summaryrefslogtreecommitdiff
path: root/src/starter
diff options
context:
space:
mode:
Diffstat (limited to 'src/starter')
-rw-r--r--src/starter/Makefile.in2
-rw-r--r--src/starter/args.c3
-rw-r--r--src/starter/confread.c9
-rw-r--r--src/starter/confread.h3
-rw-r--r--src/starter/invokecharon.c52
-rw-r--r--src/starter/ipsec.conf.518
-rw-r--r--src/starter/keywords.c206
-rw-r--r--src/starter/keywords.h3
-rw-r--r--src/starter/keywords.txt3
-rw-r--r--src/starter/starter.c9
-rw-r--r--src/starter/starterstroke.c3
11 files changed, 181 insertions, 130 deletions
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 03bb318a5..4150a60e7 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -191,6 +191,8 @@ localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
diff --git a/src/starter/args.c b/src/starter/args.c
index 8a0262d8d..7af3b6310 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: args.c 3932 2008-05-12 10:05:49Z andreas $
+ * RCSID $Id: args.c 4276 2008-08-22 10:44:51Z martin $
*/
#include <stddef.h>
@@ -202,6 +202,7 @@ static const token_info_t token_info[] =
{ ARG_MISC, 0, NULL /* KW_AUTH */ },
{ ARG_MISC, 0, NULL /* KW_AUTHBY */ },
{ ARG_MISC, 0, NULL /* KW_EAP */ },
+ { ARG_STR, offsetof(starter_conn_t, eap_identity), NULL },
{ ARG_MISC, 0, NULL /* KW_MOBIKE */ },
{ ARG_MISC, 0, NULL /* KW_FORCEENCAPS */ },
{ ARG_TIME, offsetof(starter_conn_t, sa_ike_life_seconds), NULL },
diff --git a/src/starter/confread.c b/src/starter/confread.c
index df9be43bb..959a98b77 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: confread.c 4051 2008-06-10 09:08:27Z tobias $
+ * RCSID $Id: confread.c 4269 2008-08-21 12:10:07Z martin $
*/
#include <stddef.h>
@@ -588,6 +588,10 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
{
conn->eap_type = 4;
}
+ else if (streq(kw->value, "gtc"))
+ {
+ conn->eap_type = 6;
+ }
else
{
conn->eap_type = atoi(kw->value);
@@ -931,8 +935,9 @@ confread_load(const char *file)
/* load IPSec configuration file */
cfgp = parser_load_conf(file);
if (!cfgp)
+ {
return NULL;
-
+ }
cfg = (starter_config_t *)alloc_thing(starter_config_t, "starter_config_t");
/* set default values */
diff --git a/src/starter/confread.h b/src/starter/confread.h
index 41f02476f..2c6e45984 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: confread.h 3932 2008-05-12 10:05:49Z andreas $
+ * RCSID $Id: confread.h 4276 2008-08-22 10:44:51Z martin $
*/
#ifndef _IPSEC_CONFREAD_H_
@@ -105,6 +105,7 @@ struct starter_conn {
keyexchange_t keyexchange;
u_int32_t eap_type;
u_int32_t eap_vendor;
+ char *eap_identity;
lset_t policy;
time_t sa_ike_life_seconds;
time_t sa_ipsec_life_seconds;
diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c
index 849a0af32..96baa4773 100644
--- a/src/starter/invokecharon.c
+++ b/src/starter/invokecharon.c
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: invokecharon.c 3928 2008-05-11 07:59:00Z andreas $
+ * RCSID $Id: invokecharon.c 4243 2008-08-01 10:35:59Z andreas $
*/
#include <sys/types.h>
@@ -63,38 +63,46 @@ starter_charon_sigchild(pid_t pid)
int
starter_stop_charon (void)
{
- pid_t pid;
int i;
+ pid_t pid = _charon_pid;
- pid = _charon_pid;
if (pid)
{
_stop_requested = 1;
/* be more and more aggressive */
- for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
+ for (i = 0; i < 50 && (pid = _charon_pid) != 0; i++)
{
