diff options
Diffstat (limited to 'src/stroke')
| -rw-r--r-- | src/stroke/Makefile.am | 3 | ||||
| -rw-r--r-- | src/stroke/Makefile.in | 40 | ||||
| -rw-r--r-- | src/stroke/stroke.c | 54 | ||||
| -rw-r--r-- | src/stroke/stroke_keywords.c | 5 | ||||
| -rw-r--r-- | src/stroke/stroke_msg.h (renamed from src/stroke/stroke.h) | 40 |
5 files changed, 65 insertions, 77 deletions
diff --git a/src/stroke/Makefile.am b/src/stroke/Makefile.am index 6ea64753c..aaedfc787 100644 --- a/src/stroke/Makefile.am +++ b/src/stroke/Makefile.am @@ -1,9 +1,10 @@ ipsec_PROGRAMS = stroke -stroke_SOURCES = stroke.c stroke.h stroke_keywords.c stroke_keywords.h +stroke_SOURCES = stroke.c stroke_msg.h stroke_keywords.c stroke_keywords.h INCLUDES = -I$(top_srcdir)/src/libstrongswan EXTRA_DIST = stroke_keywords.txt MAINTAINERCLEANFILES = stroke_keywords.c +AM_CFLAGS = -DIPSEC_PIDDIR=\"${piddir}\" stroke_keywords.c: stroke_keywords.txt stroke_keywords.h $(GPERF) -C -G -t < stroke_keywords.txt > stroke_keywords.c diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index ad3df98d5..4f3373d23 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -1,8 +1,8 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -83,6 +83,7 @@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ @@ -112,6 +113,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ @@ -142,7 +144,6 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ -backenddir = @backenddir@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -153,12 +154,11 @@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ -dbus_CFLAGS = @dbus_CFLAGS@ -dbus_LIBS = @dbus_LIBS@ docdir = @docdir@ dvidir = @dvidir@ -eapdir = @eapdir@ exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -168,12 +168,12 @@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -interfacedir = @interfacedir@ ipsecdir = @ipsecdir@ -ipsecgid = @ipsecgid@ -ipsecuid = @ipsecuid@ +ipsecgroup = @ipsecgroup@ +ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ linuxdir = @linuxdir@ localedir = @localedir@ localstatedir = @localstatedir@ @@ -186,20 +186,23 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +resolv_conf = @resolv_conf@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ simreader = @simreader@ srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -stroke_SOURCES = stroke.c stroke.h stroke_keywords.c stroke_keywords.h +stroke_SOURCES = stroke.c stroke_msg.h stroke_keywords.c stroke_keywords.h INCLUDES = -I$(top_srcdir)/src/libstrongswan EXTRA_DIST = stroke_keywords.txt MAINTAINERCLEANFILES = stroke_keywords.c +AM_CFLAGS = -DIPSEC_PIDDIR=\"${piddir}\" all: all-am .SUFFIXES: @@ -242,8 +245,8 @@ install-ipsecPROGRAMS: $(ipsec_PROGRAMS) || test -f $$p1 \ ; then \ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ else :; fi; \ done @@ -306,8 +309,8 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS @@ -319,8 +322,8 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ @@ -330,13 +333,12 @@ ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c index af06c8890..55f98f751 100644 --- a/src/stroke/stroke.c +++ b/src/stroke/stroke.c @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: stroke.c 3271 2007-10-08 20:12:25Z andreas $ + * RCSID $Id: stroke.c 3875 2008-04-25 12:41:37Z martin $ */ #include <stdlib.h> @@ -28,7 +28,7 @@ #include <stdio.h> #include <stddef.h> -#include "stroke.h" +#include "stroke_msg.h" #include "stroke_keywords.h" struct stroke_token { @@ -100,66 +100,30 @@ static int send_stroke_msg (stroke_msg_t *msg) static int add_connection(char *name, char *my_id, char *other_id, char *my_addr, char *other_addr, - char *my_net, char *other_net, - u_int my_netmask, u_int other_netmask) + char *my_nets, char *other_nets) { stroke_msg_t msg; + memset(&msg, 0, sizeof(msg)); msg.length = offsetof(stroke_msg_t, buffer); msg.type = STR_ADD_CONN; msg.add_conn.name = push_string(&msg, name); msg.add_conn.ikev2 = 1; msg.add_conn.auth_method = 2; - msg.add_conn.eap_type = 0; msg.add_conn.mode = 1; msg.add_conn.mobike = 1; - msg.add_conn.force_encap = 0; - - msg.add_conn.rekey.reauth = 0; - msg.add_conn.rekey.ipsec_lifetime = 0; - msg.add_conn.rekey.ike_lifetime = 0; - msg.add_conn.rekey.margin = 0; - msg.add_conn.rekey.tries = 0; - msg.add_conn.rekey.fuzz = 0; - - msg.add_conn.algorithms.ike = NULL; - msg.add_conn.algorithms.esp = NULL; - - msg.add_conn.dpd.delay = 0; msg.add_conn.dpd.action = 1; - msg.add_conn.p2p.mediation = 0; - msg.add_conn.p2p.mediated_by = NULL; - msg.add_conn.p2p.peerid = NULL; - msg.add_conn.me.id = push_string(&msg, my_id); msg.add_conn.me.address = push_string(&msg, my_addr); - msg.add_conn.me.subnet = push_string(&msg, my_net); - msg.add_conn.me.subnet_mask = my_netmask; - msg.add_conn.me.sourceip = NULL; - msg.add_conn.me.virtual_ip = 0; - msg.add_conn.me.cert = NULL; - msg.add_conn.me.ca = NULL; + msg.add_conn.me.subnets = push_string(&msg, my_nets); msg.add_conn.me.sendcert = 1; - msg.add_conn.me.hostaccess = 0; - msg.add_conn.me.tohost = 0; - msg.add_conn.me.protocol = 0; - msg.add_conn.me.port = 0; msg.add_conn.other.id = push_string(&msg, other_id); msg.add_conn.other.address = push_string(&msg, other_addr); - msg.add_conn.other.subnet = push_string(&msg, other_net); - msg.add_conn.other.subnet_mask = other_netmask; - msg.add_conn.other.sourceip = NULL; - msg.add_conn.other.virtual_ip = 0; - msg.add_conn.other.cert = NULL; - msg.add_conn.other.ca = NULL; + msg.add_conn.other.subnets = push_string(&msg, other_nets); msg.add_conn.other.sendcert = 1; - msg.add_conn.other.hostaccess = 0; - msg.add_conn.other.tohost = 0; - msg.add_conn.other.protocol = 0; - msg.add_conn.other.port = 0; return send_stroke_msg(&msg); } @@ -310,8 +274,7 @@ static void exit_usage(char *error) printf(" MY_NET OTHER_NET MY_NETBITS OTHER_NETBITS\n"); printf(" where: ID is any IKEv2 ID \n"); printf(" ADDR is a IPv4 address\n"); - printf(" NET is a IPv4 address of the subnet to tunnel\n"); - printf(" NETBITS is the size of the subnet, as the \"24\" in 192.168.0.0/24\n"); + printf(" NET is a IPv4 subnet in CIDR notation\n"); printf(" Delete a connection:\n"); printf(" stroke delete NAME\n"); printf(" where: NAME is a connection name added with \"stroke add\"\n"); @@ -367,8 +330,7 @@ int main(int argc, char *argv[]) res = add_connection(argv[2], argv[3], argv[4], argv[5], argv[6], - argv[7], argv[8], - atoi(argv[9]), atoi(argv[10])); + argv[7], argv[8]); break; case STROKE_DELETE: case STROKE_DEL: diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c index 5143cba2e..ad37732fa 100644 --- a/src/stroke/stroke_keywords.c +++ b/src/stroke/stroke_keywords.c @@ -1,4 +1,4 @@ -/* C code produced by gperf version 3.0.1 */ +/* C code produced by gperf version 3.0.3 */ /* Command-line: /usr/bin/gperf -C -G -t */ /* Computed positions: -k'1,5,7' */ @@ -169,6 +169,9 @@ static const struct stroke_token wordlist[] = #ifdef __GNUC__ __inline +#ifdef __GNUC_STDC_INLINE__ +__attribute__ ((__gnu_inline__)) +#endif #endif const struct stroke_token * in_word_set (str, len) diff --git a/src/stroke/stroke.h b/src/stroke/stroke_msg.h index ca4e397e4..6aa5d8a49 100644 --- a/src/stroke/stroke.h +++ b/src/stroke/stroke_msg.h @@ -1,5 +1,5 @@ /** - * @file stroke.h + * @file stroke_msg.h * * @brief Definition of stroke_msg_t. * @@ -19,18 +19,18 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: stroke.h 3394 2007-12-13 17:31:21Z martin $ + * RCSID $Id: stroke_msg.h 3920 2008-05-08 16:19:11Z tobias $ */ -#ifndef STROKE_H_ -#define STROKE_H_ +#ifndef STROKE_MSG_H_ +#define STROKE_MSG_H_ #include <sys/types.h> /** * Socket which is used to communicate between charon and stroke */ -#define STROKE_SOCKET "/var/run/charon.ctl" +#define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl" #define STROKE_BUF_LEN 2048 @@ -103,6 +103,16 @@ enum purge_flag_t { PURGE_OCSP = 0x0001, }; +/** + * CRL certificate validation policy + */ +typedef enum { + CRL_STRICT_NO, + CRL_STRICT_YES, + CRL_STRICT_IFURI, +} crl_policy_t; + + typedef struct stroke_end_t stroke_end_t; /** @@ -116,9 +126,8 @@ struct stroke_end_t { char *updown; char *address; char *sourceip; - u_int8_t virtual_ip; - char *subnet; - int subnet_mask; + int sourceip_size; + char *subnets; int sendcert; int hostaccess; int tohost; @@ -159,6 +168,8 @@ struct stroke_msg_t { STR_DEL_CA, /* set a log type to log/not log */ STR_LOGLEVEL, + /* configure global options for stroke */ + STR_CONFIG, /* list various objects */ STR_LIST, /* reread various objects */ @@ -187,6 +198,9 @@ struct stroke_msg_t { int mode; int mobike; int force_encap; + int ipcomp; + crl_policy_t crl_policy; + int unique; struct { char *ike; char *esp; @@ -207,7 +221,7 @@ struct stroke_msg_t { int mediation; char *mediated_by; char *peerid; - } p2p; + } ikeme; stroke_end_t me, other; } add_conn; @@ -219,6 +233,7 @@ struct stroke_msg_t { char *crluri2; char *ocspuri; char *ocspuri2; + char *certuribase; } add_ca; /* data for STR_LOGLEVEL */ @@ -226,6 +241,11 @@ struct stroke_msg_t { char *type; int level; } loglevel; + + /* data for STR_CONFIG */ + struct { + int cachecrl; + } config; /* data for STR_LIST */ struct { @@ -246,4 +266,4 @@ struct stroke_msg_t { char buffer[STROKE_BUF_LEN]; }; -#endif /* STROKE_H_ */ +#endif /* STROKE_MSG_H_ */ |