqid as key
+ */
+static bool equals_reqid(reqid_entry_t *a, reqid_entry_t *b)
+{
+ return a->reqid == b->reqid &&
+ a->mark_in.value == b->mark_in.value &&
+ a->mark_in.mask == b->mark_in.mask &&
+ a->mark_out.value == b->mark_out.value &&
+ a->mark_out.mask == b->mark_out.mask;
+}
+
+/**
+ * Hash an array of traffic selectors
+ */
+static u_int hash_ts_array(array_t *array, u_int hash)
+{
+ enumerator_t *enumerator;
+ traffic_selector_t *ts;
+
+ enumerator = array_create_enumerator(array);
+ while (enumerator->enumerate(enumerator, &ts))
+ {
+ hash = ts->hash(ts, hash);
+ }
+ enumerator->destroy(enumerator);
+
+ return hash;
+}
+
+/**
+ * Hashtable hash function for reqid entries using traffic selectors as key
+ */
+static u_int hash_reqid_by_ts(reqid_entry_t *entry)
+{
+ return hash_ts_array(entry->local, hash_ts_array(entry->remote,
+ chunk_hash_inc(chunk_from_thing(entry->mark_in),
+ chunk_hash(chunk_from_thing(entry->mark_out)))));
+}
+
+/**
+ * Compare two array with traffic selectors for equality
+ */
+static bool ts_array_equals(array_t *a, array_t *b)
+{
+ traffic_selector_t *tsa, *tsb;
+ enumerator_t *ae, *be;
+ bool equal = TRUE;
+
+ if (array_count(a) != array_count(b))
+ {
+ return FALSE;
+ }
+
+ ae = array_create_enumerator(a);
+ be = array_create_enumerator(b);
+ while (equal && ae->enumerate(ae, &tsa) && be->enumerate(be, &tsb))
+ {
+ equal = tsa->equals(tsa, tsb);
+ }
+ ae->destroy(ae);
+ be->destroy(be);
+
+ return equal;
+}
+
+/**
+ * Hashtable equals function for reqid entries using traffic selectors as key
+ */
+static bool equals_reqid_by_ts(reqid_entry_t *a, reqid_entry_t *b)
+{
+ return ts_array_equals(a->local, b->local) &&
+ ts_array_equals(a->remote, b->remote) &&
+ a->mark_in.value == b->mark_in.value &&
+ a->mark_in.mask == b->mark_in.mask &&
+ a->mark_out.value == b->mark_out.value &&
+ a->mark_out.mask == b->mark_out.mask;
+}
+
+/**
+ * Create an array from copied traffic selector list items
+ */
+static array_t *array_from_ts_list(linked_list_t *list)
+{
+ enumerator_t *enumerator;
+ traffic_selector_t *ts;
+ array_t *array;
+
+ array = array_create(0, 0);
+
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &ts))
+ {
+ array_insert(array, ARRAY_TAIL, ts->clone(ts));
+ }
+ enumerator->destroy(enumerator);
+
+ return array;
+}
+
+METHOD(kernel_interface_t, alloc_reqid, status_t,
+ private_kernel_interface_t *this,
+ linked_list_t *local_ts, linked_list_t *remote_ts,
+ mark_t mark_in, mark_t mark_out, u_int32_t *reqid)
+{
+ static u_int32_t counter = 0;
+ reqid_entry_t *entry = NULL, *tmpl;
+ status_t status = SUCCESS;
+
+ INIT(tmpl,
+ .local = array_from_ts_list(local_ts),
+ .remote = array_from_ts_list(remote_ts),
+ .mark_in = mark_in,
+ .mark_out = mark_out,
+ .reqid = *reqid,
+ );
+
+ this->mutex->lock(this->mutex);
+ if (tmpl->reqid)
+ {
+ /* search by reqid if given */
+ entry = this->reqids->get(this->reqids, tmpl);
+ }
+ if (entry)
+ {
+ /* we don't require a traffic selector match for explicit reqids,
+ * as we wan't to reuse a reqid for trap-triggered policies that
+ * got narrowed during negotiation. */
+ reqid_entry_destroy(tmpl);
+ }
+ else
+ {
+ /* search by traffic selectors */
+ entry = this->reqids_by_ts->get(this->reqids_by_ts, tmpl);
+ if (entry)
+ {
+ reqid_entry_destroy(tmpl);
+ }
+ else
+ {
+ /* none found, create a new entry, allocating a reqid */
+ entry = tmpl;
+ entry->reqid = ++counter;
+ this->reqids_by_ts->put(this->reqids_by_ts, entry, entry);
+ this->reqids->put(this->reqids, entry, entry);
+ }
+ *reqid = entry->reqid;
+ }
+ entry->refs++;
+ this->mutex->unlock(this->mutex);
+
+ return status;
+}
+
+METHOD(kernel_interface_t, release_reqid, status_t,
+ private_kernel_interface_t *this, u_int32_t reqid,
+ mark_t mark_in, mark_t mark_out)
+{
+ reqid_entry_t *entry, tmpl = {
+ .reqid = reqid,
+ .mark_in = mark_in,
+ .mark_out = mark_out,
+ };
+
+ this->mutex->lock(this->mutex);
+ entry = this->reqids->remove(this->reqids, &tmpl);
+ if (entry)
+ {
+ if (--entry->refs == 0)
+ {
+ entry = this->reqids_by_ts->remove(this->reqids_by_ts, entry);
+ if (entry)
+ {
+ reqid_entry_destroy(entry);
+ }
+ }
+ else
+ {
+ this->reqids->put(this->reqids, entry, entry);
+ }
+ }
+ this->mutex->unlock(this->mutex);
+
+ if (entry)
+ {
+ return SUCCESS;
+ }
+ return NOT_FOUND;
}
METHOD(kernel_interface_t, add_sa, status_t,
@@ -181,8 +421,8 @@ METHOD(kernel_interface_t, add_sa, status_t,
u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
+ bool initiator, bool encap, bool esn, bool inbound, bool update,
+ linked_list_t *src_ts, linked_list_t *dst_ts)
{
if (!this->ipsec)
{
@@ -191,7 +431,7 @@ METHOD(kernel_interface_t, add_sa, status_t,
return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode,
ipcomp, cpi, replay_window, initiator, encap, esn, inbound,
- src_ts, dst_ts);
+ update, src_ts, dst_ts);
}
METHOD(kernel_interface_t, update_sa, status_t,
@@ -575,17 +815,18 @@ METHOD(kernel_interface_t, acquire, void,
}
METHOD(kernel_interface_t, expire, void,
- private_kernel_interface_t *this, u_int32_t reqid, u_int8_t protocol,
- u_int32_t spi, bool hard)
+ private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ host_t *dst, bool hard)
{
kernel_listener_t *listener;
enumerator_t *enumerator;
+
this->mutex->lock(this->mutex);
enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &listener))
{
if (listener->expire &&
- !listener->expire(listener, reqid, protocol, spi, hard))
+ !listener->expire(listener, protocol, spi, dst, hard))
{
this->listeners->remove_at(this->listeners, enumerator);
}
@@ -595,17 +836,18 @@ METHOD(kernel_interface_t, expire, void,
}
METHOD(kernel_interface_t, mapping, void,
- private_kernel_interface_t *this, u_int32_t reqid, u_int32_t spi,
- host_t *remote)
+ private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ host_t *dst, host_t *remote)
{
kernel_listener_t *listener;
enumerator_t *enumerator;
+
this->mutex->lock(this->mutex);
enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &listener))
{
if (listener->mapping &&
- !listener->mapping(listener, reqid, spi, remote))
+ !listener->mapping(listener, protocol, spi, dst, remote))
{
this->listeners->remove_at(this->listeners, enumerator);
}
@@ -733,6 +975,8 @@ METHOD(kernel_interface_t, destroy, void,
DESTROY_IF(this->ipsec);
DESTROY_IF(this->net);
DESTROY_FUNCTION_IF(this->ifaces_filter, (void*)free);
+ this->reqids->destroy(this->reqids);
+ this->reqids_by_ts->destroy(this->reqids_by_ts);
this->listeners->destroy(this->listeners);
this->mutex->destroy(this->mutex);
free(this);
@@ -751,6 +995,8 @@ kernel_interface_t *kernel_interface_create()
.get_features = _get_features,
.get_spi = _get_spi,
.get_cpi = _get_cpi,
+ .alloc_reqid = _alloc_reqid,
+ .release_reqid = _release_reqid,
.add_sa = _add_sa,
.update_sa = _update_sa,
.query_sa = _query_sa,
@@ -795,6 +1041,10 @@ kernel_interface_t *kernel_interface_create()
.listeners = linked_list_create(),
.mutex_algs = mutex_create(MUTEX_TYPE_DEFAULT),
.algorithms = linked_list_create(),
+ .reqids = hashtable_create((hashtable_hash_t)hash_reqid,
+ (hashtable_equals_t)equals_reqid, 8),
+ .reqids_by_ts = hashtable_create((hashtable_hash_t)hash_reqid_by_ts,
+ (hashtable_equals_t)equals_reqid_by_ts, 8),
);
ifaces = lib->settings->get_str(lib->settings,
diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h
index cd550383c..96ce9e26d 100644
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -104,39 +104,67 @@ struct kernel_interface_t {
* @param src source address of SA
* @param dst destination address of SA
* @param protocol protocol for SA (ESP/AH)
- * @param reqid unique ID for this SA
* @param spi allocated spi
- * @return SUCCESS if operation completed
+ * @return SUCCESS if operation completed
*/
status_t (*get_spi)(kernel_interface_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t reqid, u_int32_t *spi);
+ u_int8_t protocol, u_int32_t *spi);
/**
* Get a Compression Parameter Index (CPI) from the kernel.
*
* @param src source address of SA
* @param dst destination address of SA
- * @param reqid unique ID for the corresponding SA
* @param cpi allocated cpi
- * @return SUCCESS if operation completed
+ * @return SUCCESS if operation completed
*/
status_t (*get_cpi)(kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t reqid, u_int16_t *cpi);
+ u_int16_t *cpi);
+
+ /**
+ * Allocate or confirm a reqid to use for a given SA pair.
+ *
+ * Each returned reqid by a successful call to alloc_reqid() must be
+ * released using release_reqid().
+ *
+ * The reqid parameter is an in/out parameter. If it points to non-zero,
+ * the reqid is confirmed and registered for use. If it points to zero,
+ * a reqid is allocated for the given selectors, and returned to reqid.
+ *
+ * @param local_ts traffic selectors of local side for SA
+ * @param remote_ts traffic selectors of remote side for SA
+ * @param mark_in inbound mark on SA
+ * @param mark_out outbound mark on SA
+ * @param reqid allocated reqid
+ * @return SUCCESS if reqid allocated
+ */
+ status_t (*alloc_reqid)(kernel_interface_t *this,
+ linked_list_t *local_ts, linked_list_t *remote_ts,
+ mark_t mark_in, mark_t mark_out,
+ u_int32_t *reqid);
+
+ /**
+ * Release a previously allocated reqid.
+ *
+ * @param reqid reqid to release
+ * @param mark_in inbound mark on SA
+ * @param mark_out outbound mark on SA
+ * @return SUCCESS if reqid released
+ */
+ status_t (*release_reqid)(kernel_interface_t *this, u_int32_t reqid,
+ mark_t mark_in, mark_t mark_out);
/**
* Add an SA to the SAD.
*
- * add_sa() may update an already allocated
- * SPI (via get_spi). In this case, the replace
- * flag must be set.
- * This function does install a single SA for a
- * single protocol in one direction.
+ * This function does install a single SA for a single protocol in one
+ * direction.
*
* @param src source address for this SA
* @param dst destination address for this SA
* @param spi SPI allocated by us or remote peer
* @param protocol protocol for this SA (ESP/AH)
- * @param reqid unique ID for this SA
+ * @param reqid reqid for this SA
* @param mark optional mark for this SA
* @param tfc Traffic Flow Confidentiality padding for this SA
* @param lifetime lifetime_cfg_t for this SA
@@ -152,8 +180,9 @@ struct kernel_interface_t {
* @param encap enable UDP encapsulation for NAT traversal
* @param esn TRUE to use Extended Sequence Numbers
* @param inbound TRUE if this is an inbound SA
- * @param src_ts traffic selector with BEET source address
- * @param dst_ts traffic selector with BEET destination address
+ * @param update TRUE if an SPI has already been allocated for SA
+ * @param src_ts list of source traffic selectors
+ * @param dst_ts list of destination traffic selectors
* @return SUCCESS if operation completed
*/
status_t (*add_sa) (kernel_interface_t *this,
@@ -163,9 +192,9 @@ struct kernel_interface_t {
u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key,
ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
+ u_int32_t replay_window, bool initiator, bool encap,
+ bool esn, bool inbound, bool update,
+ linked_list_t *src_ts, linked_list_t *dst_ts);
/**
* Update the hosts on an installed SA.
@@ -531,23 +560,24 @@ struct kernel_interface_t {
/**
* Raise an expire event.
*
- * @param reqid reqid of the expired SA
* @param protocol protocol of the expired SA
* @param spi spi of the expired SA
+ * @param dst destination address of expired SA
* @param hard TRUE if it is a hard expire, FALSE otherwise
*/
- void (*expire)(kernel_interface_t *this, u_int32_t reqid,
- u_int8_t protocol, u_int32_t spi, bool hard);
+ void (*expire)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ host_t *dst, bool hard);
/**
* Raise a mapping event.
*
- * @param reqid reqid of the SA
+ * @param protocol protocol of affected SA
* @param spi spi of the SA
+ * @param dst original destination address of SA
* @param remote new remote host
*/
- void (*mapping)(kernel_interface_t *this, u_int32_t reqid, u_int32_t spi,
- host_t *remote);
+ void (*mapping)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ host_t *dst, host_t *remote);
/**
* Raise a migrate event.
diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h
index eec7401e9..19caaa400 100644
--- a/src/libhydra/kernel/kernel_ipsec.h
+++ b/src/libhydra/kernel/kernel_ipsec.h
@@ -58,33 +58,28 @@ struct kernel_ipsec_t {
* @param src source address of SA
* @param dst destination address of SA
* @param protocol protocol for SA (ESP/AH)
- * @param reqid unique ID for this SA
* @param spi allocated spi
- * @return SUCCESS if operation completed
+ * @return SUCCESS if operation completed
*/
status_t (*get_spi)(kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t reqid, u_int32_t *spi);
+ u_int8_t protocol, u_int32_t *spi);
/**
* Get a Compression Parameter Index (CPI) from the kernel.
*
* @param src source address of SA
* @param dst destination address of SA
- * @param reqid unique ID for the corresponding SA
* @param cpi allocated cpi
- * @return SUCCESS if operation completed
+ * @return SUCCESS if operation completed
*/
status_t (*get_cpi)(kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t reqid, u_int16_t *cpi);
+ u_int16_t *cpi);
/**
* Add an SA to the SAD.
*
- * add_sa() may update an already allocated
- * SPI (via get_spi). In this case, the replace
- * flag must be set.
- * This function does install a single SA for a
- * single protocol in one direction.
+ * This function does install a single SA for a single protocol in one
+ * direction.
*
* @param src source address for this SA
* @param dst destination address for this SA
@@ -106,8 +101,9 @@ struct kernel_ipsec_t {
* @param encap enable UDP encapsulation for NAT traversal
* @param esn TRUE to use Extended Sequence Numbers
* @param inbound TRUE if this is an inbound SA
- * @param src_ts traffic selector with BEET source address
- * @param dst_ts traffic selector with BEET destination address
+ * @param update TRUE if an SPI has already been allocated for SA
+ * @param src_ts list of source traffic selectors
+ * @param dst_ts list of destination traffic selectors
* @return SUCCESS if operation completed
*/
status_t (*add_sa) (kernel_ipsec_t *this,
@@ -117,9 +113,9 @@ struct kernel_ipsec_t {
u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key,
ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
+ u_int32_t replay_window, bool initiator, bool encap,
+ bool esn, bool inbound, bool update,
+ linked_list_t *src_ts, linked_list_t *dst_ts);
/**
* Update the hosts on an installed SA.
diff --git a/src/libhydra/kernel/kernel_listener.h b/src/libhydra/kernel/kernel_listener.h
index 4382a43fd..8074356a4 100644
--- a/src/libhydra/kernel/kernel_listener.h
+++ b/src/libhydra/kernel/kernel_listener.h
@@ -49,25 +49,26 @@ struct kernel_listener_t {
/**
* Hook called if an exire event for an IPsec SA is received.
*
- * @param reqid reqid of the expired SA
* @param protocol protocol of the expired SA
* @param spi spi of the expired SA
+ * @param dst destination address of expired SA
* @param hard TRUE if it is a hard expire, FALSE otherwise
* @return TRUE to remain registered, FALSE to unregister
*/
- bool (*expire)(kernel_listener_t *this, u_int32_t reqid,
- u_int8_t protocol, u_int32_t spi, bool hard);
+ bool (*expire)(kernel_listener_t *this, u_int8_t protocol, u_int32_t spi,
+ host_t *dst, bool hard);
/**
* Hook called if the NAT mappings of an IPsec SA changed.