- if (i == 0)
- kill(pid, SIGINT);
- else if (i < 10)
- kill(pid, SIGTERM);
- else if (i == 10)
+ if (i == 0)
{
- kill(pid, SIGKILL);
- plog("starter_stop_charon(): charon does not respond, sending KILL");
+ kill(pid, SIGINT);
+ }
+ else if (i < 40)
+ {
+ kill(pid, SIGTERM);
+ }
+ else if (i == 40)
+ {
+ kill(pid, SIGKILL);
+ plog("starter_stop_charon(): charon does not respond, sending KILL");
}
else
- kill(pid, SIGKILL);
- usleep(200000);
+ {
+ kill(pid, SIGKILL);
+ }
+ usleep(200000); /* sleep for 200 ms */
}
if (_charon_pid == 0)
+ {
+ plog("charon stopped after %d ms", 200*i);
return 0;
+ }
plog("starter_stop_charon(): can't stop charon !!!");
return -1;
}
else
{
- plog("stater_stop_charon(): charon is not started...");
+ plog("stater_stop_charon(): charon was not started...");
}
return -1;
}
@@ -177,15 +185,13 @@ starter_start_charon (starter_config_t *cfg, bool no_fork)
default:
/* father */
_charon_pid = pid;
- for (i = 0; i < 50 && _charon_pid; i++)
+ for (i = 0; i < 500 && _charon_pid; i++)
{
- /* wait for charon */
+ /* wait for charon for a maximum of 500 x 20 ms = 10 s */
usleep(20000);
if (stat(CHARON_PID_FILE, &stb) == 0)
{
- DBG(DBG_CONTROL,
- DBG_log("charon (%d) started", _charon_pid)
- )
+ plog("charon (%d) started after %d ms", _charon_pid, 20*(i+1));
return 0;
}
}
@@ -195,12 +201,18 @@ starter_start_charon (starter_config_t *cfg, bool no_fork)
plog("charon too long to start... - kill kill");
for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
{
- if (i == 0)
+ if (i == 0)
+ {
kill(pid, SIGINT);
+ }
else if (i < 10)
+ {
kill(pid, SIGTERM);
+ }
else
+ {
kill(pid, SIGKILL);
+ }
usleep(20000);
}
}
diff --git a/src/starter/ipsec.conf.5 b/src/starter/ipsec.conf.5
index bf8bcc0d2..40ff27d0b 100644
--- a/src/starter/ipsec.conf.5
+++ b/src/starter/ipsec.conf.5
@@ -1,5 +1,5 @@
.TH IPSEC.CONF 5 "27 Jun 2007"
-.\" RCSID $Id: ipsec.conf.5 3934 2008-05-12 12:46:30Z andreas $
+.\" RCSID $Id: ipsec.conf.5 4360 2008-09-30 12:36:58Z martin $
.SH NAME
ipsec.conf \- IPsec configuration and connections
.SH DESCRIPTION
@@ -366,6 +366,14 @@ in the form
.B eap=7-12345
) can be used to specify vendor specific EAP types.
.TP
+.B eap_identity
+defines the identity the client uses to reply to a EAP Identity request.
+If defined on the EAP server, the defined identity will be used as peer
+identity during EAP authentication. The special value
+.B %identity
+uses the EAP Identity method to ask the client for a EAP identity. If not
+defined, the IKEv2 identity will be used as EAP identity.
+.TP
.B esp
ESP encryption/authentication algorithm to be used
for the connection, e.g.
@@ -678,8 +686,8 @@ enables the IKEv2 MOBIKE protocol defined by RFC 4555. Accepted values are
.BR no .
If set to
.BR no ,
-the IKEv2 charon daemon will not actively propose MOBIKE but will still
-accept and support the protocol as a responder.
+the IKEv2 charon daemon will not actively propose MOBIKE as initiator and
+ignore the MOBIKE_SUPPORTED notify as responder.
.TP
.B modeconfig
defines which mode is used to assign a virtual IP.
@@ -706,6 +714,10 @@ PFS is enforced by defining a Diffie-Hellman modp group in the
.B esp
parameter.
.TP
+.B pfsgroup
+defines a Diffie-Hellman group for perfect forward secrecy in IKEv1 Quick Mode
+differing from the DH group used for IKEv1 Main Mode (IKEv1 only).
