diff options
Diffstat (limited to 'src/libhydra')
21 files changed, 307 insertions, 0 deletions
diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in index 8e5697b79..4f65ac93f 100644 --- a/src/libhydra/Makefile.in +++ b/src/libhydra/Makefile.in @@ -271,9 +271,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -312,6 +316,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c index 3e6d46205..894bfb3bb 100644 --- a/src/libhydra/kernel/kernel_interface.c +++ b/src/libhydra/kernel/kernel_interface.c @@ -78,8 +78,13 @@ METHOD(kernel_interface_t, get_cpi, status_t, METHOD(kernel_interface_t, add_sa, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, +<<<<<<< HEAD u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +======= + u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, + u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +>>>>>>> upstream/4.5.1 u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) @@ -89,8 +94,13 @@ METHOD(kernel_interface_t, add_sa, status_t, return NOT_SUPPORTED; } return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid, +<<<<<<< HEAD mark, lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, cpi, encap, inbound, src_ts, dst_ts); +======= + mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode, + ipcomp, cpi, encap, inbound, src_ts, dst_ts); +>>>>>>> upstream/4.5.1 } METHOD(kernel_interface_t, update_sa, status_t, diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h index 8b0c7a296..200628f8c 100644 --- a/src/libhydra/kernel/kernel_interface.h +++ b/src/libhydra/kernel/kernel_interface.h @@ -91,6 +91,10 @@ struct kernel_interface_t { * @param protocol protocol for this SA (ESP/AH) * @param reqid unique ID for this SA * @param mark optional mark for this SA +<<<<<<< HEAD +======= + * @param tfc Traffic Flow Confidentiality padding for this SA +>>>>>>> upstream/4.5.1 * @param lifetime lifetime_cfg_t for this SA * @param enc_alg Algorithm to use for encryption (ESP only) * @param enc_key key to use for encryption @@ -108,7 +112,11 @@ struct kernel_interface_t { status_t (*add_sa) (kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, +<<<<<<< HEAD lifetime_cfg_t *lifetime, +======= + u_int32_t tfc, lifetime_cfg_t *lifetime, +>>>>>>> upstream/4.5.1 u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h index 49d9cc07a..7145dda8e 100644 --- a/src/libhydra/kernel/kernel_ipsec.h +++ b/src/libhydra/kernel/kernel_ipsec.h @@ -204,6 +204,10 @@ struct kernel_ipsec_t { * @param protocol protocol for this SA (ESP/AH) * @param reqid unique ID for this SA * @param mark mark for this SA +<<<<<<< HEAD +======= + * @param tfc Traffic Flow Confidentiality padding for this SA +>>>>>>> upstream/4.5.1 * @param lifetime lifetime_cfg_t for this SA * @param enc_alg Algorithm to use for encryption (ESP only) * @param enc_key key to use for encryption @@ -221,7 +225,11 @@ struct kernel_ipsec_t { status_t (*add_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, +<<<<<<< HEAD mark_t mark, lifetime_cfg_t *lifetime, +======= + mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime, +>>>>>>> upstream/4.5.1 u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, diff --git a/src/libhydra/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in index 72182e57f..45ecb9924 100644 --- a/src/libhydra/plugins/attr/Makefile.in +++ b/src/libhydra/plugins/attr/Makefile.in @@ -219,9 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,6 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/attr/attr_plugin.c b/src/libhydra/plugins/attr/attr_plugin.c index 24c00bb44..1edb92c1f 100644 --- a/src/libhydra/plugins/attr/attr_plugin.c +++ b/src/libhydra/plugins/attr/attr_plugin.c @@ -36,10 +36,15 @@ struct private_attr_plugin_t { attr_provider_t *provider; }; +<<<<<<< HEAD /** * Implementation of plugin_t.destroy */ static void destroy(private_attr_plugin_t *this) +======= +METHOD(plugin_t, destroy, void, + private_attr_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->attributes->remove_provider(hydra->attributes, &this->provider->provider); this->provider->destroy(this->provider); @@ -51,11 +56,24 @@ static void destroy(private_attr_plugin_t *this) */ plugin_t *attr_plugin_create() { +<<<<<<< HEAD private_attr_plugin_t *this = malloc_thing(private_attr_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; this->provider = attr_provider_create(); +======= + private_attr_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + .provider = attr_provider_create(), + ); +>>>>>>> upstream/4.5.1 hydra->attributes->add_provider(hydra->attributes, &this->provider->provider); return &this->public.plugin; diff --git a/src/libhydra/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in index dfb41cc02..729738d60 100644 --- a/src/libhydra/plugins/attr_sql/Makefile.in +++ b/src/libhydra/plugins/attr_sql/Makefile.in @@ -232,9 +232,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -273,6 +277,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c index 70e7a2247..e47f9f03a 100644 --- a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c +++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c @@ -43,10 +43,15 @@ struct private_attr_sql_plugin_t { }; +<<<<<<< HEAD /** * Implementation of plugin_t.destroy */ static void destroy(private_attr_sql_plugin_t *this) +======= +METHOD(plugin_t, destroy, void, + private_attr_sql_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->attributes->remove_provider(hydra->attributes, &this->attribute->provider); this->attribute->destroy(this->attribute); @@ -59,21 +64,41 @@ static void destroy(private_attr_sql_plugin_t *this) */ plugin_t *attr_sql_plugin_create() { +<<<<<<< HEAD char *uri; private_attr_sql_plugin_t *this; uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL); +======= + private_attr_sql_plugin_t *this; + char *uri; + + uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", + NULL); +>>>>>>> upstream/4.5.1 if (!uri) { DBG1(DBG_CFG, "attr-sql plugin: database URI not set"); return NULL; } +<<<<<<< HEAD this = malloc_thing(private_attr_sql_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; this->db = lib->db->create(lib->db, uri); +======= + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + .db = lib->db->create(lib->db, uri), + ); + +>>>>>>> upstream/4.5.1 if (!this->db) { DBG1(DBG_CFG, "attr-sql plugin failed to connect to database"); diff --git a/src/libhydra/plugins/kernel_klips/Makefile.in b/src/libhydra/plugins/kernel_klips/Makefile.in index a451bd6f5..e4de26b60 100644 --- a/src/libhydra/plugins/kernel_klips/Makefile.in +++ b/src/libhydra/plugins/kernel_klips/Makefile.in @@ -223,9 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,6 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c index 0ccb2ac5f..f98dfcec5 100644 --- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c @@ -1668,7 +1668,11 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this, METHOD(kernel_ipsec_t, add_sa, status_t, private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, +<<<<<<< HEAD u_int8_t protocol, u_int32_t reqid, mark_t mark, +======= + u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, +>>>>>>> upstream/4.5.1 lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c b/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c index 1a22835c0..cbfc59a10 100644 --- a/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c +++ b/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c @@ -32,10 +32,15 @@ struct private_kernel_klips_plugin_t { kernel_klips_plugin_t public; }; +<<<<<<< HEAD /** * Implementation of plugin_t.destroy */ static void destroy(private_kernel_klips_plugin_t *this) +======= +METHOD(plugin_t, destroy, void, + private_kernel_klips_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_klips_ipsec_create); @@ -47,10 +52,22 @@ static void destroy(private_kernel_klips_plugin_t *this) */ plugin_t *kernel_klips_plugin_create() { +<<<<<<< HEAD private_kernel_klips_plugin_t *this = malloc_thing(private_kernel_klips_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= + private_kernel_klips_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); +>>>>>>> upstream/4.5.1 hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_klips_ipsec_create); diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in index d41ee1456..d293347cf 100644 --- a/src/libhydra/plugins/kernel_netlink/Makefile.in +++ b/src/libhydra/plugins/kernel_netlink/Makefile.in @@ -224,9 +224,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,6 +269,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index 8cc9a6283..bd3f4a122 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -58,8 +58,13 @@ #endif /*IPV6_XFRM_POLICY*/ /** default priority of installed policies */ +<<<<<<< HEAD #define PRIO_LOW 3000 #define PRIO_HIGH 2000 +======= +#define PRIO_LOW 1024 +#define PRIO_HIGH 512 +>>>>>>> upstream/4.5.1 /** * map the limit for bytes and packets to XFRM_INF per default @@ -866,7 +871,11 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, METHOD(kernel_ipsec_t, add_sa, status_t, private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, +<<<<<<< HEAD lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +======= + u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +>>>>>>> upstream/4.5.1 u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, traffic_selector_t* src_ts, traffic_selector_t* dst_ts) @@ -882,7 +891,11 @@ METHOD(kernel_ipsec_t, add_sa, status_t, if (ipcomp != IPCOMP_NONE && cpi != 0) { lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}}; +<<<<<<< HEAD add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, +======= + add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, tfc, +>>>>>>> upstream/4.5.1 &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty, mode, ipcomp, 0, FALSE, inbound, NULL, NULL); ipcomp = IPCOMP_NONE; @@ -920,6 +933,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t, sa->flags |= XFRM_STATE_AF_UNSPEC; break; case MODE_BEET: +<<<<<<< HEAD +======= + case MODE_TRANSPORT: +>>>>>>> upstream/4.5.1 if(src_ts && dst_ts) { sa->sel = ts2selector(src_ts, dst_ts); @@ -1153,6 +1170,27 @@ METHOD(kernel_ipsec_t, add_sa, status_t, rthdr = XFRM_RTA_NEXT(rthdr); } +<<<<<<< HEAD +======= + if (tfc) + { + u_int32_t *tfcpad; + + rthdr->rta_type = XFRMA_TFCPAD; + rthdr->rta_len = RTA_LENGTH(sizeof(u_int32_t)); + + hdr->nlmsg_len += rthdr->rta_len; + if (hdr->nlmsg_len > sizeof(request)) + { + return FAILED; + } + + tfcpad = (u_int32_t*)RTA_DATA(rthdr); + *tfcpad = tfc; + rthdr = XFRM_RTA_NEXT(rthdr); + } + +>>>>>>> upstream/4.5.1 if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { if (mark.value) @@ -1687,11 +1725,24 @@ METHOD(kernel_ipsec_t, add_policy, status_t, policy_info = (struct xfrm_userpolicy_info*)NLMSG_DATA(hdr); policy_info->sel = policy->sel; policy_info->dir = policy->direction; +<<<<<<< HEAD /* calculate priority based on source selector size, small size = high prio */ policy_info->priority = routed ? PRIO_LOW : PRIO_HIGH; policy_info->priority -= policy->sel.prefixlen_s * 10; policy_info->priority -= policy->sel.proto ? 2 : 0; policy_info->priority -= policy->sel.sport_mask ? 1 : 0; +======= + + /* calculate priority based on selector size, small size = high prio */ + policy_info->priority = routed ? PRIO_LOW : PRIO_HIGH; + policy_info->priority -= policy->sel.prefixlen_s; + policy_info->priority -= policy->sel.prefixlen_d; + policy_info->priority <<= 2; /* make some room for the two flags */ + policy_info->priority += policy->sel.sport_mask || + policy->sel.dport_mask ? 0 : 2; + policy_info->priority += policy->sel.proto ? 0 : 1; + +>>>>>>> upstream/4.5.1 policy_info->action = type != POLICY_DROP ? XFRM_POLICY_ALLOW : XFRM_POLICY_BLOCK; policy_info->share = XFRM_SHARE_ANY; @@ -1813,6 +1864,11 @@ METHOD(kernel_ipsec_t, add_policy, status_t, if (route->if_name) { +<<<<<<< HEAD +======= + DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s", + src_ts, route->gateway, route->src_ip, route->if_name); +>>>>>>> upstream/4.5.1 switch (hydra->kernel_interface->add_route( hydra->kernel_interface, route->dst_net, route->prefixlen, route->gateway, diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c index 212675d1a..b75a2be80 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c @@ -33,10 +33,15 @@ struct private_kernel_netlink_plugin_t { kernel_netlink_plugin_t public; }; +<<<<<<< HEAD /** * Implementation of plugin_t.destroy */ static void destroy(private_kernel_netlink_plugin_t *this) +======= +METHOD(plugin_t, destroy, void, + private_kernel_netlink_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_netlink_ipsec_create); @@ -50,10 +55,22 @@ static void destroy(private_kernel_netlink_plugin_t *this) */ plugin_t *kernel_netlink_plugin_create() { +<<<<<<< HEAD private_kernel_netlink_plugin_t *this = malloc_thing(private_kernel_netlink_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= + private_kernel_netlink_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); +>>>>>>> upstream/4.5.1 hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_netlink_ipsec_create); hydra->kernel_interface->add_net_interface(hydra->kernel_interface, diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.in b/src/libhydra/plugins/kernel_pfkey/Makefile.in index a98ae42d1..3f2976959 100644 --- a/src/libhydra/plugins/kernel_pfkey/Makefile.in +++ b/src/libhydra/plugins/kernel_pfkey/Makefile.in @@ -223,9 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,6 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index f5786447b..69d0da6e5 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -99,8 +99,13 @@ #endif /** default priority of installed policies */ +<<<<<<< HEAD #define PRIO_LOW 3000 #define PRIO_HIGH 2000 +======= +#define PRIO_LOW 1024 +#define PRIO_HIGH 512 +>>>>>>> upstream/4.5.1 #ifdef __APPLE__ /** from xnu/bsd/net/pfkeyv2.h */ @@ -1206,7 +1211,11 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, METHOD(kernel_ipsec_t, add_sa, status_t, private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, +<<<<<<< HEAD u_int8_t protocol, u_int32_t reqid, mark_t mark, +======= + u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, +>>>>>>> upstream/4.5.1 lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, @@ -1651,11 +1660,22 @@ METHOD(kernel_ipsec_t, add_policy, status_t, pol->sadb_x_policy_dir = dir2kernel(direction); pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; #ifdef HAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY +<<<<<<< HEAD /* calculate priority based on source selector size, small size = high prio */ pol->sadb_x_policy_priority = routed ? PRIO_LOW : PRIO_HIGH; pol->sadb_x_policy_priority -= policy->src.mask * 10; pol->sadb_x_policy_priority -= policy->src.proto != IPSEC_PROTO_ANY ? 