*
- * @param reqid reqid of the SA
+ * @param protocol IPsec protocol of affected SA
* @param spi spi of the SA
+ * @param dst old destinatino address of SA
* @param remote new remote host
* @return TRUE to remain registered, FALSE to unregister
*/
- bool (*mapping)(kernel_listener_t *this, u_int32_t reqid, u_int32_t spi,
- host_t *remote);
+ bool (*mapping)(kernel_listener_t *this, u_int8_t protocol, u_int32_t spi,
+ host_t *dst, host_t *remote);
/**
* Hook called if a migrate event for a policy is received.
diff --git a/src/libhydra/plugins/attr/Makefile.am b/src/libhydra/plugins/attr/Makefile.am
deleted file mode 100644
index 5b899b80c..000000000
--- a/src/libhydra/plugins/attr/Makefile.am
+++ /dev/null
@@ -1,18 +0,0 @@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-if MONOLITHIC
-noinst_LTLIBRARIES = libstrongswan-attr.la
-else
-plugin_LTLIBRARIES = libstrongswan-attr.la
-endif
-
-libstrongswan_attr_la_SOURCES = \
- attr_plugin.h attr_plugin.c \
- attr_provider.h attr_provider.c
-
-libstrongswan_attr_la_LDFLAGS = -module -avoid-version
diff --git a/src/libhydra/plugins/attr/attr_plugin.c b/src/libhydra/plugins/attr/attr_plugin.c
deleted file mode 100644
index 72fcd6dff..000000000
--- a/src/libhydra/plugins/attr/attr_plugin.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "attr_plugin.h"
-#include "attr_provider.h"
-
-#include <hydra.h>
-
-typedef struct private_attr_plugin_t private_attr_plugin_t;
-
-/**
- * private data of attr plugin
- */
-struct private_attr_plugin_t {
-
- /**
- * implements plugin interface
- */
- attr_plugin_t public;
-
- /**
- * CFG attributes provider
- */
- attr_provider_t *provider;
-};
-
-METHOD(plugin_t, get_name, char*,
- private_attr_plugin_t *this)
-{
- return "attr";
-}
-
-/**
- * Register provider
- */
-static bool plugin_cb(private_attr_plugin_t *this,
- plugin_feature_t *feature, bool reg, void *cb_data)
-{
- if (reg)
- {
- hydra->attributes->add_provider(hydra->attributes,
- &this->provider->provider);
- }
- else
- {
- hydra->attributes->remove_provider(hydra->attributes,
- &this->provider->provider);
- }
- return TRUE;
-}
-
-METHOD(plugin_t, get_features, int,
- private_attr_plugin_t *this, plugin_feature_t *features[])
-{
- static plugin_feature_t f[] = {
- PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL),
- PLUGIN_PROVIDE(CUSTOM, "attr"),
- };
- *features = f;
- return countof(f);
-}
-
-METHOD(plugin_t, reload, bool,
- private_attr_plugin_t *this)
-{
- this->provider->reload(this->provider);
- return TRUE;
-}
-
-METHOD(plugin_t, destroy, void,
- private_attr_plugin_t *this)
-{
- this->provider->destroy(this->provider);
- free(this);
-}
-
-/*
- * see header file
- */
-plugin_t *attr_plugin_create()
-{
- private_attr_plugin_t *this;
-
- INIT(this,
- .public = {
- .plugin = {
- .get_name = _get_name,
- .get_features = _get_features,
- .reload = _reload,
- .destroy = _destroy,
- },
- },
- .provider = attr_provider_create(),
- );
-
- return &this->public.plugin;
-}
diff --git a/src/libhydra/plugins/attr/attr_provider.c b/src/libhydra/plugins/attr/attr_provider.c
deleted file mode 100644
index c1788df94..000000000
--- a/src/libhydra/plugins/attr/attr_provider.c
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
- * Copyright (C) 2010 Tobias Brunner
- * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "attr_provider.h"
-
-#include <time.h>
-
-#include <hydra.h>
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-#include <threading/rwlock.h>
-
-#define SERVER_MAX 2
-
-typedef struct private_attr_provider_t private_attr_provider_t;
-typedef struct attribute_entry_t attribute_entry_t;
-
-/**
- * private data of attr_provider
- */
-struct private_attr_provider_t {
-
- /**
- * public functions
- */
- attr_provider_t public;
-
- /**
- * List of attributes, attribute_entry_t
- */
- linked_list_t *attributes;
-
- /**
- * Lock for attribute list
- */
- rwlock_t *lock;
-};
-
-struct attribute_entry_t {
- /** type of attribute */
- configuration_attribute_type_t type;
- /** attribute value */
- chunk_t value;
-};
-
-/**
- * Destroy an entry
- */
-static void attribute_destroy(attribute_entry_t *this)
-{
- free(this->value.ptr);
- free(this);
-}
-
-/**
- * convert enumerator value from attribute_entry
- */
-static bool attr_enum_filter(void *null, attribute_entry_t **in,
- configuration_attribute_type_t *type, void* none, chunk_t *value)
-{
- *type = (*in)->type;
- *value = (*in)->value;
- return TRUE;
-}
-
-METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
- private_attr_provider_t *this, linked_list_t *pools,
- identification_t *id, linked_list_t *vips)
-{
- if (vips->get_count(vips))
- {
- this->lock->read_lock(this->lock);
- return enumerator_create_filter(
- this->attributes->create_enumerator(this->attributes),
- (void*)attr_enum_filter, this->lock, (void*)this->lock->unlock);
- }
- return enumerator_create_empty();
-}
-
-METHOD(attr_provider_t, destroy, void,
- private_attr_provider_t *this)
-{
- this->attributes->destroy_function(this->attributes,
- (void*)attribute_destroy);
- this->lock->destroy(this->lock);
- free(this);
-}
-
-/**
- * Add an attribute entry to the list
- */
-static void add_legacy_entry(private_attr_provider_t *this, char *key, int nr,
- configuration_attribute_type_t type)
-{
- attribute_entry_t *entry;
- host_t *host;
- char *str;
-
- str = lib->settings->get_str(lib->settings, "%s.%s%d", NULL, lib->ns,
- key, nr);
- if (str)
- {
- host = host_create_from_string(str, 0);
- if (host)
- {
- entry = malloc_thing(attribute_entry_t);
-
- if (host->get_family(host) == AF_INET6)
- {
- switch (type)
- {
- case INTERNAL_IP4_DNS:
- type = INTERNAL_IP6_DNS;
- break;
- case INTERNAL_IP4_NBNS:
- type = INTERNAL_IP6_NBNS;
- break;
- default:
- break;
- }
- }
- entry->type = type;
- entry->value = chunk_clone(host->get_address(host));
- host->destroy(host);
- DBG2(DBG_CFG, "loaded legacy entry attribute %N: %#B",
- configuration_attribute_type_names, entry->type, &entry->value);
- this->attributes->insert_last(this->attributes, entry);
- }
- }
-}
-
-/**
- * Key to attribute type mappings, for v4 and v6 attributes
- */
-typedef struct {
- char *name;
- configuration_attribute_type_t v4;
- configuration_attribute_type_t v6;
-} attribute_type_key_t;
-
-static attribute_type_key_t keys[] = {
- {"address", INTERNAL_IP4_ADDRESS, INTERNAL_IP6_ADDRESS},
- {"dns", INTERNAL_IP4_DNS, INTERNAL_IP6_DNS},
- {"nbns", INTERNAL_IP4_NBNS, INTERNAL_IP6_NBNS},
- {"dhcp", INTERNAL_IP4_DHCP, INTERNAL_IP6_DHCP},
- {"netmask", INTERNAL_IP4_NETMASK, INTERNAL_IP6_NETMASK},
- {"server", INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER},
- {"subnet", INTERNAL_IP4_SUBNET, INTERNAL_IP6_SUBNET},
- {"split-include", UNITY_SPLIT_INCLUDE, UNITY_SPLIT_INCLUDE},
- {"split-exclude", UNITY_LOCAL_LAN, UNITY_LOCAL_LAN},
-};
-
-/**
- * Load (numerical) entries from the plugins.attr namespace
- */
-static void load_entries(private_attr_provider_t *this)
-{
- enumerator_t *enumerator, *tokens;
- char *key, *value, *token;
- int i;
-
- for (i = 1; i <= SERVER_MAX; i++)
- {
- add_legacy_entry(this, "dns", i, INTERNAL_IP4_DNS);
- add_legacy_entry(this, "nbns", i, INTERNAL_IP4_NBNS);
- }
-
- enumerator = lib->settings->create_key_value_enumerator(lib->settings,
- "%s.plugins.attr", lib->ns);
- while (enumerator->enumerate(enumerator, &key, &value))
- {
- configuration_attribute_type_t type;
- attribute_type_key_t *mapped = NULL;
- attribute_entry_t *entry;
- chunk_t data;
- host_t *host;
- char *pos;
- int i, mask = -1, family;
-
- if (streq(key, "load"))
- {
- continue;
- }
- type = atoi(key);
- if (!type)
- {
- for (i = 0; i < countof(keys); i++)
- {
- if (streq(key, keys[i].name))
- {
- mapped = &keys[i];
- break;
- }
- }
- if (!mapped)
- {
- DBG1(DBG_CFG, "mapping attribute type %s failed", key);
- continue;
- }
- }
- tokens = enumerator_create_token(value, ",", " ");
- while (tokens->enumerate(tokens, &token))
- {
- pos = strchr(token, '/');
- if (pos)
- {
- *(pos++) = '\0';
- mask = atoi(pos);
- }
- host = host_create_from_string(token, 0);
- if (!host)
- {
- if (mapped)
- {
- DBG1(DBG_CFG, "invalid host in key %s: %s", key, token);
- continue;
- }
- /* store numeric attributes that are no IP addresses as strings */
- data = chunk_clone(chunk_from_str(token));
- }
- else
- {
- family = host->get_family(host);
- if (mask == -1)
- {
- data = chunk_clone(host->get_address(host));
- }
- else
- {
- if (family == AF_INET)
- { /* IPv4 attributes contain a subnet mask */
- u_int32_t netmask = 0;
-
- if (mask)
- { /* shifting u_int32_t by 32 or more is undefined */
- mask = 32 - mask;
- netmask = htonl((0xFFFFFFFF >> mask) << mask);
- }
- data = chunk_cat("cc", host->get_address(host),
- chunk_from_thing(netmask));
- }
- else
- { /* IPv6 addresses the prefix only */
- data = chunk_cat("cc", host->get_address(host),
- chunk_from_chars(mask));
- }
- }
- host->destroy(host);
- if (mapped)
- {
- switch (family)
- {
- case AF_INET:
- type = mapped->v4;
- break;
- case AF_INET6:
- type = mapped->v6;
- break;
- }
- }
- }
- INIT(entry,
- .type = type,
- .value = data,
- );
- DBG2(DBG_CFG, "loaded attribute %N: %#B",
- configuration_attribute_type_names, entry->type, &entry->value);
- this->attributes->insert_last(this->attributes, entry);
- }
- tokens->destroy(tokens);
- }
- enumerator->destroy(enumerator);
-}
-
-METHOD(attr_provider_t, reload, void,
- private_attr_provider_t *this)
-{
- this->lock->write_lock(this->lock);
-
- this->attributes->destroy_function(this->attributes, (void*)attribute_destroy);
- this->attributes = linked_list_create();
-
- load_entries(this);
-
- DBG1(DBG_CFG, "loaded %d entr%s for attr plugin configuration",
- this->attributes->get_count(this->attributes),
- this->attributes->get_count(this->attributes) == 1 ? "y" : "ies");
-
- this->lock->unlock(this->lock);
-}
-
-/*
- * see header file
- */
-attr_provider_t *attr_provider_create(database_t *db)
-{
- private_attr_provider_t *this;
-
- INIT(this,
- .public = {
- .provider = {
- .acquire_address = (void*)return_null,
- .release_address = (void*)return_false,
- .create_attribute_enumerator = _create_attribute_enumerator,
- },
- .reload = _reload,
- .destroy = _destroy,
- },
- .attributes = linked_list_create(),
- .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
- );
-
- load_entries(this);
-
- return &this->public;
-}
diff --git a/src/libhydra/plugins/attr/attr_provider.h b/src/libhydra/plugins/attr/attr_provider.h
deleted file mode 100644
index 17db30408..000000000
--- a/src/libhydra/plugins/attr/attr_provider.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup attr_provider attr_provider
- * @{ @ingroup attr
- */
-
-#ifndef ATTR_PROVIDER_H_
-#define ATTR_PROVIDER_H_
-
-#include <attributes/attribute_provider.h>
-
-typedef struct attr_provider_t attr_provider_t;
-
-/**
- * Provide configuration attributes through static strongswan.conf definition.
- */
-struct attr_provider_t {
-
- /**
- * Implements attribute provider interface
- */
- attribute_provider_t provider;
-
- /**
- * Reload configuration from strongswan.conf.
- */
- void (*reload)(attr_provider_t *this);
-
- /**
- * Destroy a attr_provider instance.
- */
- void (*destroy)(attr_provider_t *this);
-};
-
-/**
- * Create a attr_provider instance.
- */
-attr_provider_t *attr_provider_create();
-
-#endif /** ATTR_PROVIDER @}*/
diff --git a/src/libhydra/plugins/attr_sql/Makefile.am b/src/libhydra/plugins/attr_sql/Makefile.am
deleted file mode 100644
index 6e7eae5eb..000000000
--- a/src/libhydra/plugins/attr_sql/Makefile.am
+++ /dev/null
@@ -1,18 +0,0 @@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-if MONOLITHIC
-noinst_LTLIBRARIES = libstrongswan-attr-sql.la
-else
-plugin_LTLIBRARIES = libstrongswan-attr-sql.la
-endif
-
-libstrongswan_attr_sql_la_SOURCES = \
- attr_sql_plugin.h attr_sql_plugin.c \
- sql_attribute.h sql_attribute.c
-
-libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version
diff --git a/src/libhydra/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in
deleted file mode 100644
index 076e1f8f2..000000000
--- a/src/libhydra/plugins/attr_sql/Makefile.in
+++ /dev/null
@@ -1,774 +0,0 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = src/libhydra/plugins/attr_sql
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/split-package-version.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
-libstrongswan_attr_sql_la_LIBADD =
-am_libstrongswan_attr_sql_la_OBJECTS = attr_sql_plugin.lo \
- sql_attribute.lo
-libstrongswan_attr_sql_la_OBJECTS = \
- $(am_libstrongswan_attr_sql_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-libstrongswan_attr_sql_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_attr_sql_la_LDFLAGS) \
- $(LDFLAGS) -o $@
-@MONOLITHIC_FALSE@am_libstrongswan_attr_sql_la_rpath = -rpath \
-@MONOLITHIC_FALSE@ $(plugindir)
-@MONOLITHIC_TRUE@am_libstrongswan_attr_sql_la_rpath =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(libstrongswan_attr_sql_la_SOURCES)
-DIST_SOURCES = $(libstrongswan_attr_sql_la_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GEM = @GEM@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYGEMDIR = @RUBYGEMDIR@
-RUBYINCLUDE = @RUBYINCLUDE@
-RUBYLIB = @RUBYLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-h_plugins = @h_plugins@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-json_CFLAGS = @json_CFLAGS@
-json_LIBS = @json_LIBS@
-libdir = @libdir@
-libexecdir = @libexecdir@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
-systemd_daemon_LIBS = @systemd_daemon_LIBS@
-systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
-systemd_journal_LIBS = @systemd_journal_LIBS@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-attr-sql.la
-@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-attr-sql.la
-libstrongswan_attr_sql_la_SOURCES = \
- attr_sql_plugin.h attr_sql_plugin.c \
- sql_attribute.h sql_attribute.c
-
-libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/plugins/attr_sql/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libhydra/plugins/attr_sql/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-clean-noinstLTLIBRARIES:
- -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
- @list='$(noinst_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
- }
-
-uninstall-pluginLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
- done
-
-clean-pluginLTLIBRARIES:
- -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
- @list='$(plugin_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-libstrongswan-attr-sql.la: $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_DEPENDENCIES) $(EXTRA_libstrongswan_attr_sql_la_DEPENDENCIES)
- $(AM_V_CCLD)$(libstrongswan_attr_sql_la_LINK) $(am_libstrongswan_attr_sql_la_rpath) $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attr_sql_plugin.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_attribute.Plo@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES)
-installdirs:
- for dir in "$(DESTDIR)$(plugindir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
- clean-pluginLTLIBRARIES mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-pluginLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-pluginLTLIBRARIES
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-pdf \
- install-pdf-am install-pluginLTLIBRARIES install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am uninstall-pluginLTLIBRARIES
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
deleted file mode 100644
index dde90051a..000000000
--- a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (C) 2013 Tobias Brunner
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <hydra.h>
-#include <utils/debug.h>
-#include <plugins/plugin_feature.h>
-
-#include "attr_sql_plugin.h"
-#include "sql_attribute.h"
-
-typedef struct private_attr_sql_plugin_t private_attr_sql_plugin_t;
-
-/**
- * private data of attr_sql plugin
- */
-struct private_attr_sql_plugin_t {
-
- /**
- * implements plugin interface
- */
- attr_sql_plugin_t public;
-
- /**
- * database connection instance
- */
- database_t *db;
-
- /**
- * configuration attributes
- */
- sql_attribute_t *attribute;
-};
-
-METHOD(plugin_t, get_name, char*,
- private_attr_sql_plugin_t *this)
-{
- return "attr-sql";
-}
-
-/**
- * Connect to database
- */
-static bool open_database(private_attr_sql_plugin_t *this,
- plugin_feature_t *feature, bool reg, void *cb_data)
-{
- if (reg)
- {
- char *uri;
-
- uri = lib->settings->get_str(lib->settings,
- "%s.plugins.attr-sql.database", NULL, lib->ns);
- if (!uri)
- {
- DBG1(DBG_CFG, "attr-sql plugin: database URI not set");
- return FALSE;
- }
-
- this->db = lib->db->create(lib->db, uri);
- if (!this->db)
- {
- DBG1(DBG_CFG, "attr-sql plugin failed to connect to database");
- return FALSE;
- }
- this->attribute = sql_attribute_create(this->db);
- hydra->attributes->add_provider(hydra->attributes,
- &this->attribute->provider);
- }
- else
- {
- hydra->attributes->remove_provider(hydra->attributes,
- &this->attribute->provider);
- this->attribute->destroy(this->attribute);
- this->db->destroy(this->db);
- }
- return TRUE;
-}
-
-METHOD(plugin_t, get_features, int,
- private_attr_sql_plugin_t *this, plugin_feature_t *features[])
-{
- static plugin_feature_t f[] = {
- PLUGIN_CALLBACK((plugin_feature_callback_t)open_database, NULL),
- PLUGIN_PROVIDE(CUSTOM, "attr-sql"),
- PLUGIN_DEPENDS(DATABASE, DB_ANY),
- };
- *features = f;
- return countof(f);
-}
-
-METHOD(plugin_t, destroy, void,
- private_attr_sql_plugin_t *this)
-{
- free(this);
-}
-
-/*
- * see header file
- */
-plugin_t *attr_sql_plugin_create()
-{
- private_attr_sql_plugin_t *this;
-
- INIT(this,
- .public = {
- .plugin = {
- .get_name = _get_name,
- .get_features = _get_features,
- .destroy = _destroy,
- },
- },
- );
- lib->settings->add_fallback(lib->settings, "%s.plugins.attr-sql",
- "libhydra.plugins.attr-sql", lib->ns);
-
- return &this->public.plugin;
-}
diff --git a/src/libhydra/plugins/attr_sql/sql_attribute.c b/src/libhydra/plugins/attr_sql/sql_attribute.c
deleted file mode 100644
index d527c3fba..000000000
--- a/src/libhydra/plugins/attr_sql/sql_attribute.c
+++ /dev/null
@@ -1,475 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <time.h>
-
-#include <utils/debug.h>
-#include <library.h>
-
-#include "sql_attribute.h"
-
-typedef struct private_sql_attribute_t private_sql_attribute_t;
-
-/**
- * private data of sql_attribute
- */
-struct private_sql_attribute_t {
-
- /**
- * public functions
- */
- sql_attribute_t public;
-
- /**
- * database connection
- */
- database_t *db;
-
- /**
- * whether to record lease history in lease table
- */
- bool history;
-};
-
-/**
- * lookup/insert an identity
- */
-static u_int get_identity(private_sql_attribute_t *this, identification_t *id)
-{
- enumerator_t *e;
- u_int row;
-
- this->db->transaction(this->db, TRUE);
- /* look for peer identity in the identities table */
- e = this->db->query(this->db,
- "SELECT id FROM identities WHERE type = ? AND data = ?",
- DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
- DB_UINT);
- if (e && e->enumerate(e, &row))
- {
- e->destroy(e);
- this->db->commit(this->db);
- return row;
- }
- DESTROY_IF(e);
- /* not found, insert new one */
- if (this->db->execute(this->db, &row,
- "INSERT INTO identities (type, data) VALUES (?, ?)",
- DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id)) == 1)
- {
- this->db->commit(this->db);
- return row;
- }
- this->db->rollback(this->db);
- return 0;
-}
-
-/**
- * Lookup an attribute pool by name
- */
-static u_int get_attr_pool(private_sql_attribute_t *this, char *name)
-{
- enumerator_t *e;
- u_int row = 0;
-
- e = this->db->query(this->db,
- "SELECT id FROM attribute_pools WHERE name = ?",
- DB_TEXT, name, DB_UINT);
- if (e)
- {
- e->enumerate(e, &row);
- }
- DESTROY_IF(e);
-
- return row;
-}
-
-/**
- * Lookup pool by name and address family
- */
-static u_int get_pool(private_sql_attribute_t *this, char *name, int family,
- u_int *timeout)
-{
- enumerator_t *e;
- chunk_t start;
- u_int pool;
-
- e = this->db->query(this->db,
- "SELECT id, start, timeout FROM pools WHERE name = ?",
- DB_TEXT, name, DB_UINT, DB_BLOB, DB_UINT);
- if (e && e->enumerate(e, &pool, &start, timeout))
- {
- if ((family == AF_INET && start.len == 4) ||
- (family == AF_INET6 && start.len == 16))
- {
- e->destroy(e);
- return pool;
- }
- }
- DESTROY_IF(e);
- return 0;
-}
-
-/**
- * Look up an existing lease
- */
-static host_t* check_lease(private_sql_attribute_t *this, char *name,
- u_int pool, u_int identity)
-{
- while (TRUE)
- {
- u_int id;
- chunk_t address;
- enumerator_t *e;
- time_t now = time(NULL);
-
- e = this->db->query(this->db,
- "SELECT id, address FROM addresses "
- "WHERE pool = ? AND identity = ? AND released != 0 LIMIT 1",
- DB_UINT, pool, DB_UINT, identity, DB_UINT, DB_BLOB);
- if (!e || !e->enumerate(e, &id, &address))
- {
- DESTROY_IF(e);
- break;
- }
- address = chunk_clonea(address);
- e->destroy(e);
-
- if (this->db->execute(this->db, NULL,
- "UPDATE addresses SET acquired = ?, released = 0 "
- "WHERE id = ? AND identity = ? AND released != 0",
- DB_UINT, now, DB_UINT, id, DB_UINT, identity) > 0)
- {
- host_t *host;
-
- host = host_create_from_chunk(AF_UNSPEC, address, 0);
- if (host)
- {
- DBG1(DBG_CFG, "acquired existing lease for address %H in"
- " pool '%s'", host, name);
- return host;
- }
- }
- }
- return NULL;
-}
-
-/**
- * We check for unallocated addresses or expired leases. First we select an
- * address as a candidate, but double check later on if it is still available
- * during the update operation. This allows us to work without locking.