+.TP
.B reauth
whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1,
reauthentication is always done. In IKEv2, a value of
diff --git a/src/starter/keywords.c b/src/starter/keywords.c
index b96019d83..35c17b9b5 100644
--- a/src/starter/keywords.c
+++ b/src/starter/keywords.c
@@ -44,7 +44,7 @@ error "gperf generated tables don't work with this execution character set. Plea
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: keywords.txt 3928 2008-05-11 07:59:00Z andreas $
+ * RCSID $Id: keywords.txt 4276 2008-08-22 10:44:51Z martin $
*/
#include <string.h>
@@ -56,12 +56,12 @@ struct kw_entry {
kw_token_t token;
};
-#define TOTAL_KEYWORDS 100
+#define TOTAL_KEYWORDS 101
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 17
#define MIN_HASH_VALUE 6
-#define MAX_HASH_VALUE 263
-/* maximum key range = 258, duplicates = 0 */
+#define MAX_HASH_VALUE 248
+/* maximum key range = 243, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -75,34 +75,34 @@ hash (str, len)
register const char *str;
register unsigned int len;
{
- static const unsigned short asso_values[] =
+ static const unsigned char asso_values[] =
{
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 10,
- 0, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 15, 264, 0,
- 100, 5, 90, 85, 60, 0, 264, 60, 10, 55,
- 80, 75, 15, 264, 0, 50, 35, 5, 25, 264,
- 10, 75, 0, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264, 264, 264, 264, 264,
- 264, 264, 264, 264, 264, 264
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 25,
+ 10, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 110, 249, 0,
+ 100, 5, 75, 65, 90, 0, 249, 60, 10, 15,
+ 80, 60, 15, 249, 0, 50, 35, 15, 30, 249,
+ 0, 75, 0, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249, 249, 249, 249, 249,
+ 249, 249, 249, 249, 249, 249
};
return len + asso_values[(unsigned char)str[1]] + asso_values[(unsigned char)str[0]] + asso_values[(unsigned char)str[len - 1]];
}
@@ -111,40 +111,39 @@ static const struct kw_entry wordlist[] =
{
{""}, {""}, {""}, {""}, {""}, {""},
{"crluri", KW_CRLURI},
- {"crluri2", KW_CRLURI2},
- {""}, {""}, {""}, {""}, {""}, {""},
+ {""}, {""}, {""}, {""}, {""}, {""}, {""},
{"rekeyfuzz", KW_REKEYFUZZ},
{""}, {""},
- {"crluri1", KW_CRLURI},
+ {"crluri2", KW_CRLURI2},
{""}, {""}, {""},
{"certuribase", KW_CERTURIBASE},
- {"rightca", KW_RIGHTCA},
+ {""},
{"rightfirewall", KW_RIGHTFIREWALL},
{""},
{"rightnatip", KW_RIGHTNATIP},
{"crlcheckinterval", KW_CRLCHECKINTERVAL},
{"rightnexthop", KW_RIGHTNEXTHOP},
{"rightsourceip", KW_RIGHTSOURCEIP},
- {""}, {""}, {""}, {""}, {""}, {""}, {""},
- {"leftca", KW_LEFTCA},
+ {""}, {""}, {""},
+ {"crluri1", KW_CRLURI},
+ {""}, {""}, {""}, {""},
{"leftfirewall", KW_LEFTFIREWALL},
- {"eap", KW_EAP},
+ {""},
{"leftnatip", KW_LEFTNATIP},
{"right", KW_RIGHT},
{"leftnexthop", KW_LEFTNEXTHOP},
{"leftsourceip", KW_LEFTSOURCEIP},
{""},
{"rightcert", KW_RIGHTCERT},
- {"virtual_private", KW_VIRTUAL_PRIVATE},
+ {""},
{"rightsubnet", KW_RIGHTSUBNET},
{""},
{"rightsendcert", KW_RIGHTSENDCERT},
{"rightprotoport", KW_RIGHTPROTOPORT},
- {""}, {""}, {""}, {""},
+ {"virtual_private", KW_VIRTUAL_PRIVATE},
+ {""}, {""}, {""},
{"left", KW_LEFT},
- {""},
- {"cacert", KW_CACERT},
- {""},
+ {""}, {""}, {""},
{"leftcert", KW_LEFTCERT,},
{""},
{"leftsubnet", KW_LEFTSUBNET},
@@ -153,29 +152,30 @@ static const struct kw_entry wordlist[] =
{"leftprotoport", KW_LEFTPROTOPORT},
{""},
{"righthostaccess", KW_RIGHTHOSTACCESS},
- {""}, {""},