2 : 0; pol->sadb_x_policy_priority -= policy->src.net->get_port(policy->src.net) ? 1 : 0; +======= + /* calculate priority based on selector size, small size = high prio */ + pol->sadb_x_policy_priority = routed ? PRIO_LOW : PRIO_HIGH; + pol->sadb_x_policy_priority -= policy->src.mask; + pol->sadb_x_policy_priority -= policy->dst.mask; + pol->sadb_x_policy_priority <<= 2; /* make some room for the flags */ + pol->sadb_x_policy_priority += policy->src.net->get_port(policy->src.net) || + policy->dst.net->get_port(policy->dst.net) ? 0 : 2; + pol->sadb_x_policy_priority += policy->src.proto != IPSEC_PROTO_ANY ? 0 : 1; +>>>>>>> upstream/4.5.1 #endif /* one or more sadb_x_ipsecrequest extensions are added to the sadb_x_policy extension */ diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c index 781ba5008..e2ed954fb 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c @@ -32,10 +32,15 @@ struct private_kernel_pfkey_plugin_t { kernel_pfkey_plugin_t public; }; +<<<<<<< HEAD /** * Implementation of plugin_t.destroy */ static void destroy(private_kernel_pfkey_plugin_t *this) +======= +METHOD(plugin_t, destroy, void, + private_kernel_pfkey_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_pfkey_ipsec_create); @@ -47,10 +52,22 @@ static void destroy(private_kernel_pfkey_plugin_t *this) */ plugin_t *kernel_pfkey_plugin_create() { +<<<<<<< HEAD private_kernel_pfkey_plugin_t *this = malloc_thing(private_kernel_pfkey_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= + private_kernel_pfkey_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); +>>>>>>> upstream/4.5.1 hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_pfkey_ipsec_create); diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.in b/src/libhydra/plugins/kernel_pfroute/Makefile.in index b0bc00c70..24f8ffc4e 100644 --- a/src/libhydra/plugins/kernel_pfroute/Makefile.in +++ b/src/libhydra/plugins/kernel_pfroute/Makefile.in @@ -223,9 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,6 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c index 5f351bd72..bae3a2ac6 100644 --- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c +++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c @@ -32,10 +32,15 @@ struct private_kernel_pfroute_plugin_t { kernel_pfroute_plugin_t public; }; +<<<<<<< HEAD /** * Implementation of plugin_t.destroy */ static void destroy(private_kernel_pfroute_plugin_t *this) +======= +METHOD(plugin_t, destroy, void, + private_kernel_pfroute_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->kernel_interface->remove_net_interface(hydra->kernel_interface, (kernel_net_constructor_t)kernel_pfroute_net_create); @@ -47,10 +52,22 @@ static void destroy(private_kernel_pfroute_plugin_t *this) */ plugin_t *kernel_pfroute_plugin_create() { +<<<<<<< HEAD private_kernel_pfroute_plugin_t *this = malloc_thing(private_kernel_pfroute_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= + private_kernel_pfroute_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); +>>>>>>> upstream/4.5.1 hydra->kernel_interface->add_net_interface(hydra->kernel_interface, (kernel_net_constructor_t)kernel_pfroute_net_create); diff --git a/src/libhydra/plugins/resolve/Makefile.in b/src/libhydra/plugins/resolve/Makefile.in index aedc8fdb7..646d1dba9 100644 --- a/src/libhydra/plugins/resolve/Makefile.in +++ b/src/libhydra/plugins/resolve/Makefile.in @@ -222,9 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,6 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/resolve/resolve_plugin.c b/src/libhydra/plugins/resolve/resolve_plugin.c index 502129593..c60521cd1 100644 --- a/src/libhydra/plugins/resolve/resolve_plugin.c +++ b/src/libhydra/plugins/resolve/resolve_plugin.c @@ -36,10 +36,15 @@ struct private_resolve_plugin_t { resolve_handler_t *handler; }; +<<<<<<< HEAD /** * Implementation of plugin_t.destroy */ static void destroy(private_resolve_plugin_t *this) +======= +METHOD(plugin_t, destroy, void, + private_resolve_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler); this->handler->destroy(this->handler); @@ -51,10 +56,23 @@ static void destroy(private_resolve_plugin_t *this) */ plugin_t *resolve_plugin_create() { +<<<<<<< HEAD private_resolve_plugin_t *this = malloc_thing(private_resolve_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; this->handler = resolve_handler_create(); +======= + private_resolve_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + .handler = resolve_handler_create(), + ); +>>>>>>> upstream/4.5.1 hydra->attributes->add_handler(hydra->attributes, &this->handler->handler); return &this->public.plugin; |