- */
-static host_t* get_lease(private_sql_attribute_t *this, char *name,
- u_int pool, u_int timeout, u_int identity)
-{
- while (TRUE)
- {
- u_int id;
- chunk_t address;
- enumerator_t *e;
- time_t now = time(NULL);
- int hits;
-
- if (timeout)
- {
- /* check for an expired lease */
- e = this->db->query(this->db,
- "SELECT id, address FROM addresses "
- "WHERE pool = ? AND released != 0 AND released < ? LIMIT 1",
- DB_UINT, pool, DB_UINT, now - timeout, DB_UINT, DB_BLOB);
- }
- else
- {
- /* with static leases, check for an unallocated address */
- e = this->db->query(this->db,
- "SELECT id, address FROM addresses "
- "WHERE pool = ? AND identity = 0 LIMIT 1",
- DB_UINT, pool, DB_UINT, DB_BLOB);
-
- }
-
- if (!e || !e->enumerate(e, &id, &address))
- {
- DESTROY_IF(e);
- break;
- }
- address = chunk_clonea(address);
- e->destroy(e);
-
- if (timeout)
- {
- hits = this->db->execute(this->db, NULL,
- "UPDATE addresses SET "
- "acquired = ?, released = 0, identity = ? "
- "WHERE id = ? AND released != 0 AND released < ?",
- DB_UINT, now, DB_UINT, identity,
- DB_UINT, id, DB_UINT, now - timeout);
- }
- else
- {
- hits = this->db->execute(this->db, NULL,
- "UPDATE addresses SET "
- "acquired = ?, released = 0, identity = ? "
- "WHERE id = ? AND identity = 0",
- DB_UINT, now, DB_UINT, identity, DB_UINT, id);
- }
- if (hits > 0)
- {
- host_t *host;
-
- host = host_create_from_chunk(AF_UNSPEC, address, 0);
- if (host)
- {
- DBG1(DBG_CFG, "acquired new lease for address %H in pool '%s'",
- host, name);
- return host;
- }
- }
- }
- DBG1(DBG_CFG, "no available address found in pool '%s'", name);
- return NULL;
-}
-
-METHOD(attribute_provider_t, acquire_address, host_t*,
- private_sql_attribute_t *this, linked_list_t *pools, identification_t *id,
- host_t *requested)
-{
- enumerator_t *enumerator;
- host_t *address = NULL;
- u_int identity, pool, timeout;
- char *name;
- int family;
-
- identity = get_identity(this, id);
- if (identity)
- {
- family = requested->get_family(requested);
- /* check for an existing lease in all pools */
- enumerator = pools->create_enumerator(pools);
- while (enumerator->enumerate(enumerator, &name))
- {
- pool = get_pool(this, name, family, &timeout);
- if (pool)
- {
- address = check_lease(this, name, pool, identity);
- if (address)
- {
- break;
- }
- }
- }
- enumerator->destroy(enumerator);
-
- if (!address)
- {
- /* get an unallocated address or expired lease */
- enumerator = pools->create_enumerator(pools);
- while (enumerator->enumerate(enumerator, &name))
- {
- pool = get_pool(this, name, family, &timeout);
- if (pool)
- {
- address = get_lease(this, name, pool, timeout, identity);
- if (address)
- {
- break;
- }
- }
- }
- enumerator->destroy(enumerator);
- }
- }
- return address;
-}
-
-METHOD(attribute_provider_t, release_address, bool,
- private_sql_attribute_t *this, linked_list_t *pools, host_t *address,
- identification_t *id)
-{
- enumerator_t *enumerator;
- u_int pool, timeout;
- time_t now = time(NULL);
- bool found = FALSE;
- char *name;
- int family;
-
- family = address->get_family(address);
- enumerator = pools->create_enumerator(pools);
- while (enumerator->enumerate(enumerator, &name))
- {
- pool = get_pool(this, name, family, &timeout);
- if (!pool)
- {
- continue;
- }
- if (this->db->execute(this->db, NULL,
- "UPDATE addresses SET released = ? WHERE "
- "pool = ? AND address = ?", DB_UINT, time(NULL),
- DB_UINT, pool, DB_BLOB, address->get_address(address)) > 0)
- {
- if (this->history)
- {
- this->db->execute(this->db, NULL,
- "INSERT INTO leases (address, identity, acquired, released)"
- " SELECT id, identity, acquired, ? FROM addresses "
- " WHERE pool = ? AND address = ?",
- DB_UINT, now, DB_UINT, pool,
- DB_BLOB, address->get_address(address));
- }
- found = TRUE;
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- return found;
-}
-
-METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
- private_sql_attribute_t *this, linked_list_t *pools, identification_t *id,
- linked_list_t *vips)
-{
- enumerator_t *attr_enumerator = NULL;
-
- if (vips->get_count(vips))
- {
- enumerator_t *pool_enumerator;
- u_int count;
- char *name;
-
- /* in a first step check for attributes that match name and id */
- if (id)
- {
- u_int identity = get_identity(this, id);
-
- pool_enumerator = pools->create_enumerator(pools);
- while (pool_enumerator->enumerate(pool_enumerator, &name))
- {
- u_int attr_pool = get_attr_pool(this, name);
- if (!attr_pool)
- {
- continue;
- }
-
- attr_enumerator = this->db->query(this->db,
- "SELECT count(*) FROM attributes "
- "WHERE pool = ? AND identity = ?",
- DB_UINT, attr_pool, DB_UINT, identity, DB_UINT);
-
- if (attr_enumerator &&
- attr_enumerator->enumerate(attr_enumerator, &count) &&
- count != 0)
- {
- attr_enumerator->destroy(attr_enumerator);
- attr_enumerator = this->db->query(this->db,
- "SELECT type, value FROM attributes "
- "WHERE pool = ? AND identity = ?", DB_UINT,
- attr_pool, DB_UINT, identity, DB_INT, DB_BLOB);
- break;
- }
- DESTROY_IF(attr_enumerator);
- attr_enumerator = NULL;
- }
- pool_enumerator->destroy(pool_enumerator);
- }
-
- /* in a second step check for attributes that match name */
- if (!attr_enumerator)
- {
- pool_enumerator = pools->create_enumerator(pools);
- while (pool_enumerator->enumerate(pool_enumerator, &name))
- {
- u_int attr_pool = get_attr_pool(this, name);
- if (!attr_pool)
- {
- continue;
- }
-
- attr_enumerator = this->db->query(this->db,
- "SELECT count(*) FROM attributes "
- "WHERE pool = ? AND identity = 0",
- DB_UINT, attr_pool, DB_UINT);
-
- if (attr_enumerator &&
- attr_enumerator->enumerate(attr_enumerator, &count) &&
- count != 0)
- {
- attr_enumerator->destroy(attr_enumerator);
- attr_enumerator = this->db->query(this->db,
- "SELECT type, value FROM attributes "
- "WHERE pool = ? AND identity = 0",
- DB_UINT, attr_pool, DB_INT, DB_BLOB);
- break;
- }
- DESTROY_IF(attr_enumerator);
- attr_enumerator = NULL;
- }
- pool_enumerator->destroy(pool_enumerator);
- }
-
- /* lastly try to find global attributes */
- if (!attr_enumerator)
- {
- attr_enumerator = this->db->query(this->db,
- "SELECT type, value FROM attributes "
- "WHERE pool = 0 AND identity = 0",
- DB_INT, DB_BLOB);
- }
- }
-
- return (attr_enumerator ? attr_enumerator : enumerator_create_empty());
-}
-
-METHOD(sql_attribute_t, destroy, void,
- private_sql_attribute_t *this)
-{
- free(this);
-}
-
-/*
- * see header file
- */
-sql_attribute_t *sql_attribute_create(database_t *db)
-{
- private_sql_attribute_t *this;
- time_t now = time(NULL);
-
- INIT(this,
- .public = {
- .provider = {
- .acquire_address = _acquire_address,
- .release_address = _release_address,
- .create_attribute_enumerator = _create_attribute_enumerator,
- },
- .destroy = _destroy,
- },
- .db = db,
- .history = lib->settings->get_bool(lib->settings,
- "%s.plugins.attr-sql.lease_history", TRUE, lib->ns),
- );
-
- /* close any "online" leases in the case we crashed */
- if (this->history)
- {
- this->db->execute(this->db, NULL,
- "INSERT INTO leases (address, identity, acquired, released)"
- " SELECT id, identity, acquired, ? FROM addresses "
- " WHERE released = 0", DB_UINT, now);
- }
- this->db->execute(this->db, NULL,
- "UPDATE addresses SET released = ? WHERE released = 0",
- DB_UINT, now);
- return &this->public;
-}
diff --git a/src/libhydra/plugins/attr_sql/sql_attribute.h b/src/libhydra/plugins/attr_sql/sql_attribute.h
deleted file mode 100644
index ca87eb27e..000000000
--- a/src/libhydra/plugins/attr_sql/sql_attribute.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup sql_attribute sql_attribute
- * @{ @ingroup attr_sql
- */
-
-#ifndef SQL_ATTRIBUTE_H_
-#define SQL_ATTRIBUTE_H_
-
-#include <attributes/attribute_provider.h>
-#include <database/database.h>
-
-typedef struct sql_attribute_t sql_attribute_t;
-
-/**
- * SQL database based IKEv2 cfg attribute provider.
- */
-struct sql_attribute_t {
-
- /**
- * Implements attribute provider interface
- */
- attribute_provider_t provider;
-
- /**
- * Destroy a sql_attribute instance.
- */
- void (*destroy)(sql_attribute_t *this);
-};
-
-/**
- * Create a sql_attribute instance.