+ {""},
+ {"ocspuri", KW_OCSPURI},
{"ike", KW_IKE},
{""},
{"plutostart", KW_PLUTOSTART},
- {"reauth", KW_REAUTH},
- {""},
+ {""}, {""},
{"esp", KW_ESP},
- {"cachecrls", KW_CACHECRLS},
+ {""},
{"leftgroups", KW_LEFTGROUPS},
{"ikelifetime", KW_IKELIFETIME},
{"keylife", KW_KEYLIFE},
- {"packetdefault", KW_PACKETDEFAULT},
+ {"ocspuri2", KW_OCSPURI2},
{"lefthostaccess", KW_LEFTHOSTACCESS},
{"keep_alive", KW_KEEP_ALIVE},
{"keyexchange", KW_KEYEXCHANGE},
- {"ocspuri", KW_OCSPURI},
- {"ocspuri2", KW_OCSPURI2},
- {"auth", KW_AUTH},
+ {""},
+ {"prepluto", KW_PREPLUTO},
+ {""},
{"rekey", KW_REKEY},
- {""}, {""},
+ {"mobike", KW_MOBIKE},
+ {""},
{"rightallowany", KW_RIGHTALLOWANY},
{"rightrsasigkey", KW_RIGHTRSASIGKEY},
- {"xauth", KW_XAUTH},
+ {""},
{"rightupdown", KW_RIGHTUPDOWN},
{"pkcs11module", KW_PKCS11MODULE},
{"ocspuri1", KW_OCSPURI},
@@ -183,78 +183,90 @@ static const struct kw_entry wordlist[] =
{"pkcs11keepstate", KW_PKCS11KEEPSTATE},
{"rekeymargin", KW_REKEYMARGIN},
{"rightsubnetwithin", KW_RIGHTSUBNETWITHIN},
- {"prepluto", KW_PREPLUTO},
- {"auto", KW_AUTO},
+ {"fragicmp", KW_FRAGICMP},
{""},
- {"authby", KW_AUTHBY},
+ {"plutodebug", KW_PLUTODEBUG},
+ {"reauth", KW_REAUTH},
{"leftallowany", KW_LEFTALLOWANY},
{"leftrsasigkey", KW_LEFTRSASIGKEY},
- {"also", KW_ALSO},
+ {"plutostderrlog", KW_PLUTOSTDERRLOG},
{"leftupdown", KW_LEFTUPDOWN},
- {"charonstart", KW_CHARONSTART},
+ {"mediated_by", KW_MEDIATED_BY},
{"rightid", KW_RIGHTID},
- {""}, {""}, {""},
+ {""},
+ {"mediation", KW_MEDIATION},
+ {""},
{"leftsubnetwithin", KW_LEFTSUBNETWITHIN},
- {"dumpdir", KW_DUMPDIR},
- {"fragicmp", KW_FRAGICMP},
+ {""},
+ {"pfsgroup", KW_PFSGROUP},
{""}, {""},
{"overridemtu", KW_OVERRIDEMTU},
- {"hidetos", KW_HIDETOS},
- {"nat_traversal", KW_NAT_TRAVERSAL},
+ {"rightca", KW_RIGHTCA},
+ {"compress", KW_COMPRESS},
{"type", KW_TYPE},
- {"plutodebug", KW_PLUTODEBUG},
- {"leftid", KW_LEFTID},
{""},
+ {"leftid", KW_LEFTID},
+ {"dumpdir", KW_DUMPDIR},
{"ldapbase", KW_LDAPBASE},
- {"plutostderrlog", KW_PLUTOSTDERRLOG},
- {""},
+ {""}, {""},
{"keyingtries", KW_KEYINGTRIES},
+ {""}, {""},
+ {"me_peerid", KW_ME_PEERID},
{""},
- {"pfsgroup", KW_PFSGROUP},
- {""}, {""}, {""}, {""},
- {"compress", KW_COMPRESS},
- {""}, {""}, {""}, {""}, {""},
+ {"leftca", KW_LEFTCA},
+ {""},
+ {"eap", KW_EAP},
+ {""}, {""},
+ {"charonstart", KW_CHARONSTART},
+ {""}, {""},
{"pkcs11initargs", KW_PKCS11INITARGS},
{"interfaces", KW_INTERFACES},
- {"mobike", KW_MOBIKE},
{""}, {""},
- {"uniqueids", KW_UNIQUEIDS},
+ {"pfs", KW_PFS},
+ {"postpluto", KW_POSTPLUTO},
+ {"klipsdebug", KW_KLIPSDEBUG},
{""},
- {"mediated_by", KW_MEDIATED_BY},
- {""}, {""},
- {"mediation", KW_MEDIATION},
- {""}, {""}, {""},
- {"ldaphost", KW_LDAPHOST},
+ {"hidetos", KW_HIDETOS},
{""}, {""},
- {"charondebug", KW_CHARONDEBUG},
- {""},
- {"pfs", KW_PFS},
+ {"modeconfig", KW_MODECONFIG},
+ {"cacert", KW_CACERT},
{""},
+ {"ldaphost", KW_LDAPHOST},
+ {"uniqueids", KW_UNIQUEIDS},
+ {"force_keepalive", KW_FORCE_KEEPALIVE},
+ {""}, {""}, {""}, {""},
{"dpdtimeout", KW_DPDTIMEOUT},
{"pkcs11proxy", KW_PKCS11PROXY},
- {""}, {""}, {""},
- {"klipsdebug", KW_KLIPSDEBUG},
- {""}, {""}, {""},
- {"me_peerid", KW_ME_PEERID},
{""}, {""}, {""}, {""},
- {"postpluto", KW_POSTPLUTO},
- {"strictcrlpolicy", KW_STRICTCRLPOLICY},
- {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
- {"force_keepalive", KW_FORCE_KEEPALIVE},
- {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