- */
-sql_attribute_t *sql_attribute_create(database_t *db);
-
-#endif /** SQL_ATTRIBUTE_H_ @}*/
diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.am b/src/libhydra/plugins/kernel_netlink/Makefile.am
index c91f9a9e4..cc8855406 100644
--- a/src/libhydra/plugins/kernel_netlink/Makefile.am
+++ b/src/libhydra/plugins/kernel_netlink/Makefile.am
@@ -21,3 +21,24 @@ libstrongswan_kernel_netlink_la_SOURCES = \
kernel_netlink_shared.h kernel_netlink_shared.c
libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version
+
+
+TESTS = tests
+
+check_PROGRAMS = $(TESTS)
+
+tests_SOURCES = \
+ tests.h tests.c \
+ suites/test_socket.c \
+ kernel_netlink_shared.c
+
+tests_CFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ -DNETLINK_MSG_LOSS_HOOK=netlink_msg_loss \
+ @COVERAGE_CFLAGS@
+
+tests_LDFLAGS = @COVERAGE_LDFLAGS@
+tests_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in
index a9b523eb8..962fe1ba1 100644
--- a/src/libhydra/plugins/kernel_netlink/Makefile.in
+++ b/src/libhydra/plugins/kernel_netlink/Makefile.in
@@ -78,6 +78,8 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
+TESTS = tests$(EXEEXT)
+check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libhydra/plugins/kernel_netlink
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
@@ -144,6 +146,18 @@ libstrongswan_kernel_netlink_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
@MONOLITHIC_FALSE@am_libstrongswan_kernel_netlink_la_rpath = -rpath \
@MONOLITHIC_FALSE@ $(plugindir)
@MONOLITHIC_TRUE@am_libstrongswan_kernel_netlink_la_rpath =
+am__EXEEXT_1 = tests$(EXEEXT)
+am__dirstamp = $(am__leading_dot)dirstamp
+am_tests_OBJECTS = tests-tests.$(OBJEXT) \
+ suites/tests-test_socket.$(OBJEXT) \
+ tests-kernel_netlink_shared.$(OBJEXT)
+tests_OBJECTS = $(am_tests_OBJECTS)
+tests_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
+tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(tests_CFLAGS) $(CFLAGS) \
+ $(tests_LDFLAGS) $(LDFLAGS) -o $@
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -178,8 +192,9 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(libstrongswan_kernel_netlink_la_SOURCES)
-DIST_SOURCES = $(libstrongswan_kernel_netlink_la_SOURCES)
+SOURCES = $(libstrongswan_kernel_netlink_la_SOURCES) $(tests_SOURCES)
+DIST_SOURCES = $(libstrongswan_kernel_netlink_la_SOURCES) \
+ $(tests_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -204,6 +219,28 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__tty_colors_dummy = \
+ mgn= red= grn= lgn= blu= brg= std=; \
+ am__color_tests=no
+am__tty_colors = { \
+ $(am__tty_colors_dummy); \
+ if test "X$(AM_COLOR_TESTS)" = Xno; then \
+ am__color_tests=no; \
+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+ am__color_tests=yes; \
+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+ am__color_tests=yes; \
+ fi; \
+ if test $$am__color_tests = yes; then \
+ red=''; \
+ grn=''; \
+ lgn=''; \
+ blu=''; \
+ mgn=''; \
+ brg=''; \
+ std=''; \
+ fi; \
+}
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
@@ -230,6 +267,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -290,10 +328,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -367,6 +407,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
@@ -444,6 +486,22 @@ libstrongswan_kernel_netlink_la_SOURCES = \
kernel_netlink_shared.h kernel_netlink_shared.c
libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version
+tests_SOURCES = \
+ tests.h tests.c \
+ suites/test_socket.c \
+ kernel_netlink_shared.c
+
+tests_CFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ -DNETLINK_MSG_LOSS_HOOK=netlink_msg_loss \
+ @COVERAGE_CFLAGS@
+
+tests_LDFLAGS = @COVERAGE_LDFLAGS@
+tests_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
+
all: all-am
.SUFFIXES:
@@ -528,8 +586,30 @@ clean-pluginLTLIBRARIES:
libstrongswan-kernel-netlink.la: $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_DEPENDENCIES) $(EXTRA_libstrongswan_kernel_netlink_la_DEPENDENCIES)
$(AM_V_CCLD)$(libstrongswan_kernel_netlink_la_LINK) $(am_libstrongswan_kernel_netlink_la_rpath) $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_LIBADD) $(LIBS)
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+suites/$(am__dirstamp):
+ @$(MKDIR_P) suites
+ @: > suites/$(am__dirstamp)
+suites/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) suites/$(DEPDIR)
+ @: > suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_socket.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+
+tests$(EXEEXT): $(tests_OBJECTS) $(tests_DEPENDENCIES) $(EXTRA_tests_DEPENDENCIES)
+ @rm -f tests$(EXEEXT)
+ $(AM_V_CCLD)$(tests_LINK) $(tests_OBJECTS) $(tests_LDADD) $(LIBS)
+
mostlyclean-compile:
-rm -f *.$(OBJEXT)
+ -rm -f suites/*.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@@ -538,6 +618,9 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_netlink_net.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_netlink_plugin.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_netlink_shared.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tests-kernel_netlink_shared.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tests-tests.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_socket.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -563,6 +646,48 @@ distclean-compile:
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+tests-tests.o: tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-tests.o -MD -MP -MF $(DEPDIR)/tests-tests.Tpo -c -o tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-tests.Tpo $(DEPDIR)/tests-tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='tests-tests.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
+
+tests-tests.obj: tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-tests.obj -MD -MP -MF $(DEPDIR)/tests-tests.Tpo -c -o tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-tests.Tpo $(DEPDIR)/tests-tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='tests-tests.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
+
+suites/tests-test_socket.o: suites/test_socket.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_socket.o -MD -MP -MF suites/$(DEPDIR)/tests-test_socket.Tpo -c -o suites/tests-test_socket.o `test -f 'suites/test_socket.c' || echo '$(srcdir)/'`suites/test_socket.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_socket.Tpo suites/$(DEPDIR)/tests-test_socket.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_socket.c' object='suites/tests-test_socket.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_socket.o `test -f 'suites/test_socket.c' || echo '$(srcdir)/'`suites/test_socket.c
+
+suites/tests-test_socket.obj: suites/test_socket.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_socket.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_socket.Tpo -c -o suites/tests-test_socket.obj `if test -f 'suites/test_socket.c'; then $(CYGPATH_W) 'suites/test_socket.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_socket.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_socket.Tpo suites/$(DEPDIR)/tests-test_socket.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_socket.c' object='suites/tests-test_socket.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_socket.obj `if test -f 'suites/test_socket.c'; then $(CYGPATH_W) 'suites/test_socket.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_socket.c'; fi`
+
+tests-kernel_netlink_shared.o: kernel_netlink_shared.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-kernel_netlink_shared.o -MD -MP -MF $(DEPDIR)/tests-kernel_netlink_shared.Tpo -c -o tests-kernel_netlink_shared.o `test -f 'kernel_netlink_shared.c' || echo '$(srcdir)/'`kernel_netlink_shared.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-kernel_netlink_shared.Tpo $(DEPDIR)/tests-kernel_netlink_shared.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kernel_netlink_shared.c' object='tests-kernel_netlink_shared.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-kernel_netlink_shared.o `test -f 'kernel_netlink_shared.c' || echo '$(srcdir)/'`kernel_netlink_shared.c
+
+tests-kernel_netlink_shared.obj: kernel_netlink_shared.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-kernel_netlink_shared.obj -MD -MP -MF $(DEPDIR)/tests-kernel_netlink_shared.Tpo -c -o tests-kernel_netlink_shared.obj `if test -f 'kernel_netlink_shared.c'; then $(CYGPATH_W) 'kernel_netlink_shared.c'; else $(CYGPATH_W) '$(srcdir)/kernel_netlink_shared.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-kernel_netlink_shared.Tpo $(DEPDIR)/tests-kernel_netlink_shared.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kernel_netlink_shared.c' object='tests-kernel_netlink_shared.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-kernel_netlink_shared.obj `if test -f 'kernel_netlink_shared.c'; then $(CYGPATH_W) 'kernel_netlink_shared.c'; else $(CYGPATH_W) '$(srcdir)/kernel_netlink_shared.c'; fi`
+
mostlyclean-libtool:
-rm -f *.lo
@@ -621,6 +746,99 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ fi; \
+ echo "$${col}$$dashes$${std}"; \
+ echo "$${col}$$banner$${std}"; \
+ test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \
+ test -z "$$report" || echo "$${col}$$report$${std}"; \
+ echo "$${col}$$dashes$${std}"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -652,6 +870,8 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES)
installdirs:
@@ -684,17 +904,19 @@ clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -rm -f suites/$(DEPDIR)/$(am__dirstamp)
+ -rm -f suites/$(am__dirstamp)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
- clean-pluginLTLIBRARIES mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+ clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -rf ./$(DEPDIR) suites/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -740,7 +962,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -rf ./$(DEPDIR) suites/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -759,22 +981,23 @@ ps-am:
uninstall-am: uninstall-pluginLTLIBRARIES
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-pdf \
- install-pdf-am install-pluginLTLIBRARIES install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am uninstall-pluginLTLIBRARIES
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
+ clean-checkPROGRAMS clean-generic clean-libtool \
+ clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES cscopelist-am \
+ ctags ctags-am distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index dfd71f3bd..03e44e510 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -38,6 +38,7 @@
#include <hydra.h>
#include <utils/debug.h>
#include <threading/mutex.h>
+#include <collections/array.h>
#include <collections/hashtable.h>
#include <collections/linked_list.h>
@@ -319,6 +320,16 @@ struct private_kernel_netlink_ipsec_t {
* Whether to track the history of a policy
*/
bool policy_history;
+
+ /**
+ * Whether to always use UPDATE to install policies
+ */
+ bool policy_update;
+
+ /**
+ * Installed port based IKE bypass policies, as bypass_t
+ */
+ array_t *bypass;
};
typedef struct route_entry_t route_entry_t;
@@ -859,25 +870,26 @@ static void process_expire(private_kernel_netlink_ipsec_t *this,
struct nlmsghdr *hdr)
{
struct xfrm_user_expire *expire;
- u_int32_t spi, reqid;
+ u_int32_t spi;
u_int8_t protocol;
+ host_t *dst;
expire = NLMSG_DATA(hdr);
protocol = expire->state.id.proto;
spi = expire->state.id.spi;
- reqid = expire->state.reqid;
DBG2(DBG_KNL, "received a XFRM_MSG_EXPIRE");
- if (protocol != IPPROTO_ESP && protocol != IPPROTO_AH)
+ if (protocol == IPPROTO_ESP || protocol == IPPROTO_AH)
{
- DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA with SPI %.8x and "
- "reqid {%u} which is not a CHILD_SA", ntohl(spi), reqid);
- return;
+ dst = xfrm2host(expire->state.family, &expire->state.id.daddr, 0);
+ if (dst)
+ {
+ hydra->kernel_interface->expire(hydra->kernel_interface, protocol,
+ spi, dst, expire->hard != 0);
+ dst->destroy(dst);
+ }
}
-
- hydra->kernel_interface->expire(hydra->kernel_interface, reqid, protocol,
- spi, expire->hard != 0);
}
/**
@@ -961,23 +973,29 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this,
struct nlmsghdr *hdr)
{
struct xfrm_user_mapping *mapping;
- u_int32_t spi, reqid;
+ u_int32_t spi;
mapping = NLMSG_DATA(hdr);
spi = mapping->id.spi;
- reqid = mapping->reqid;
DBG2(DBG_KNL, "received a XFRM_MSG_MAPPING");
if (mapping->id.proto == IPPROTO_ESP)
{
- host_t *host;
- host = xfrm2host(mapping->id.family, &mapping->new_saddr,
- mapping->new_sport);
- if (host)
+ host_t *dst, *new;
+
+ dst = xfrm2host(mapping->id.family, &mapping->id.daddr, 0);
+ if (dst)
{
- hydra->kernel_interface->mapping(hydra->kernel_interface, reqid,
- spi, host);
+ new = xfrm2host(mapping->id.family, &mapping->new_saddr,
+ mapping->new_sport);
+ if (new)
+ {
+ hydra->kernel_interface->mapping(hydra->kernel_interface,
+ IPPROTO_ESP, spi, dst, new);
+ new->destroy(new);
+ }
+ dst->destroy(dst);
}
}
}
@@ -1055,7 +1073,7 @@ METHOD(kernel_ipsec_t, get_features, kernel_feature_t,
*/
static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this,
host_t *src, host_t *dst, u_int8_t proto, u_int32_t min, u_int32_t max,
- u_int32_t reqid, u_int32_t *spi)
+ u_int32_t *spi)
{
netlink_buf_t request;
struct nlmsghdr *hdr, *out;
@@ -1075,7 +1093,6 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this,
host2xfrm(dst, &userspi->info.id.daddr);
userspi->info.id.proto = proto;
userspi->info.mode = XFRM_MODE_TUNNEL;
- userspi->info.reqid = reqid;
userspi->info.family = src->get_family(src);
userspi->min = min;
userspi->max = max;
@@ -1122,39 +1139,35 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this,
METHOD(kernel_ipsec_t, get_spi, status_t,
private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
+ u_int8_t protocol, u_int32_t *spi)
{
- DBG2(DBG_KNL, "getting SPI for reqid {%u}", reqid);
-
if (get_spi_internal(this, src, dst, protocol,
- 0xc0000000, 0xcFFFFFFF, reqid, spi) != SUCCESS)
+ 0xc0000000, 0xcFFFFFFF, spi) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to get SPI for reqid {%u}", reqid);
+ DBG1(DBG_KNL, "unable to get SPI");
return FAILED;
}
- DBG2(DBG_KNL, "got SPI %.8x for reqid {%u}", ntohl(*spi), reqid);
+ DBG2(DBG_KNL, "got SPI %.8x", ntohl(*spi));
return SUCCESS;
}
METHOD(kernel_ipsec_t, get_cpi, status_t,
private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t reqid, u_int16_t *cpi)
+ u_int16_t *cpi)
{
u_int32_t received_spi = 0;
- DBG2(DBG_KNL, "getting CPI for reqid {%u}", reqid);
-
if (get_spi_internal(this, src, dst, IPPROTO_COMP,
- 0x100, 0xEFFF, reqid, &received_spi) != SUCCESS)
+ 0x100, 0xEFFF, &received_spi) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to get CPI for reqid {%u}", reqid);
+ DBG1(DBG_KNL, "unable to get CPI");
return FAILED;
}
*cpi = htons((u_int16_t)ntohl(received_spi));
- DBG2(DBG_KNL, "got CPI %.4x for reqid {%u}", ntohs(*cpi), reqid);
+ DBG2(DBG_KNL, "got CPI %.4x", ntohs(*cpi));
return SUCCESS;
}
@@ -1184,8 +1197,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
- traffic_selector_t* src_ts, traffic_selector_t* dst_ts)
+ bool initiator, bool encap, bool esn, bool inbound, bool update,
+ linked_list_t* src_ts, linked_list_t* dst_ts)
{
netlink_buf_t request;
char *alg_name;
@@ -1193,6 +1206,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
struct xfrm_usersa_info *sa;
u_int16_t icv_size = 64;
ipsec_mode_t original_mode = mode;
+ traffic_selector_t *first_src_ts, *first_dst_ts;
status_t status = FAILED;
/* if IPComp is used, we install an additional IPComp SA. if the cpi is 0
@@ -1203,7 +1217,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark,
tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED,
chunk_empty, mode, ipcomp, 0, 0, initiator, FALSE, FALSE,
- inbound, src_ts, dst_ts);
+ inbound, update, src_ts, dst_ts);
ipcomp = IPCOMP_NONE;
/* use transport mode ESP SA, IPComp uses tunnel mode */
mode = MODE_TRANSPORT;
@@ -1216,7 +1230,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
- hdr->nlmsg_type = inbound ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA;
+ hdr->nlmsg_type = update ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info));
sa = NLMSG_DATA(hdr);
@@ -1238,9 +1252,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
* selector can be installed other traffic would get dropped */
break;
}
- if (src_ts && dst_ts)
+ if (src_ts->get_first(src_ts, (void**)&first_src_ts) == SUCCESS &&
+ dst_ts->get_first(dst_ts, (void**)&first_dst_ts) == SUCCESS)
{
- sa->sel = ts2selector(src_ts, dst_ts);
+ sa->sel = ts2selector(first_src_ts, first_dst_ts);
if (!this->proto_port_transport)
{
/* don't install proto/port on SA. This would break
@@ -1535,7 +1550,8 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this,
host_t *dst, mark_t mark,
struct xfrm_replay_state_esn **replay_esn,
u_int32_t *replay_esn_len,
- struct xfrm_replay_state **replay)
+ struct xfrm_replay_state **replay,
+ struct xfrm_lifetime_cur **lifetime)
{
netlink_buf_t request;
struct nlmsghdr *hdr, *out = NULL;
@@ -1603,20 +1619,27 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this,
rtasize = XFRM_PAYLOAD(out, struct xfrm_aevent_id);
while (RTA_OK(rta, rtasize))
{
+ if (rta->rta_type == XFRMA_LTIME_VAL &&
+ RTA_PAYLOAD(rta) == sizeof(**lifetime))
+ {
+ free(*lifetime);
+ *lifetime = malloc(RTA_PAYLOAD(rta));
+ memcpy(*lifetime, RTA_DATA(rta), RTA_PAYLOAD(rta));
+ }
if (rta->rta_type == XFRMA_REPLAY_VAL &&
RTA_PAYLOAD(rta) == sizeof(**replay))
{
+ free(*replay);
*replay = malloc(RTA_PAYLOAD(rta));
memcpy(*replay, RTA_DATA(rta), RTA_PAYLOAD(rta));
- break;
}
if (rta->rta_type == XFRMA_REPLAY_ESN_VAL &&
RTA_PAYLOAD(rta) >= sizeof(**replay_esn))
{
+ free(*replay_esn);
*replay_esn = malloc(RTA_PAYLOAD(rta));
*replay_esn_len = RTA_PAYLOAD(rta);
memcpy(*replay_esn, RTA_DATA(rta), RTA_PAYLOAD(rta));
- break;
}
rta = RTA_NEXT(rta, rtasize);
}
@@ -1798,6 +1821,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
struct xfrm_encap_tmpl* tmpl = NULL;
struct xfrm_replay_state *replay = NULL;
struct xfrm_replay_state_esn *replay_esn = NULL;
+ struct xfrm_lifetime_cur *lifetime = NULL;
u_int32_t replay_esn_len;
status_t status = FAILED;
@@ -1863,7 +1887,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
goto failed;
}
- get_replay_state(this, spi, protocol, dst, mark, &replay_esn, &replay_esn_len, &replay);
+ get_replay_state(this, spi, protocol, dst, mark, &replay_esn,
+ &replay_esn_len, &replay, &lifetime);
/* delete the old SA (without affecting the IPComp SA) */
if (del_sa(this, src, dst, spi, protocol, 0, mark) != SUCCESS)
@@ -1952,8 +1977,25 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
}
else
{
- DBG1(DBG_KNL, "unable to copy replay state from old SAD entry "
- "with SPI %.8x", ntohl(spi));
+ DBG1(DBG_KNL, "unable to copy replay state from old SAD entry with "
+ "SPI %.8x", ntohl(spi));
+ }
+ if (lifetime)
+ {
+ struct xfrm_lifetime_cur *state;
+
+ state = netlink_reserve(hdr, sizeof(request), XFRMA_LTIME_VAL,
+ sizeof(*state));
+ if (!state)
+ {
+ goto failed;
+ }
+ memcpy(state, lifetime, sizeof(*state));
+ }
+ else
+ {
+ DBG1(DBG_KNL, "unable to copy usage stats from old SAD entry with "
+ "SPI %.8x", ntohl(spi));
}
if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS)
@@ -1966,6 +2008,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
failed:
free(replay);
free(replay_esn);
+ free(lifetime);
memwipe(out, len);
memwipe(&request, sizeof(request));
free(out);
@@ -2313,6 +2356,11 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
return SUCCESS;
}
+ if (this->policy_update)
+ {
+ found = TRUE;
+ }
+
DBG2(DBG_KNL, "%s policy %R === %R %N (mark %u/0x%08x)",
found ? "updating" : "adding", src_ts, dst_ts,
policy_dir_names, direction, mark.value, mark.mask);
@@ -2576,9 +2624,11 @@ METHOD(kernel_ipsec_t, flush_policies, status_t,
return SUCCESS;
}
-
-METHOD(kernel_ipsec_t, bypass_socket, bool,
- private_kernel_netlink_ipsec_t *this, int fd, int family)
+/**
+ * Bypass socket using a per-socket policy
+ */
+static bool add_socket_bypass(private_kernel_netlink_ipsec_t *this,
+ int fd, int family)
{
struct xfrm_userpolicy_info policy;
u_int sol, ipsec_policy;
@@ -2618,6 +2668,154 @@ METHOD(kernel_ipsec_t, bypass_socket, bool,
return TRUE;
}
+/**
+ * Port based IKE bypass policy
+ */
+typedef struct {
+ /** address family */
+ int family;
+ /** layer 4 protocol */
+ int proto;
+ /** port number, network order */
+ u_int16_t port;
+} bypass_t;
+
+/**
+ * Add or remove a bypass policy from/to kernel
+ */
+static bool manage_bypass(private_kernel_netlink_ipsec_t *this,
+ int type, policy_dir_t dir, bypass_t *bypass)
+{
+ netlink_buf_t request;
+ struct xfrm_selector *sel;
+ struct nlmsghdr *hdr;
+
+ memset(&request, 0, sizeof(request));
+ hdr = &request.hdr;
+ hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
+ hdr->nlmsg_type = type;
+
+ if (type == XFRM_MSG_NEWPOLICY)
+ {
+ struct xfrm_userpolicy_info *policy;
+
+ hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_info));
+
+ policy = NLMSG_DATA(hdr);
+ policy->dir = dir;
+ policy->priority = 32;
+ policy->action = XFRM_POLICY_ALLOW;
+ policy->share = XFRM_SHARE_ANY;
+
+ policy->lft.soft_byte_limit = XFRM_INF;
+ policy->lft.soft_packet_limit = XFRM_INF;
+ policy->lft.hard_byte_limit = XFRM_INF;
+ policy->lft.hard_packet_limit = XFRM_INF;
+
+ sel = &policy->sel;
+ }
+ else /* XFRM_MSG_DELPOLICY */
+ {
+ struct xfrm_userpolicy_id *policy;
+
+ hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_id));
+
+ policy = NLMSG_DATA(hdr);
+ policy->dir = dir;
+
+ sel = &policy->sel;
+ }
+
+ sel->family = bypass->family;
+ sel->proto = bypass->proto;
+ if (dir == POLICY_IN)
+ {
+ sel->dport = bypass->port;
+ sel->dport_mask = 0xffff;
+ }
+ else
+ {
+ sel->sport = bypass->port;
+ sel->sport_mask = 0xffff;
+ }
+ return this->socket_xfrm->send_ack(this->socket_xfrm, hdr) == SUCCESS;
+}
+
+/**
+ * Bypass socket using a port-based bypass policy
+ */
+static bool add_port_bypass(private_kernel_netlink_ipsec_t *this,
+ int fd, int family)
+{
+ union {
+ struct sockaddr sa;
+ struct sockaddr_in in;
+ struct sockaddr_in6 in6;
+ } saddr;
+ socklen_t len;
+ bypass_t bypass = {
+ .family = family,
+ };
+
+ len = sizeof(saddr);
+ if (getsockname(fd, &saddr.sa, &len) != 0)
+ {
+ return FALSE;
+ }
+#ifdef SO_PROTOCOL /* since 2.6.32 */
+ len = sizeof(bypass.proto);
+ if (getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &bypass.proto, &len) != 0)
+#endif
+ { /* assume UDP if SO_PROTOCOL not supported */
+ bypass.proto = IPPROTO_UDP;
+ }
+ switch (family)
+ {
+ case AF_INET:
+ bypass.port = saddr.in.sin_port;
+ break;
+ case AF_INET6:
+ bypass.port = saddr.in6.sin6_port;
+ break;
+ default:
+ return FALSE;
+ }
+
+ if (!manage_bypass(this, XFRM_MSG_NEWPOLICY, POLICY_IN, &bypass))
+ {
+ return FALSE;
+ }
+ if (!manage_bypass(this, XFRM_MSG_NEWPOLICY, POLICY_OUT, &bypass))
+ {
+ manage_bypass(this, XFRM_MSG_DELPOLICY, POLICY_IN, &bypass);
+ return FALSE;
+ }
+ array_insert(this->bypass, ARRAY_TAIL, &bypass);
+
+ return TRUE;
+}
+
+/**
+ * Remove installed port based bypass policy
+ */
+static void remove_port_bypass(bypass_t *bypass, int idx,
+ private_kernel_netlink_ipsec_t *this)
+{
+ manage_bypass(this, XFRM_MSG_DELPOLICY, POLICY_OUT, bypass);
+ manage_bypass(this, XFRM_MSG_DELPOLICY, POLICY_IN, bypass);
+}
+
+METHOD(kernel_ipsec_t, bypass_socket, bool,
+ private_kernel_netlink_ipsec_t *this, int fd, int family)
+{
+ if (lib->settings->get_bool(lib->settings,
+ "%s.plugins.kernel-netlink.port_bypass", FALSE, lib->ns))
+ {
+ return add_port_bypass(this, fd, family);
+ }
+ return add_socket_bypass(this, fd, family);
+}
+
METHOD(kernel_ipsec_t, enable_udp_decap, bool,
private_kernel_netlink_ipsec_t *this, int fd, int family, u_int16_t port)
{
@@ -2637,6 +2835,8 @@ METHOD(kernel_ipsec_t, destroy, void,
enumerator_t *enumerator;
policy_entry_t *policy;
+ array_destroy_function(this->bypass,
+ (array_callback_t)remove_port_bypass, this);
if (this->socket_xfrm_events > 0)
{
lib->watcher->remove(lib->watcher, this->socket_xfrm_events);
@@ -2688,8 +2888,11 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
(hashtable_equals_t)policy_equals, 32),
.sas = hashtable_create((hashtable_hash_t)ipsec_sa_hash,
(hashtable_equals_t)ipsec_sa_equals, 32),
+ .bypass = array_create(sizeof(bypass_t), 0),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.policy_history = TRUE,
+ .policy_update = lib->settings->get_bool(lib->settings,
+ "%s.plugins.kernel-netlink.policy_update", FALSE, lib->ns),
.install_routes = lib->settings->get_bool(lib->settings,
"%s.install_routes", TRUE, lib->ns),
.proto_port_transport = lib->settings->get_bool(lib->settings,
@@ -2711,7 +2914,9 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
fclose(f);
}
- this->socket_xfrm = netlink_socket_create(NETLINK_XFRM, xfrm_msg_names);
+ this->socket_xfrm = netlink_socket_create(NETLINK_XFRM, xfrm_msg_names,
+ lib->settings->get_bool(lib->settings,
+ "%s.plugins.kernel-netlink.parallel_xfrm", FALSE, lib->ns));
if (!this->socket_xfrm)
{
destroy(this);
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index 9d9f15974..a431e49b7 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1538,6 +1538,7 @@ typedef struct {
u_int8_t dst_len;
u_int32_t table;
u_int32_t oif;
+ u_int32_t priority;
} rt_entry_t;
/**
@@ -1573,6 +1574,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
route->dst_len = msg->rtm_dst_len;
route->table = msg->rtm_table;
route->oif = 0;
+ route->priority = 0;
}
else
{
@@ -1601,6 +1603,12 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
route->oif = *(u_int32_t*)RTA_DATA(rta);
}
break;
+ case RTA_PRIORITY:
+ if (RTA_PAYLOAD(rta) == sizeof(route->priority))
+ {
+ route->priority = *(u_int32_t*)RTA_DATA(rta);
+ }
+ break;
#ifdef HAVE_RTA_TABLE
case RTA_TABLE:
if (RTA_PAYLOAD(rta) == sizeof(route->table))
@@ -1724,11 +1732,16 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
}
route->src_host = src;
}
- /* insert route, sorted by decreasing network prefix */
+ /* insert route, sorted by priority and network prefix */
enumerator = routes->create_enumerator(routes);
while (enumerator->enumerate(enumerator, &other))
{
- if (route->dst_len > other->dst_len)
+ if (route->priority < other->priority)
+ {
+ break;
+ }
+ if (route->priority == other->priority &&
+ route->dst_len > other->dst_len)
{
break;
}
@@ -1975,6 +1988,8 @@ METHOD(kernel_net_t, add_ip, status_t,
if (iface)
{
addr_entry_t *addr;
+ char *ifname;
+ int ifi;
INIT(addr,
.ip = virtual_ip->clone(virtual_ip),
@@ -1983,26 +1998,30 @@ METHOD(kernel_net_t, add_ip, status_t,
);
iface->addrs->insert_last(iface->addrs, addr);
addr_map_entry_add(this->vips, addr, iface);
+ ifi = iface->ifindex;
+ this->lock->unlock(this->lock);
if (manage_ipaddr(this, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL,
- iface->ifindex, virtual_ip, prefix) == SUCCESS)
+ ifi, virtual_ip, prefix) == SUCCESS)
{
+ this->lock->write_lock(this->lock);
while (!is_vip_installed_or_gone(this, virtual_ip, &entry))
{ /* wait until address appears */
this->condvar->wait(this->condvar, this->lock);
}
if (entry)
{ /* we fail if the interface got deleted in the meantime */
- DBG2(DBG_KNL, "virtual IP %H installed on %s", virtual_ip,
- entry->iface->ifname);
+ ifname = strdup(entry->iface->ifname);
this->lock->unlock(this->lock);
+ DBG2(DBG_KNL, "virtual IP %H installed on %s",
+ virtual_ip, ifname);
/* during IKEv1 reauthentication, children get moved from
* old the new SA before the virtual IP is available. This
* kills the route for our virtual IP, reinstall. */
- queue_route_reinstall(this, strdup(entry->iface->ifname));
+ queue_route_reinstall(this, ifname);
return SUCCESS;
}
+ this->lock->unlock(this->lock);
}
- this->lock->unlock(this->lock);
DBG1(DBG_KNL, "adding virtual IP %H failed", virtual_ip);
return FAILED;
}
@@ -2048,20 +2067,23 @@ METHOD(kernel_net_t, del_ip, status_t,
if (entry->addr->refcount == 1)
{
status_t status;
+ int ifi;
/* we set this flag so that threads calling add_ip will block and wait
* until the entry is gone, also so we can wait below */
entry->addr->installed = FALSE;
- status = manage_ipaddr(this, RTM_DELADDR, 0, entry->iface->ifindex,
- virtual_ip, prefix);
+ ifi = entry->iface->ifindex;
+ this->lock->unlock(this->lock);
+ status = manage_ipaddr(this, RTM_DELADDR, 0, ifi, virtual_ip, prefix);
if (status == SUCCESS && wait)
{ /* wait until the address is really gone */
+ this->lock->write_lock(this->lock);
while (is_known_vip(this, virtual_ip))
{
this->condvar->wait(this->condvar, this->lock);
}
+ this->lock->unlock(this->lock);
}
- this->lock->unlock(this->lock);
return status;
}
else
@@ -2490,7 +2512,9 @@ kernel_netlink_net_t *kernel_netlink_net_create()
.destroy = _destroy,
},
},
- .socket = netlink_socket_create(NETLINK_ROUTE, rt_msg_names),
+ .socket = netlink_socket_create(NETLINK_ROUTE, rt_msg_names,
+ lib->settings->get_bool(lib->settings,
+ "%s.plugins.kernel-netlink.parallel_route", FALSE, lib->ns)),
.rt_exclude = linked_list_create(),
.routes = hashtable_create((hashtable_hash_t)route_entry_hash,
(hashtable_equals_t)route_entry_equals, 16),
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
index b4cece720..a9adfe091 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -1,4 +1,6 @@
/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
* Copyright (C) 2008 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
@@ -16,6 +18,7 @@
#include <sys/socket.h>
#include <linux/netlink.h>
#include <linux/rtnetlink.h>
+#include <linux/xfrm.h>
#include <errno.h>
#include <unistd.h>
@@ -23,6 +26,9 @@
#include <utils/debug.h>
#include <threading/mutex.h>
+#include <threading/condvar.h>
+#include <collections/array.h>
+#include <collections/hashtable.h>
typedef struct private_netlink_socket_t private_netlink_socket_t;
@@ -30,20 +36,26 @@ typedef struct private_netlink_socket_t private_netlink_socket_t;
* Private variables and functions of netlink_socket_t class.
*/
struct private_netlink_socket_t {
+
/**
* public part of the netlink_socket_t object.
*/
netlink_socket_t public;
/**
- * mutex to lock access to netlink socket
+ * mutex to lock access entries
*/
mutex_t *mutex;
/**
- * current sequence number for netlink request
+ * Netlink request entries currently active, uintptr_t seq => entry_t
+ */
+ hashtable_t *entries;
+
+ /**
+ * Current sequence number for Netlink requests
*/
- int seq;
+ refcount_t seq;
/**
* netlink socket
@@ -51,119 +63,420 @@ struct private_netlink_socket_t {
int socket;
/**
+ * Netlink protocol
+ */
+ int protocol;
+
+ /**
* Enum names for Netlink messages
*/
enum_name_t *names;
+
+ /**
+ * Timeout for Netlink replies, in ms
+ */
+ u_int timeout;
+
+ /**
+ * Number of times to repeat timed out queries
+ */
+ u_int retries;
+
+ /**
+ * Use parallel netlink queries
+ */
+ bool parallel;
+
+ /**
+ * Ignore errors potentially resulting from a retransmission
+ */
+ bool ignore_retransmit_errors;
};
/**
- * Imported from kernel_netlink_ipsec.c
+ * #definable hook to simulate request message loss
*/
-extern enum_name_t *xfrm_msg_names;
-
-METHOD(netlink_socket_t, netlink_send, status_t,
- private_netlink_socket_t *this, struct nlmsghdr *in, struct nlmsghdr **out,
- size_t *out_len)
-{
- union {
- struct nlmsghdr hdr;
- u_char bytes[4096];
- } response;
- struct sockaddr_nl addr;
- chunk_t result = chunk_empty;
- int len;
+#ifdef NETLINK_MSG_LOSS_HOOK
+bool NETLINK_MSG_LOSS_HOOK(struct nlmsghdr *msg);
+#define msg_loss_hook(msg) NETLINK_MSG_LOSS_HOOK(msg)
+#else
+#define msg_loss_hook(msg) FALSE
+#endif
- this->mutex->lock(this->mutex);
+/**
+ * Request entry the answer for a waiting thread is collected in
+ */
+typedef struct {
+ /** Condition variable thread is waiting */
+ condvar_t *condvar;
+ /** Array of hdrs in a multi-message response, as struct nlmsghdr* */
+ array_t *hdrs;
+ /** All response messages received? */
+ bool complete;
+} entry_t;
- in->nlmsg_seq = ++this->seq;
- in->nlmsg_pid = getpid();
+/**
+ * Clean up a thread waiting entry
+ */
+static void destroy_entry(entry_t *entry)
+{
+ entry->condvar->destroy(entry->condvar);
+ array_destroy_function(entry->hdrs, (void*)free, NULL);
+ free(entry);
+}
- memset(&addr, 0, sizeof(addr));
- addr.nl_family = AF_NETLINK;
- addr.nl_pid = 0;
- addr.nl_groups = 0;
+/**
+ * Write a Netlink message to socket
+ */
+static bool write_msg(private_netlink_socket_t *this, struct nlmsghdr *msg)
+{
+ struct sockaddr_nl addr = {
+ .nl_family = AF_NETLINK,
+ };
+ int len;
- if (this->names)
+ if (msg_loss_hook(msg))
{
- DBG3(DBG_KNL, "sending %N: %b",
- this->names, in->nlmsg_type, in, in->nlmsg_len);
+ return TRUE;
}
+
while (TRUE)
{
- len = sendto(this->socket, in, in->nlmsg_len, 0,
+ len = sendto(this->socket, msg, msg->nlmsg_len, 0,
(struct sockaddr*)&addr, sizeof(addr));
-
- if (len != in->nlmsg_len)
+ if (len != msg->nlmsg_len)
{
if (errno == EINTR)
{
- /* interrupted, try again */
continue;
}
- this->mutex->unlock(this->mutex);
- DBG1(DBG_KNL, "error sending to netlink socket: %s", strerror(errno));
- return FAILED;
+ DBG1(DBG_KNL, "netlink write error: %s", strerror(errno));
+ return FALSE;
}
- break;
+ return TRUE;
}
+}
- while (TRUE)
+/**
+ * Read a single Netlink message from socket, return 0 on error, -1 on timeout
+ */
+static ssize_t read_msg(private_netlink_socket_t *this,
+ char buf[4096], size_t buflen, bool block)
+{
+ ssize_t len;
+
+ if (block)
{
- len = recv(this->socket, &response, sizeof(response), 0);
- if (len < 0)
+ fd_set set;
+ timeval_t tv = {};
+
+ FD_ZERO(&set);
+ FD_SET(this->socket, &set);
+ timeval_add_ms(&tv, this->timeout);
+
+ if (select(this->socket + 1, &set, NULL, NULL,
+ this->timeout ? &tv : NULL) <= 0)
{
- if (errno == EINTR)
+ return -1;
+ }
+ }
+ len = recv(this->socket, buf, buflen, block ? 0 : MSG_DONTWAIT);
+ if (len == buflen)
+ {
+ DBG1(DBG_KNL, "netlink response exceeds buffer size");
+ return 0;
+ }
+ if (len < 0)
+ {
+ if (errno != EAGAIN && errno != EWOULDBLOCK && errno != EINTR)
+ {
+ DBG1(DBG_KNL, "netlink read error: %s", strerror(errno));
+ }
+ return 0;
+ }
+ return len;
+}
+
+/**
+ * Queue received response message
+ */
+static bool queue(private_netlink_socket_t *this, struct nlmsghdr *buf)
+{
+ struct nlmsghdr *hdr;
+ entry_t *entry;
+ uintptr_t seq;
+
+ seq = (uintptr_t)buf->nlmsg_seq;
+
+ this->mutex->lock(this->mutex);
+ entry = this->entries->get(this->entries, (void*)seq);
+ if (entry)
+ {
+ hdr = malloc(buf->nlmsg_len);
+ memcpy(hdr, buf, buf->nlmsg_len);
+ array_insert(entry->hdrs, ARRAY_TAIL, hdr);
+ if (hdr->nlmsg_type == NLMSG_DONE || !(hdr->nlmsg_flags & NLM_F_MULTI))
+ {
+ entry->complete = TRUE;
+ entry->condvar->signal(entry->condvar);
+ }
+ }
+ else
+ {
+ DBG1(DBG_KNL, "received unknown netlink seq %u, ignored", seq);
+ }
+ this->mutex->unlock(this->mutex);
+
+ return entry != NULL;
+}
+
+/**
+ * Read and queue response message, optionally blocking, returns TRUE on timeout
+ */
+static bool read_and_queue(private_netlink_socket_t *this, bool block)
+{
+ struct nlmsghdr *hdr;
+ union {
+ struct nlmsghdr hdr;
+ char bytes[4096];
+ } buf;
+ ssize_t len;
+
+ len = read_msg(this, buf.bytes, sizeof(buf.bytes), block);
+ if (len == -1)
+ {
+ return TRUE;
+ }
+ if (len)
+ {
+ hdr = &buf.hdr;
+ while (NLMSG_OK(hdr, len))
+ {
+ if (!queue(this, hdr))
{
- DBG1(DBG_KNL, "got interrupted");
- /* interrupted, try again */
- continue;
+ break;
}
- DBG1(DBG_KNL, "error reading from netlink socket: %s", strerror(errno));
- this->mutex->unlock(this->mutex);
- free(result.ptr);
- return FAILED;
+ hdr = NLMSG_NEXT(hdr, len);
}
- if (!NLMSG_OK(&response.hdr, len))
+ }
+ return FALSE;
+}
+
+CALLBACK(watch, bool,
+ private_netlink_socket_t *this, int fd, watcher_event_t event)
+{
+ if (event == WATCHER_READ)
+ {
+ read_and_queue(this, FALSE);
+ }
+ return TRUE;
+}
+
+/**
+ * Send a netlink request, try once
+ */
+static status_t send_once(private_netlink_socket_t *this, struct nlmsghdr *in,
+ uintptr_t seq, struct nlmsghdr **out, size_t *out_len)
+{
+ struct nlmsghdr *hdr;
+ chunk_t result = {};
+ entry_t *entry;
+
+ in->nlmsg_seq = seq;
+ in->nlmsg_pid = getpid();
+
+ if (this->names)
+ {
+ DBG3(DBG_KNL, "sending %N %u: %b", this->names, in->nlmsg_type,
+ (u_int)seq, in, in->nlmsg_len);
+ }
+
+ this->mutex->lock(this->mutex);
+ if (!write_msg(this, in))
+ {
+ this->mutex->unlock(this->mutex);
+ return FAILED;
+ }
+
+ INIT(entry,
+ .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
+ .hdrs = array_create(0, 0),
+ );
+ this->entries->put(this->entries, (void*)seq, entry);
+
+ while (!entry->complete)
+ {
+ if (this->parallel &&
+ lib->watcher->get_state(lib->watcher) == WATCHER_RUNNING)
{
- DBG1(DBG_KNL, "received corrupted netlink message");
- this->mutex->unlock(this->mutex);
- free(result.ptr);
- return FAILED;
+ if (this->timeout)
+ {
+ if (entry->condvar->timed_wait(entry->condvar, this->mutex,
+ this->timeout))
+ {
+ break;
+ }
+ }
+ else
+ {
+ entry->condvar->wait(entry->condvar, this->mutex);
+ }
}
- if (response.hdr.nlmsg_seq != this->seq)
- {
- DBG1(DBG_KNL, "received invalid netlink sequence number");
- if (response.hdr.nlmsg_seq < this->seq)
+ else
+ { /* During (de-)initialization, no watcher thread is active.