+ {"charondebug", KW_CHARONDEBUG},
+ {""}, {""},
+ {"cachecrls", KW_CACHECRLS},
{""}, {""}, {""},
+ {"packetdefault", KW_PACKETDEFAULT},
+ {""},
+ {"strictcrlpolicy", KW_STRICTCRLPOLICY},
+ {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
+ {"also", KW_ALSO},
+ {""}, {""}, {""}, {""},
+ {"auto", KW_AUTO},
+ {""}, {""}, {""}, {""}, {""}, {""},
+ {"forceencaps", KW_FORCEENCAPS},
+ {""},
{"dpddelay", KW_DPDDELAY},
- {""}, {""}, {""}, {""}, {""},
+ {""}, {""}, {""},
+ {"eap_identity", KW_EAP_IDENTITY},
+ {""},
{"dpdaction", KW_DPDACTION},
- {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
- {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
- {""}, {""},
- {"modeconfig", KW_MODECONFIG},
- {"forceencaps", KW_FORCEENCAPS},
- {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
+ {"xauth", KW_XAUTH},
+ {"authby", KW_AUTHBY},
+ {""}, {""}, {""}, {""}, {""}, {""},
+ {"nat_traversal", KW_NAT_TRAVERSAL},
+ {""}, {""}, {""}, {""}, {""},
+ {"auth", KW_AUTH},
{""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
{""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
{""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
+ {""},
{"nocrsend", KW_NOCRSEND}
};
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 39b544267..1efa5dc2b 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: keywords.h 3928 2008-05-11 07:59:00Z andreas $
+ * RCSID $Id: keywords.h 4276 2008-08-22 10:44:51Z martin $
*/
#ifndef _KEYWORDS_H_
@@ -71,6 +71,7 @@ typedef enum {
KW_AUTH,
KW_AUTHBY,
KW_EAP,
+ KW_EAP_IDENTITY,
KW_MOBIKE,
KW_FORCEENCAPS,
KW_IKELIFETIME,
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index d0435d1c7..29bd404b5 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: keywords.txt 3928 2008-05-11 07:59:00Z andreas $
+ * RCSID $Id: keywords.txt 4276 2008-08-22 10:44:51Z martin $
*/
#include <string.h>
@@ -50,6 +50,7 @@ keep_alive, KW_KEEP_ALIVE
force_keepalive, KW_FORCE_KEEPALIVE
virtual_private, KW_VIRTUAL_PRIVATE
eap, KW_EAP
+eap_identity, KW_EAP_IDENTITY
mobike, KW_MOBIKE
forceencaps, KW_FORCEENCAPS
pkcs11module, KW_PKCS11MODULE
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 6ff0ac29c..61f21d88c 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: starter.c 3914 2008-05-08 10:58:04Z martin $
+ * RCSID $Id: starter.c 4140 2008-07-02 05:51:49Z andreas $
*/
#include <sys/types.h>
@@ -452,7 +452,7 @@ int main (int argc, char **argv)
);
new_cfg = confread_load(CONFIG_FILE);
- if (new_cfg->err + new_cfg->non_fatal_err == 0)
+ if (new_cfg && (new_cfg->err + new_cfg->non_fatal_err == 0))
{
/* Switch to new config. New conn will be loaded below */
if (!starter_cmp_defaultroute(&new_cfg->defaultroute
@@ -546,7 +546,10 @@ int main (int argc, char **argv)
else
{
plog("can't reload config file due to errors -- keeping old one");
- confread_free(new_cfg);
+ if (new_cfg)
+ {
+ confread_free(new_cfg);
+ }
}
_action_ &= ~FLAG_ACTION_UPDATE;
last_reload = time(NULL);
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index ffd5d28a6..4ee73128b 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: starterstroke.c 4100 2008-06-24 13:36:10Z martin $
+ * RCSID $Id: starterstroke.c 4276 2008-08-22 10:44:51Z martin $
*/
#include <sys/types.h>
@@ -227,6 +227,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
}
msg.add_conn.eap_type = conn->eap_type;
msg.add_conn.eap_vendor = conn->eap_vendor;
+ msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity);
if (conn->policy & POLICY_TUNNEL)
{