+ * collect responses ourselves. */
+ if (read_and_queue(this, TRUE))
{
- continue;
+ break;
}
- this->mutex->unlock(this->mutex);
- free(result.ptr);
- return FAILED;
}
+ }
+ this->entries->remove(this->entries, (void*)seq);
- result = chunk_cat("mc", result, chunk_create(response.bytes, len));
+ this->mutex->unlock(this->mutex);
- /* NLM_F_MULTI flag does not seem to be set correctly, we use sequence
- * numbers to detect multi header messages */
- len = recv(this->socket, &response.hdr, sizeof(response.hdr),
- MSG_PEEK | MSG_DONTWAIT);
- if (len == sizeof(response.hdr) && response.hdr.nlmsg_seq == this->seq)
+ if (!entry->complete)
+ { /* timeout */
+ destroy_entry(entry);
+ return OUT_OF_RES;
+ }
+
+ while (array_remove(entry->hdrs, ARRAY_HEAD, &hdr))
+ {
+ if (this->names)
{
- /* seems to be multipart */
- continue;
+ DBG3(DBG_KNL, "received %N %u: %b", this->names, hdr->nlmsg_type,
+ hdr->nlmsg_seq, hdr, hdr->nlmsg_len);
}
- break;
+ result = chunk_cat("mm", result,
+ chunk_create((char*)hdr, hdr->nlmsg_len));
}
+ destroy_entry(entry);
*out_len = result.len;
*out = (struct nlmsghdr*)result.ptr;
- this->mutex->unlock(this->mutex);
-
return SUCCESS;
}
+/**
+ * Ignore errors for message types that might have completed previously
+ */
+static void ignore_retransmit_error(private_netlink_socket_t *this,
+ struct nlmsgerr *err, int type)
+{
+ switch (err->error)
+ {
+ case -EEXIST:
+ switch (this->protocol)
+ {
+ case NETLINK_XFRM:
+ switch (type)
+ {
+ case XFRM_MSG_NEWPOLICY:
+ case XFRM_MSG_NEWSA:
+ err->error = 0;
+ break;
+ }
+ break;
+ case NETLINK_ROUTE:
+ switch (type)
+ {
+ case RTM_NEWADDR:
+ case RTM_NEWLINK:
+ case RTM_NEWNEIGH:
+ case RTM_NEWROUTE:
+ case RTM_NEWRULE:
+ err->error = 0;
+ break;
+ }
+ break;
+ }
+ break;
+ case -ENOENT:
+ switch (this->protocol)
+ {
+ case NETLINK_XFRM:
+ switch (type)
+ {
+ case XFRM_MSG_DELPOLICY:
+ case XFRM_MSG_DELSA:
+ err->error = 0;
+ break;
+ }
+ break;
+ case NETLINK_ROUTE:
+ switch (type)
+ {
+ case RTM_DELADDR:
+ case RTM_DELLINK:
+ case RTM_DELNEIGH:
+ case RTM_DELROUTE:
+ case RTM_DELRULE:
+ err->error = 0;
+ break;
+ }
+ break;
+ }
+ break;
+ }
+}
+
+METHOD(netlink_socket_t, netlink_send, status_t,
+ private_netlink_socket_t *this, struct nlmsghdr *in, struct nlmsghdr **out,
+ size_t *out_len)
+{
+ uintptr_t seq;
+ u_int try;
+
+ seq = ref_get(&this->seq);
+
+ for (try = 0; try <= this->retries; ++try)
+ {
+ struct nlmsghdr *hdr;
+ status_t status;
+ size_t len;
+
+ if (try > 0)
+ {
+ DBG1(DBG_KNL, "retransmitting Netlink request (%u/%u)",
+ try, this->retries);
+ }
+ status = send_once(this, in, seq, &hdr, &len);
+ switch (status)
+ {
+ case SUCCESS:
+ break;
+ case OUT_OF_RES:
+ continue;
+ default:
+ return status;
+ }
+ if (hdr->nlmsg_type == NLMSG_ERROR)
+ {
+ struct nlmsgerr* err;
+
+ err = NLMSG_DATA(hdr);
+ if (err->error == -EBUSY)
+ {
+ free(hdr);
+ try--;
+ continue;
+ }
+ if (this->ignore_retransmit_errors && try > 0)
+ {
+ ignore_retransmit_error(this, err, in->nlmsg_type);
+ }
+ }
+ *out = hdr;
+ *out_len = len;
+ return SUCCESS;
+ }
+ DBG1(DBG_KNL, "Netlink request timed out after %u retransmits",
+ this->retries);
+ return OUT_OF_RES;
+}
+
METHOD(netlink_socket_t, netlink_send_ack, status_t,
private_netlink_socket_t *this, struct nlmsghdr *in)
{
@@ -221,8 +534,13 @@ METHOD(netlink_socket_t, destroy, void,
{
if (this->socket != -1)
{
+ if (this->parallel)
+ {
+ lib->watcher->remove(lib->watcher, this->socket);
+ }
close(this->socket);
}
+ this->entries->destroy(this->entries);
this->mutex->destroy(this->mutex);
free(this);
}
@@ -230,7 +548,8 @@ METHOD(netlink_socket_t, destroy, void,
/**
* Described in header.
*/
-netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names)
+netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
+ bool parallel)
{
private_netlink_socket_t *this;
struct sockaddr_nl addr = {
@@ -244,9 +563,19 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names)
.destroy = _destroy,
},
.seq = 200,
- .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .mutex = mutex_create(MUTEX_TYPE_RECURSIVE),
.socket = socket(AF_NETLINK, SOCK_RAW, protocol),
+ .entries = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 4),
+ .protocol = protocol,
.names = names,
+ .timeout = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-netlink.timeout", 0, lib->ns),
+ .retries = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-netlink.retries", 0, lib->ns),
+ .ignore_retransmit_errors = lib->settings->get_bool(lib->settings,
+ "%s.plugins.kernel-netlink.ignore_retransmit_errors",
+ FALSE, lib->ns),
+ .parallel = parallel,
);
if (this->socket == -1)
@@ -261,6 +590,10 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names)
destroy(this);
return NULL;
}
+ if (this->parallel)
+ {
+ lib->watcher->add(lib->watcher, this->socket, WATCHER_READ, watch, this);
+ }
return &this->public;
}
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h
index 069f746d1..66682907d 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h
@@ -66,8 +66,10 @@ struct netlink_socket_t {
*
* @param protocol protocol type (e.g. NETLINK_XFRM or NETLINK_ROUTE)
* @param names optional enum names for Netlink messages
+ * @param parallel support parallel queries on this Netlink socket
*/
-netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names);
+netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
+ bool parallel);
/**
* Creates an rtattr and adds it to the given netlink message.
diff --git a/src/libhydra/plugins/kernel_netlink/suites/test_socket.c b/src/libhydra/plugins/kernel_netlink/suites/test_socket.c
new file mode 100644
index 000000000..3e8facd0a
--- /dev/null
+++ b/src/libhydra/plugins/kernel_netlink/suites/test_socket.c
@@ -0,0 +1,302 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <test_suite.h>
+
+#include <threading/thread.h>
+
+#include "../kernel_netlink_shared.h"
+
+/**
+ * Netlink message drop configuration
+ */
+static int drop_interval = 0;
+
+/**
+ * Netlink message drop hook
+ */
+bool netlink_msg_loss(struct nlmsghdr *hdr)
+{
+ static refcount_t i;
+
+ if (drop_interval)
+ {
+ return ref_get(&i) % drop_interval == drop_interval - 1;
+ }
+ return FALSE;
+}
+
+START_TEST(test_echo)
+{
+ netlink_socket_t *s;
+ struct nlmsghdr *out;
+ struct rtmsg *msg;
+ char dst[] = {
+ 127,0,0,1
+ };
+ size_t len;
+ netlink_buf_t request = {
+ .hdr = {
+ .nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)),
+ .nlmsg_flags = NLM_F_REQUEST,
+ .nlmsg_type = RTM_GETROUTE,
+ },
+ };
+
+ msg = NLMSG_DATA(&request.hdr);
+ msg->rtm_family = AF_INET;
+ netlink_add_attribute(&request.hdr, RTA_DST,
+ chunk_from_thing(dst), sizeof(request));
+
+ s = netlink_socket_create(NETLINK_ROUTE, NULL, _i != 0);
+
+ ck_assert(s->send(s, &request.hdr, &out, &len) == SUCCESS);
+ ck_assert_int_eq(out->nlmsg_type, RTM_NEWROUTE);
+ free(out);
+ s->destroy(s);
+}
+END_TEST
+
+START_TEST(test_echo_dump)
+{
+ netlink_socket_t *s;
+ struct nlmsghdr *out, *current;
+ struct rtgenmsg *msg;
+ size_t len;
+ netlink_buf_t request = {
+ .hdr = {
+ .nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg)),
+ .nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT,
+ .nlmsg_type = RTM_GETLINK,
+ },
+ };
+
+ s = netlink_socket_create(NETLINK_ROUTE, NULL, _i != 0);
+ msg = NLMSG_DATA(&request.hdr);
+ msg->rtgen_family = AF_UNSPEC;
+
+ ck_assert(s->send(s, &request.hdr, &out, &len) == SUCCESS);
+ current = out;
+ while (TRUE)
+ {
+ ck_assert(NLMSG_OK(current, len));
+ if (current->nlmsg_type == NLMSG_DONE)
+ {
+ break;
+ }
+ ck_assert_int_eq(current->nlmsg_type, RTM_NEWLINK);
+ current = NLMSG_NEXT(current, len);
+ }
+ free(out);
+ s->destroy(s);
+}
+END_TEST
+
+CALLBACK(stress, void*,
+ netlink_socket_t *s)
+{
+ struct nlmsghdr *out;
+ struct rtmsg *msg;
+ char dst[] = {
+ 127,0,0,1
+ };
+ size_t len;
+ int i;
+ netlink_buf_t request = {
+ .hdr = {
+ .nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)),
+ .nlmsg_flags = NLM_F_REQUEST,
+ .nlmsg_type = RTM_GETROUTE,
+ },
+ };
+
+ for (i = 0; i < 10; i++)
+ {
+ msg = NLMSG_DATA(&request.hdr);
+ msg->rtm_family = AF_INET;
+ netlink_add_attribute(&request.hdr, RTA_DST,
+ chunk_from_thing(dst), sizeof(request));
+
+ ck_assert(s->send(s, &request.hdr, &out, &len) == SUCCESS);
+ ck_assert_int_eq(out->nlmsg_type, RTM_NEWROUTE);
+ free(out);
+ }
+ return NULL;
+}
+
+CALLBACK(stress_dump, void*,
+ netlink_socket_t *s)
+{
+ struct nlmsghdr *out, *current;
+ struct rtgenmsg *msg;
+ size_t len;
+ int i;
+ netlink_buf_t request = {
+ .hdr = {
+ .nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg)),
+ .nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT,
+ .nlmsg_type = RTM_GETLINK,
+ },
+ };
+
+ msg = NLMSG_DATA(&request.hdr);
+ msg->rtgen_family = AF_UNSPEC;
+
+ for (i = 0; i < 10; i++)
+ {
+ ck_assert(s->send(s, &request.hdr, &out, &len) == SUCCESS);
+ current = out;
+ while (TRUE)
+ {
+ ck_assert(NLMSG_OK(current, len));
+ if (current->nlmsg_type == NLMSG_DONE)
+ {
+ break;
+ }
+ ck_assert_int_eq(current->nlmsg_type, RTM_NEWLINK);
+ current = NLMSG_NEXT(current, len);
+ }
+ free(out);
+ }
+ return NULL;
+}
+
+START_TEST(test_stress)
+{
+ thread_t *threads[10];
+ netlink_socket_t *s;
+ int i;
+
+ s = netlink_socket_create(NETLINK_ROUTE, NULL, _i != 0);
+ for (i = 0; i < countof(threads); i++)
+ {
+ threads[i] = thread_create(stress, s);
+ }
+ for (i = 0; i < countof(threads); i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+ s->destroy(s);
+}
+END_TEST
+
+START_TEST(test_stress_dump)
+{
+ thread_t *threads[10];
+ netlink_socket_t *s;
+ int i;
+
+ s = netlink_socket_create(NETLINK_ROUTE, NULL, _i != 0);
+ for (i = 0; i < countof(threads); i++)
+ {
+ threads[i] = thread_create(stress_dump, s);
+ }
+ for (i = 0; i < countof(threads); i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+ s->destroy(s);
+}
+END_TEST
+
+START_TEST(test_retransmit_success)
+{
+ netlink_socket_t *s;
+ struct nlmsghdr *out;
+ struct rtgenmsg *msg;
+ size_t len;
+ netlink_buf_t request = {
+ .hdr = {
+ .nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg)),
+ .nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT,
+ .nlmsg_type = RTM_GETLINK,
+ },
+ };
+
+ drop_interval = 2;
+
+ lib->settings->set_int(lib->settings,
+ "%s.plugins.kernel-netlink.timeout", 100, lib->ns);
+ lib->settings->set_int(lib->settings,
+ "%s.plugins.kernel-netlink.retries", 1, lib->ns);
+
+ s = netlink_socket_create(NETLINK_ROUTE, NULL, _i != 0);
+ msg = NLMSG_DATA(&request.hdr);
+ msg->rtgen_family = AF_UNSPEC;
+
+ ck_assert(s->send(s, &request.hdr, &out, &len) == SUCCESS);
+ free(out);
+ s->destroy(s);
+
+ drop_interval = 0;
+}
+END_TEST
+
+START_TEST(test_retransmit_fail)
+{
+ netlink_socket_t *s;
+ struct nlmsghdr *out;
+ struct rtgenmsg *msg;
+ size_t len;
+ netlink_buf_t request = {
+ .hdr = {
+ .nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg)),
+ .nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT,
+ .nlmsg_type = RTM_GETLINK,
+ },
+ };
+
+ drop_interval = 1;
+
+ lib->settings->set_int(lib->settings,
+ "%s.plugins.kernel-netlink.timeout", 50, lib->ns);
+ lib->settings->set_int(lib->settings,
+ "%s.plugins.kernel-netlink.retries", 3, lib->ns);
+
+ s = netlink_socket_create(NETLINK_ROUTE, NULL, _i != 0);
+ msg = NLMSG_DATA(&request.hdr);
+ msg->rtgen_family = AF_UNSPEC;
+
+ ck_assert(s->send(s, &request.hdr, &out, &len) == OUT_OF_RES);
+ s->destroy(s);
+
+ drop_interval = 0;
+}
+END_TEST
+
+Suite *socket_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("netlink socket");
+
+ tc = tcase_create("echo");
+ tcase_add_loop_test(tc, test_echo, 0, 2);
+ tcase_add_loop_test(tc, test_echo_dump, 0, 2);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("stress");
+ tcase_add_loop_test(tc, test_stress, 0, 2);
+ tcase_add_loop_test(tc, test_stress_dump, 0, 2);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("retransmit");
+ tcase_add_loop_test(tc, test_retransmit_success, 0, 2);
+ tcase_add_loop_test(tc, test_retransmit_fail, 0, 2);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libhydra/plugins/kernel_netlink/tests.c b/src/libhydra/plugins/kernel_netlink/tests.c
new file mode 100644
index 000000000..136b34d29
--- /dev/null
+++ b/src/libhydra/plugins/kernel_netlink/tests.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <test_runner.h>
+
+#include <hydra.h>
+
+/* declare test suite constructors */
+#define TEST_SUITE(x) test_suite_t* x();
+#include "tests.h"
+#undef TEST_SUITE
+
+static test_configuration_t tests[] = {
+#define TEST_SUITE(x) \
+ { .suite = x, },
+#include "tests.h"
+ { .suite = NULL, }
+};
+
+static bool test_runner_init(bool init)
+{
+ if (init)
+ {
+ dbg_default_set_level(0);
+ lib->processor->set_threads(lib->processor, 8);
+ dbg_default_set_level(1);
+ }
+ else
+ {
+ lib->processor->set_threads(lib->processor, 0);
+ lib->processor->cancel(lib->processor);
+ }
+ return TRUE;
+}
+
+int main(int argc, char *argv[])
+{
+ return test_runner_run("kernel-netlink", tests, test_runner_init);
+}
diff --git a/src/libhydra/plugins/attr_sql/attr_sql_plugin.h b/src/libhydra/plugins/kernel_netlink/tests.h
index ba85a6b28..2b6715a78 100644
--- a/src/libhydra/plugins/attr_sql/attr_sql_plugin.h
+++ b/src/libhydra/plugins/kernel_netlink/tests.h
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,30 +13,4 @@
* for more details.
*/
-/**
- * @defgroup attr_sql attr_sql
- * @ingroup hplugins
- *
- * @defgroup sql_plugin sql_plugin
- * @{ @ingroup attr_sql
- */
-
-#ifndef ATTR_SQL_PLUGIN_H_
-#define ATTR_SQL_PLUGIN_H_
-
-#include <plugins/plugin.h>
-
-typedef struct attr_sql_plugin_t attr_sql_plugin_t;
-
-/**
- * SQL database attribute configuration plugin
- */
-struct attr_sql_plugin_t {
-
- /**
- * implements plugin interface
- */
- plugin_t plugin;
-};
-
-#endif /** ATTR_SQL_PLUGIN_H_ @}*/
+TEST_SUITE(socket_suite_create)
diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.in b/src/libhydra/plugins/kernel_pfkey/Makefile.in
index 821ad7710..177d2f23f 100644
--- a/src/libhydra/plugins/kernel_pfkey/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfkey/Makefile.in
@@ -229,6 +229,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -289,10 +290,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -366,6 +369,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 00ab5ab5a..3b32ba553 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1296,7 +1296,8 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this,
{
pfkey_msg_t response;
u_int8_t protocol;
- u_int32_t spi, reqid;
+ u_int32_t spi;
+ host_t *dst;
bool hard;
DBG2(DBG_KNL, "received an SADB_EXPIRE");
@@ -1309,18 +1310,18 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this,
protocol = satype2proto(msg->sadb_msg_satype);
spi = response.sa->sadb_sa_spi;
- reqid = response.x_sa2->sadb_x_sa2_reqid;
hard = response.lft_hard != NULL;
- if (protocol != IPPROTO_ESP && protocol != IPPROTO_AH)
+ if (protocol == IPPROTO_ESP || protocol == IPPROTO_AH)
{
- DBG2(DBG_KNL, "ignoring SADB_EXPIRE for SA with SPI %.8x and "
- "reqid {%u} which is not a CHILD_SA", ntohl(spi), reqid);
- return;
+ dst = host_create_from_sockaddr((sockaddr_t*)(response.dst + 1));
+ if (dst)
+ {
+ hydra->kernel_interface->expire(hydra->kernel_interface, protocol,
+ spi, dst, hard);
+ dst->destroy(dst);
+ }
}
-
- hydra->kernel_interface->expire(hydra->kernel_interface, reqid, protocol,
- spi, hard);
}
#ifdef SADB_X_MIGRATE
@@ -1387,9 +1388,9 @@ static void process_mapping(private_kernel_pfkey_ipsec_t *this,
struct sadb_msg* msg)
{
pfkey_msg_t response;
- u_int32_t spi, reqid;
+ u_int32_t spi;
sockaddr_t *sa;
- host_t *host;
+ host_t *dst, *new;
DBG2(DBG_KNL, "received an SADB_X_NAT_T_NEW_MAPPING");
@@ -1407,7 +1408,6 @@ static void process_mapping(private_kernel_pfkey_ipsec_t *this,
}
spi = response.sa->sadb_sa_spi;
- reqid = response.x_sa2->sadb_x_sa2_reqid;
if (satype2proto(msg->sadb_msg_satype) != IPPROTO_ESP)
{
@@ -1415,6 +1415,7 @@ static void process_mapping(private_kernel_pfkey_ipsec_t *this,
}
sa = (sockaddr_t*)(response.dst + 1);
+ dst = host_create_from_sockaddr(sa);
switch (sa->sa_family)
{
case AF_INET:
@@ -1432,12 +1433,16 @@ static void process_mapping(private_kernel_pfkey_ipsec_t *this,
default:
break;
}
-
- host = host_create_from_sockaddr(sa);
- if (host)
+ if (dst)
{
- hydra->kernel_interface->mapping(hydra->kernel_interface, reqid,
- spi, host);
+ new = host_create_from_sockaddr(sa);
+ if (new)
+ {
+ hydra->kernel_interface->mapping(hydra->kernel_interface,
+ IPPROTO_ESP, spi, dst, new);
+ new->destroy(new);
+ }
+ dst->destroy(dst);
}
}
#endif /*SADB_X_NAT_T_NEW_MAPPING*/
@@ -1518,11 +1523,10 @@ static bool receive_events(private_kernel_pfkey_ipsec_t *this, int fd,
static status_t get_spi_internal(private_kernel_pfkey_ipsec_t *this,
host_t *src, host_t *dst, u_int8_t proto, u_int32_t min, u_int32_t max,
- u_int32_t reqid, u_int32_t *spi)
+ u_int32_t *spi)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
- struct sadb_x_sa2 *sa2;
struct sadb_spirange *range;
pfkey_msg_t response;
u_int32_t received_spi = 0;
@@ -1536,12 +1540,6 @@ static status_t get_spi_internal(private_kernel_pfkey_ipsec_t *this,
msg->sadb_msg_satype = proto2satype(proto);
msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
- sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg);
- sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
- sa2->sadb_x_sa2_len = PFKEY_LEN(sizeof(struct sadb_spirange));
- sa2->sadb_x_sa2_reqid = reqid;
- PFKEY_EXT_ADD(msg, sa2);
-
add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE);
add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE);
@@ -1577,39 +1575,37 @@ static status_t get_spi_internal(private_kernel_pfkey_ipsec_t *this,
METHOD(kernel_ipsec_t, get_spi, status_t,
private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
+ u_int8_t protocol, u_int32_t *spi)
{
- DBG2(DBG_KNL, "getting SPI for reqid {%u}", reqid);
-
if (get_spi_internal(this, src, dst, protocol,
- 0xc0000000, 0xcFFFFFFF, reqid, spi) != SUCCESS)
+ 0xc0000000, 0xcFFFFFFF, spi) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to get SPI for reqid {%u}", reqid);
+ DBG1(DBG_KNL, "unable to get SPI");
return FAILED;
}
- DBG2(DBG_KNL, "got SPI %.8x for reqid {%u}", ntohl(*spi), reqid);
+ DBG2(DBG_KNL, "got SPI %.8x", ntohl(*spi));
return SUCCESS;
}
METHOD(kernel_ipsec_t, get_cpi, status_t,
private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t reqid, u_int16_t *cpi)
+ u_int16_t *cpi)
{
u_int32_t received_spi = 0;
- DBG2(DBG_KNL, "getting CPI for reqid {%u}", reqid);
+ DBG2(DBG_KNL, "getting CPI");
if (get_spi_internal(this, src, dst, IPPROTO_COMP,
- 0x100, 0xEFFF, reqid, &received_spi) != SUCCESS)
+ 0x100, 0xEFFF, &received_spi) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to get CPI for reqid {%u}", reqid);
+ DBG1(DBG_KNL, "unable to get CPI");
return FAILED;
}
*cpi = htons((u_int16_t)ntohl(received_spi));
- DBG2(DBG_KNL, "got CPI %.4x for reqid {%u}", ntohs(*cpi), reqid);
+ DBG2(DBG_KNL, "got CPI %.4x", ntohs(*cpi));
return SUCCESS;
}
@@ -1619,8 +1615,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
+ bool initiator, bool encap, bool esn, bool inbound, bool update,
+ linked_list_t *src_ts, linked_list_t *dst_ts)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1638,12 +1634,29 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark,
tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED,
chunk_empty, mode, ipcomp, 0, 0, FALSE, FALSE, FALSE, inbound,
- NULL, NULL);
+ update, NULL, NULL);
ipcomp = IPCOMP_NONE;
/* use transport mode ESP SA, IPComp uses tunnel mode */
mode = MODE_TRANSPORT;
}
+ if (update)
+ {
+ /* As we didn't know the reqid during SPI allocation, we used reqid
+ * zero. Unfortunately we can't SADB_UPDATE to the new reqid, hence we
+ * have to delete the SPI allocation state manually. The reqid
+ * selector does not count for that, therefore we have to delete
+ * that state before installing the new SA to avoid deleting the
+ * the new state after installing it. */
+ mark_t zeromark = {0, 0};
+
+ if (this->public.interface.del_sa(&this->public.interface,
+ src, dst, spi, protocol, 0, zeromark) != SUCCESS)
+ {
+ DBG1(DBG_KNL, "deleting SPI allocation SA failed");
+ }
+ }
+
memset(&request, 0, sizeof(request));
DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}",
@@ -1651,7 +1664,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
msg = (struct sadb_msg*)request;
msg->sadb_msg_version = PF_KEY_V2;
- msg->sadb_msg_type = inbound ? SADB_UPDATE : SADB_ADD;
+ msg->sadb_msg_type = SADB_ADD;
msg->sadb_msg_satype = proto2satype(protocol);
msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
@@ -1680,7 +1693,13 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
}
else
{
+ /* Linux interprets sadb_sa_replay as number of packets/bits in the
+ * replay window, whereas on BSD it's the size of the window in bytes */
+#ifdef __linux__
sa->sadb_sa_replay = min(replay_window, 32);
+#else
+ sa->sadb_sa_replay = (replay_window + 7) / 8;
+#endif
sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
}
@@ -2969,6 +2988,7 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
{
private_kernel_pfkey_ipsec_t *this;
bool register_for_events = TRUE;
+ int rcv_buffer;
INIT(this,
.public = {
@@ -3025,6 +3045,18 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
return NULL;
}
+ rcv_buffer = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-pfkey.events_buffer_size", 0, lib->ns);
+ if (rcv_buffer > 0)
+ {
+ if (setsockopt(this->socket_events, SOL_SOCKET, SO_RCVBUF,
+ &rcv_buffer, sizeof(rcv_buffer)) == -1)
+ {
+ DBG1(DBG_KNL, "unable to set receive buffer size on PF_KEY "
+ "event socket: %s", strerror(errno));
+ }
+ }
+
/* register the event socket */
if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS ||
register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS)
diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.in b/src/libhydra/plugins/kernel_pfroute/Makefile.in
index 662f2fd7d..9f676d21d 100644
--- a/src/libhydra/plugins/kernel_pfroute/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfroute/Makefile.in
@@ -229,6 +229,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -289,10 +290,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -366,6 +369,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
index 26fae0d6b..0f7802270 100644
--- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -830,6 +830,15 @@ static void process_link(private_kernel_pfroute_net_t *this,
DBG1(DBG_KNL, "interface %s deactivated", iface->ifname);
}
}
+#ifdef __APPLE__
+ /* There seems to be a race condition on 10.10, where we get
+ * the RTM_IFINFO, but getifaddrs() does not return the virtual
+ * IP installed on a tun device, but we also don't get a
+ * RTM_NEWADDR. We therefore could miss the new address, letting
+ * virtual IP installation fail. Delaying getifaddrs() helps,
+ * but is obviously not a clean fix. */
+ usleep(50000);
+#endif
iface->flags = msg->ifm_flags;
repopulate_iface(this, iface);
found = TRUE;
diff --git a/src/libhydra/plugins/resolve/Makefile.am b/src/libhydra/plugins/resolve/Makefile.am
deleted file mode 100644
index 33c3e70fc..000000000
--- a/src/libhydra/plugins/resolve/Makefile.am
+++ /dev/null
@@ -1,19 +0,0 @@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra \
- -DRESOLV_CONF=\"${resolv_conf}\"
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-if MONOLITHIC
-noinst_LTLIBRARIES = libstrongswan-resolve.la
-else
-plugin_LTLIBRARIES = libstrongswan-resolve.la
-endif
-
-libstrongswan_resolve_la_SOURCES = \
- resolve_plugin.h resolve_plugin.c \
- resolve_handler.h resolve_handler.c
-
-libstrongswan_resolve_la_LDFLAGS = -module -avoid-version
diff --git a/src/libhydra/plugins/resolve/Makefile.in b/src/libhydra/plugins/resolve/Makefile.in
deleted file mode 100644
index 5b4c7bc6a..000000000
--- a/src/libhydra/plugins/resolve/Makefile.in
+++ /dev/null
@@ -1,775 +0,0 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = src/libhydra/plugins/resolve
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/split-package-version.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
-libstrongswan_resolve_la_LIBADD =
-am_libstrongswan_resolve_la_OBJECTS = resolve_plugin.lo \
- resolve_handler.lo
-libstrongswan_resolve_la_OBJECTS = \
- $(am_libstrongswan_resolve_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-libstrongswan_resolve_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_resolve_la_LDFLAGS) \
- $(LDFLAGS) -o $@
-@MONOLITHIC_FALSE@am_libstrongswan_resolve_la_rpath = -rpath \
-@MONOLITHIC_FALSE@ $(plugindir)
-@MONOLITHIC_TRUE@am_libstrongswan_resolve_la_rpath =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(libstrongswan_resolve_la_SOURCES)
-DIST_SOURCES = $(libstrongswan_resolve_la_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GEM = @GEM@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYGEMDIR = @RUBYGEMDIR@
-RUBYINCLUDE = @RUBYINCLUDE@
-RUBYLIB = @RUBYLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-h_plugins = @h_plugins@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-json_CFLAGS = @json_CFLAGS@
-json_LIBS = @json_LIBS@
-libdir = @libdir@
-libexecdir = @libexecdir@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
-systemd_daemon_LIBS = @systemd_daemon_LIBS@
-systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
-systemd_journal_LIBS = @systemd_journal_LIBS@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra \
- -DRESOLV_CONF=\"${resolv_conf}\"
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-resolve.la
-@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-resolve.la
-libstrongswan_resolve_la_SOURCES = \
- resolve_plugin.h resolve_plugin.c \
- resolve_handler.h resolve_handler.c
-
-libstrongswan_resolve_la_LDFLAGS = -module -avoid-version
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/plugins/resolve/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libhydra/plugins/resolve/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-clean-noinstLTLIBRARIES:
- -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
- @list='$(noinst_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
- }
-
-uninstall-pluginLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
- done
-
-clean-pluginLTLIBRARIES:
- -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
- @list='$(plugin_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-libstrongswan-resolve.la: $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_DEPENDENCIES) $(EXTRA_libstrongswan_resolve_la_DEPENDENCIES)
- $(AM_V_CCLD)$(libstrongswan_resolve_la_LINK) $(am_libstrongswan_resolve_la_rpath) $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolve_handler.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolve_plugin.Plo@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES)
-installdirs:
- for dir in "$(DESTDIR)$(plugindir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
- clean-pluginLTLIBRARIES mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-pluginLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-pluginLTLIBRARIES
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-pdf \
- install-pdf-am install-pluginLTLIBRARIES install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am uninstall-pluginLTLIBRARIES
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/libhydra/plugins/resolve/resolve_handler.c b/src/libhydra/plugins/resolve/resolve_handler.c
deleted file mode 100644
index 069466ab5..000000000
--- a/src/libhydra/plugins/resolve/resolve_handler.c
+++ /dev/null
@@ -1,377 +0,0 @@
-/*
- * Copyright (C) 2012 Tobias Brunner
- * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "resolve_handler.h"
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include <hydra.h>
-#include <utils/debug.h>
-#include <threading/mutex.h>
-
-/* path to resolvconf executable */
-#define RESOLVCONF_EXEC "/sbin/resolvconf"
-
-/* default prefix used for resolvconf interfaces (should have high prio) */
-#define RESOLVCONF_PREFIX "lo.inet.ipsec."
-
-typedef struct private_resolve_handler_t private_resolve_handler_t;
-
-/**
- * Private data of an resolve_handler_t object.
- */
-struct private_resolve_handler_t {
-
- /**
- * Public resolve_handler_t interface.
- */
- resolve_handler_t public;
-
- /**
- * resolv.conf file to use
- */
- char *file;
-
- /**
- * use resolvconf instead of writing directly to resolv.conf
- */
- bool use_resolvconf;
-
- /**
- * prefix to be used for interface names sent to resolvconf
- */
- char *iface_prefix;
-
- /**
- * Mutex to access file exclusively
- */
- mutex_t *mutex;
-};
-
-/**
- * Writes the given nameserver to resolv.conf
- */
-static bool write_nameserver(private_resolve_handler_t *this,
- identification_t *server, host_t *addr)
-{
- FILE *in, *out;
- char buf[1024];
- size_t len;
- bool handled = FALSE;
-
- in = fopen(this->file, "r");
- /* allows us to stream from in to out */
- unlink(this->file);
- out = fopen(this->file, "w");
- if (out)
- {
- fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr,
- server);
- DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file);
- handled = TRUE;
-
- /* copy rest of the file */
- if (in)
- {
- while ((len = fread(buf, 1, sizeof(buf), in)))
- {
- ignore_result(fwrite(buf, 1, len, out));
- }
- }
- fclose(out);
- }
- if (in)
- {
- fclose(in);
- }
- return handled;
-}
-
-/**
- * Removes the given nameserver from resolv.conf
- */
-static void remove_nameserver(private_resolve_handler_t *this,
- identification_t *server, host_t *addr)
-{
- FILE *in, *out;
- char line[1024], matcher[512];
-
- in = fopen(this->file, "r");
- if (in)
- {
- /* allows us to stream from in to out */
- unlink(this->file);
- out = fopen(this->file, "w");
- if (out)
- {
- snprintf(matcher, sizeof(matcher),
- "nameserver %H # by strongSwan, from %Y\n",
- addr, server);
-
- /* copy all, but matching line */
- while (fgets(line, sizeof(line), in))
- {
- if (strpfx(line, matcher))
- {
- DBG1(DBG_IKE, "removing DNS server %H from %s",
- addr, this->file);
- }
- else
- {
- fputs(line, out);
- }
- }
- fclose(out);
- }
- fclose(in);
- }
-}
-
-/**
- * Add or remove the given nameserver by invoking resolvconf.
- */
-static bool invoke_resolvconf(private_resolve_handler_t *this,
- identification_t *server, host_t *addr,
- bool install)
-{
- char cmd[128];
- bool success = TRUE;
-
- /* we use the nameserver's IP address as part of the interface name to
- * make them unique */
- if (snprintf(cmd, sizeof(cmd), "%s %s %s%H", RESOLVCONF_EXEC,
- install ? "-a" : "-d", this->iface_prefix, addr) >= sizeof(cmd))
- {
- return FALSE;
- }
-
- if (install)
- {
- FILE *out;
-
- out = popen(cmd, "w");
- if (!out)
- {
- return FALSE;
- }
- DBG1(DBG_IKE, "installing DNS server %H via resolvconf", addr);
- fprintf(out, "nameserver %H\n", addr);
- success = !ferror(out);
- if (pclose(out))
- {
- return FALSE;
- }
- }
- else
- {
- ignore_result(system(cmd));
- }
- return success;
-}
-
-METHOD(attribute_handler_t, handle, bool,
- private_resolve_handler_t *this, identification_t *server,
- configuration_attribute_type_t type, chunk_t data)
-{
- host_t *addr;
- bool handled;
-
- switch (type)
- {
- case INTERNAL_IP4_DNS:
- addr = host_create_from_chunk(AF_INET, data, 0);
- break;
- case INTERNAL_IP6_DNS:
- addr = host_create_from_chunk(AF_INET6, data, 0);
- break;
- default:
- return FALSE;
- }
-
- if (!addr || addr->is_anyaddr(addr))
- {
- DESTROY_IF(addr);
- return FALSE;
- }
-
- this->mutex->lock(this->mutex);
- if (this->use_resolvconf)
- {
- handled = invoke_resolvconf(this, server, addr, TRUE);
- }
- else
- {
- handled = write_nameserver(this, server, addr);
- }
- this->mutex->unlock(this->mutex);
- addr->destroy(addr);
-
- if (!handled)
- {
- DBG1(DBG_IKE, "adding DNS server failed");
- }
- return handled;
-}
-
-METHOD(attribute_handler_t, release, void,
- private_resolve_handler_t *this, identification_t *server,
- configuration_attribute_type_t type, chunk_t data)
-{
- host_t *addr;
- int family;
-
- switch (type)
- {
- case INTERNAL_IP4_DNS:
- family = AF_INET;
- break;
- case INTERNAL_IP6_DNS:
- family = AF_INET6;
- break;
- default:
- return;
- }
- addr = host_create_from_chunk(family, data, 0);
-
- this->mutex->lock(this->mutex);
- if (this->use_resolvconf)
- {
- invoke_resolvconf(this, server, addr, FALSE);
- }
- else
- {
- remove_nameserver(this, server, addr);
- }
- this->mutex->unlock(this->mutex);
-
- addr->destroy(addr);
-}
-
-/**
- * Attribute enumerator implementation
- */
-typedef struct {
- /** implements enumerator_t interface */
- enumerator_t public;
- /** request IPv4 DNS? */
- bool v4;
- /** request IPv6 DNS? */
- bool v6;
-} attribute_enumerator_t;
-
-static bool attribute_enumerate(attribute_enumerator_t *this,
- configuration_attribute_type_t *type,
- chunk_t *data)
-{
- if (this->v4)
- {
- *type = INTERNAL_IP4_DNS;
- *data = chunk_empty;
- this->v4 = FALSE;
- return TRUE;
- }
- if (this->v6)
- {
- *type = INTERNAL_IP6_DNS;
- *data = chunk_empty;
- this->v6 = FALSE;
- return TRUE;
- }
- return FALSE;
-}
-
-/**
- * Check if a list has a host of given family
- */
-static bool has_host_family(linked_list_t *list, int family)
-{
- enumerator_t *enumerator;
- host_t *host;
- bool found = FALSE;
-
- enumerator = list->create_enumerator(list);
- while (enumerator->enumerate(enumerator, &host))
- {
- if (host->get_family(host) == family)
- {
- found = TRUE;
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- return found;
-}
-
-METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*,
- private_resolve_handler_t *this, identification_t *server,
- linked_list_t *vips)
-{
- attribute_enumerator_t *enumerator;
-
- INIT(enumerator,
- .public = {
- .enumerate = (void*)attribute_enumerate,
- .destroy = (void*)free,
- },
- .v4 = has_host_family(vips, AF_INET),
- .v6 = has_host_family(vips, AF_INET6),
- );
- return &enumerator->public;
-}
-
-METHOD(resolve_handler_t, destroy, void,
- private_resolve_handler_t *this)
-{
- this->mutex->destroy(this->mutex);
- free(this);
-}
-
-/**
- * See header
- */
-resolve_handler_t *resolve_handler_create()
-{
- private_resolve_handler_t *this;
- struct stat st;
-
- INIT(this,
- .public = {
- .handler = {
- .handle = _handle,
- .release = _release,
- .create_attribute_enumerator = _create_attribute_enumerator,
- },
- .destroy = _destroy,
- },
- .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
- .file = lib->settings->get_str(lib->settings, "%s.plugins.resolve.file",
- RESOLV_CONF, lib->ns),
- );
-
- if (stat(RESOLVCONF_EXEC, &st) == 0)
- {
- this->use_resolvconf = TRUE;
- this->iface_prefix = lib->settings->get_str(lib->settings,
- "%s.plugins.resolve.resolvconf.iface_prefix",
- RESOLVCONF_PREFIX, lib->ns);
- }
-
- return &this->public;
-}
-
diff --git a/src/libhydra/plugins/resolve/resolve_handler.h b/src/libhydra/plugins/resolve/resolve_handler.h
deleted file mode 100644
index 77bf9781c..000000000
--- a/src/libhydra/plugins/resolve/resolve_handler.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup resolve_handler resolve_handler
- * @{ @ingroup resolve
- */
-
-#ifndef RESOLVE_HANDLER_H_
-#define RESOLVE_HANDLER_H_
-
-#include <attributes/attribute_handler.h>
-
-typedef struct resolve_handler_t resolve_handler_t;
-
-/**
- * Handle DNS configuration attributes by mangling a resolv.conf file.
- */
-struct resolve_handler_t {
-
- /**
- * Implements the attribute_handler_t interface
- */
- attribute_handler_t handler;
-
- /**
- * Destroy a resolve_handler_t.
- */
- void (*destroy)(resolve_handler_t *this);
-};
-
-/**
- * Create a resolve_handler instance.
- */
-resolve_handler_t *resolve_handler_create();
-
-#endif /** RESOLVE_HANDLER_H_ @}*/
diff --git a/src/libhydra/plugins/resolve/resolve_plugin.c b/src/libhydra/plugins/resolve/resolve_plugin.c
deleted file mode 100644
index 2fef09a49..000000000
--- a/src/libhydra/plugins/resolve/resolve_plugin.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "resolve_plugin.h"
-#include "resolve_handler.h"
-
-#include <hydra.h>
-
-typedef struct private_resolve_plugin_t private_resolve_plugin_t;
-
-/**
- * private data of resolve plugin
- */
-struct private_resolve_plugin_t {
-
- /**
- * implements plugin interface
- */
- resolve_plugin_t public;
-
- /**
- * The registered DNS attribute handler
- */
- resolve_handler_t *handler;
-};
-
-METHOD(plugin_t, get_name, char*,
- private_resolve_plugin_t *this)
-{
- return "resolve";
-}
-
-/**
- * Register handler
- */
-static bool plugin_cb(private_resolve_plugin_t *this,
- plugin_feature_t *feature, bool reg, void *cb_data)
-{
- if (reg)
- {
- hydra->attributes->add_handler(hydra->attributes,
- &this->handler->handler);
- }
- else
- {
- hydra->attributes->remove_handler(hydra->attributes,
- &this->handler->handler);
- }
- return TRUE;
-}
-
-METHOD(plugin_t, get_features, int,
- private_resolve_plugin_t *this, plugin_feature_t *features[])
-{
- static plugin_feature_t f[] = {
- PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL),
- PLUGIN_PROVIDE(CUSTOM, "resolve"),
- };
- *features = f;
- return countof(f);
-}
-
-METHOD(plugin_t, destroy, void,
- private_resolve_plugin_t *this)
-{
- this->handler->destroy(this->handler);
- free(this);
-}
-
-/*
- * see header file
- */
-plugin_t *resolve_plugin_create()
-{
- private_resolve_plugin_t *this;
-
- INIT(this,
- .public = {
- .plugin = {
- .get_name = _get_name,
- .get_features = _get_features,
- .destroy = _destroy,
- },
- },
- .handler = resolve_handler_create(),
- );
-
- return &this->public.plugin;
-}
-
diff --git a/src/libhydra/plugins/resolve/resolve_plugin.h b/src/libhydra/plugins/resolve/resolve_plugin.h
deleted file mode 100644
index 0148b10d7..000000000
--- a/src/libhydra/plugins/resolve/resolve_plugin.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup resolve resolve
- * @ingroup cplugins
- *
- * @defgroup resolve_plugin resolve_plugin
- * @{ @ingroup resolve
- */
-
-#ifndef RESOLVE_PLUGIN_H_
-#define RESOLVE_PLUGIN_H_
-
-#include <plugins/plugin.h>
-
-typedef struct resolve_plugin_t resolve_plugin_t;
-
-/**
- * Plugin that writes received DNS servers in a resolv.conf file.
- */
-struct resolve_plugin_t {
-
- /**
- * implements plugin interface
- */
- plugin_t plugin;
-};
-
-#endif /** RESOLVE_PLUGIN_H_ @}*/
diff --git a/src/libhydra/tests/Makefile.am b/src/libhydra/tests/Makefile.am
new file mode 100644
index 000000000..5acd5c28c
--- /dev/null
+++ b/src/libhydra/tests/Makefile.am
@@ -0,0 +1,18 @@
+TESTS = hydra_tests
+
+check_PROGRAMS = $(TESTS)
+
+hydra_tests_SOURCES = \
+ hydra_tests.h hydra_tests.c
+
+hydra_tests_CFLAGS = \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ @COVERAGE_CFLAGS@
+
+hydra_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+hydra_tests_LDADD = \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
diff --git a/src/libhydra/plugins/attr/Makefile.in b/src/libhydra/tests/Makefile.in
index 50ea066c5..1fa889d67 100644
--- a/src/libhydra/plugins/attr/Makefile.in
+++ b/src/libhydra/tests/Makefile.in
@@ -13,7 +13,6 @@
# PARTICULAR PURPOSE.
@SET_MAKE@
-
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
@@ -78,7 +77,9 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/libhydra/plugins/attr
+TESTS = hydra_tests$(EXEEXT)
+check_PROGRAMS = $(am__EXEEXT_1)
+subdir = src/libhydra/tests
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -98,48 +99,19 @@ mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
-libstrongswan_attr_la_LIBADD =
-am_libstrongswan_attr_la_OBJECTS = attr_plugin.lo attr_provider.lo
-libstrongswan_attr_la_OBJECTS = $(am_libstrongswan_attr_la_OBJECTS)
+am__EXEEXT_1 = hydra_tests$(EXEEXT)
+am_hydra_tests_OBJECTS = hydra_tests-hydra_tests.$(OBJEXT)
+hydra_tests_OBJECTS = $(am_hydra_tests_OBJECTS)
+hydra_tests_DEPENDENCIES = $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
-libstrongswan_attr_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_attr_la_LDFLAGS) \
- $(LDFLAGS) -o $@
-@MONOLITHIC_FALSE@am_libstrongswan_attr_la_rpath = -rpath $(plugindir)
-@MONOLITHIC_TRUE@am_libstrongswan_attr_la_rpath =
+hydra_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(hydra_tests_CFLAGS) \
+ $(CFLAGS) $(hydra_tests_LDFLAGS) $(LDFLAGS) -o $@
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -174,8 +146,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(libstrongswan_attr_la_SOURCES)
-DIST_SOURCES = $(libstrongswan_attr_la_SOURCES)
+SOURCES = $(hydra_tests_SOURCES)
+DIST_SOURCES = $(hydra_tests_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -200,6 +172,28 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__tty_colors_dummy = \
+ mgn= red= grn= lgn= blu= brg= std=; \
+ am__color_tests=no
+am__tty_colors = { \
+ $(am__tty_colors_dummy); \
+ if test "X$(AM_COLOR_TESTS)" = Xno; then \
+ am__color_tests=no; \
+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+ am__color_tests=yes; \
+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+ am__color_tests=yes; \
+ fi; \
+ if test $$am__color_tests = yes; then \
+ red=''; \
+ grn=''; \
+ lgn=''; \
+ blu=''; \
+ mgn=''; \
+ brg=''; \
+ std=''; \
+ fi; \
+}
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
@@ -226,6 +220,7 @@ DLLIB = @DLLIB@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
@@ -286,10 +281,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -363,6 +360,8 @@ json_CFLAGS = @json_CFLAGS@
json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
@@ -421,20 +420,21 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra
+hydra_tests_SOURCES = \
+ hydra_tests.h hydra_tests.c
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
+hydra_tests_CFLAGS = \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ @COVERAGE_CFLAGS@
-@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-attr.la
-@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-attr.la
-libstrongswan_attr_la_SOURCES = \
- attr_plugin.h attr_plugin.c \
- attr_provider.h attr_provider.c
+hydra_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+hydra_tests_LDADD = \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
-libstrongswan_attr_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
@@ -448,9 +448,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/plugins/attr/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/tests/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libhydra/plugins/attr/Makefile
+ $(AUTOMAKE) --gnu src/libhydra/tests/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -470,54 +470,18 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
-clean-noinstLTLIBRARIES:
- -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
- @list='$(noinst_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
- }
-
-uninstall-pluginLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
- done
-
-clean-pluginLTLIBRARIES:
- -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
- @list='$(plugin_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
-libstrongswan-attr.la: $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_DEPENDENCIES) $(EXTRA_libstrongswan_attr_la_DEPENDENCIES)
- $(AM_V_CCLD)$(libstrongswan_attr_la_LINK) $(am_libstrongswan_attr_la_rpath) $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_LIBADD) $(LIBS)
+hydra_tests$(EXEEXT): $(hydra_tests_OBJECTS) $(hydra_tests_DEPENDENCIES) $(EXTRA_hydra_tests_DEPENDENCIES)
+ @rm -f hydra_tests$(EXEEXT)
+ $(AM_V_CCLD)$(hydra_tests_LINK) $(hydra_tests_OBJECTS) $(hydra_tests_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -525,8 +489,7 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attr_plugin.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attr_provider.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hydra_tests-hydra_tests.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -552,6 +515,20 @@ distclean-compile:
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+hydra_tests-hydra_tests.o: hydra_tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(hydra_tests_CFLAGS) $(CFLAGS) -MT hydra_tests-hydra_tests.o -MD -MP -MF $(DEPDIR)/hydra_tests-hydra_tests.Tpo -c -o hydra_tests-hydra_tests.o `test -f 'hydra_tests.c' || echo '$(srcdir)/'`hydra_tests.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/hydra_tests-hydra_tests.Tpo $(DEPDIR)/hydra_tests-hydra_tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hydra_tests.c' object='hydra_tests-hydra_tests.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(hydra_tests_CFLAGS) $(CFLAGS) -c -o hydra_tests-hydra_tests.o `test -f 'hydra_tests.c' || echo '$(srcdir)/'`hydra_tests.c
+
+hydra_tests-hydra_tests.obj: hydra_tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(hydra_tests_CFLAGS) $(CFLAGS) -MT hydra_tests-hydra_tests.obj -MD -MP -MF $(DEPDIR)/hydra_tests-hydra_tests.Tpo -c -o hydra_tests-hydra_tests.obj `if test -f 'hydra_tests.c'; then $(CYGPATH_W) 'hydra_tests.c'; else $(CYGPATH_W) '$(srcdir)/hydra_tests.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/hydra_tests-hydra_tests.Tpo $(DEPDIR)/hydra_tests-hydra_tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hydra_tests.c' object='hydra_tests-hydra_tests.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(hydra_tests_CFLAGS) $(CFLAGS) -c -o hydra_tests-hydra_tests.obj `if test -f 'hydra_tests.c'; then $(CYGPATH_W) 'hydra_tests.c'; else $(CYGPATH_W) '$(srcdir)/hydra_tests.c'; fi`
+
mostlyclean-libtool:
-rm -f *.lo
@@ -610,6 +587,99 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ fi; \
+ echo "$${col}$$dashes$${std}"; \
+ echo "$${col}$$banner$${std}"; \
+ test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \
+ test -z "$$report" || echo "$${col}$$report$${std}"; \
+ echo "$${col}$$dashes$${std}"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -641,12 +711,11 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
-all-am: Makefile $(LTLIBRARIES)
+all-am: Makefile
installdirs:
- for dir in "$(DESTDIR)$(plugindir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
@@ -679,8 +748,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
- clean-pluginLTLIBRARIES mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+ mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -700,7 +769,7 @@ info: info-am
info-am:
-install-data-am: install-pluginLTLIBRARIES
+install-data-am:
install-dvi: install-dvi-am
@@ -746,24 +815,23 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-pluginLTLIBRARIES
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-pdf \
- install-pdf-am install-pluginLTLIBRARIES install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am uninstall-pluginLTLIBRARIES
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
+ clean-checkPROGRAMS clean-generic clean-libtool cscopelist-am \
+ ctags ctags-am distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libhydra/tests/hydra_tests.c b/src/libhydra/tests/hydra_tests.c
new file mode 100644
index 000000000..90abd8369
--- /dev/null
+++ b/src/libhydra/tests/hydra_tests.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <test_runner.h>
+#include <hydra.h>
+
+/* declare test suite constructors */
+#define TEST_SUITE(x) test_suite_t* x();
+#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x)
+#include "hydra_tests.h"
+#undef TEST_SUITE
+#undef TEST_SUITE_DEPEND
+
+static test_configuration_t tests[] = {
+#define TEST_SUITE(x) \
+ { .suite = x, },
+#define TEST_SUITE_DEPEND(x, type, args) \
+ { .suite = x, .feature = PLUGIN_DEPENDS(type, args) },
+#include "hydra_tests.h"
+ { .suite = NULL, }
+};
+
+static bool test_runner_init(bool init)
+{
+ if (init)
+ {
+ libhydra_init();
+ }
+ else
+ {
+ lib->processor->set_threads(lib->processor, 0);
+ lib->processor->cancel(lib->processor);
+ libhydra_deinit();
+ }
+ return TRUE;
+}
+
+int main(int argc, char *argv[])
+{
+ return test_runner_run("libhydra", tests, test_runner_init);
+}
diff --git a/src/libhydra/plugins/attr/attr_plugin.h b/src/libhydra/tests/hydra_tests.h
index 29fb33839..6b213d026 100644
--- a/src/libhydra/plugins/attr/attr_plugin.h
+++ b/src/libhydra/tests/hydra_tests.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009 Martin Willi
+ * Copyright (C) 2014 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -12,31 +12,3 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
-
-/**
- * @defgroup attr attr
- * @ingroup hplugins
- *
- * @defgroup attr_plugin attr_plugin
- * @{ @ingroup attr
- */
-
-#ifndef ATTR_PLUGIN_H_
-#define ATTR_PLUGIN_H_
-
-#include <plugins/plugin.h>
-
-typedef struct attr_plugin_t attr_plugin_t;
-
-/**
- * Plugin providing configuration attribute through strongswan.conf.
- */
-struct attr_plugin_t {
-
- /**
- * implements plugin interface
- */
- plugin_t plugin;
-};
-
-#endif /** ATTR_PLUGIN_H_ @}*/
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 14:46:59 +0000